Package aws/cloudtrail Release Notes

Package aws/cloudtrail Release Notes Version 2.1.0

  • Updated parser version to 4.0.0

  • Enhanced event categorization and typing for various AWS actions

  • Changed observer.type from "iam" to "identity" for IAM-related events

  • Updated AssumeRole and AssumeRoleWithSAML event categorization from authentication to iam

  • Modified ConsoleLogin event dataset from "cloudtrail.iam" to "cloudtrail.auth"

  • Added UserAuthentication event handling with authentication category

  • Improved event type mappings by removing "info" type from several actions

  • Enhanced StartInstances and RunInstances categorization from configuration to host

  • Added GenerateDataKey event handling with configuration category and creation type

  • Updated wildcard matching to be more specific and removed default fallback categorization

Package aws/cloudtrail Release Notes Version 2.0.2

  • Added support for IdentityCenterUser identity type

  • Improved handling of identity center user identities

Package aws/cloudtrail Release Notes Version 2.0.1

  • Updated parser to handle EventBridge events by removing "detail" prefix

  • Fixed JSON parsing to properly handle nested fields

Package aws/cloudtrail Release Notes Version 1.1.7

  • Updated parser version to 3.0.0

  • Updated ECS version to 9.0.0

  • Fixed file.hash.sha256 field to use previousDigestHashValue instead of previousDigestSignature

Package aws/cloudtrail Release Notes Version 1.1.6

  • Updated parser version to 2.0.6

  • Updated CPS version to 1.0.0

  • Fixed TLS field handling by removing rename function and adding drop operations

Package aws/cloudtrail Release Notes Version 1.1.5

  • Added fallback to userIdentity.userName for user.name field

  • Updated ECS version to 8.17.0

Package aws/cloudtrail Release Notes Version 1.1.4

  • Added support for Role type in user identity mapping

  • Added fallback to additionalEventData.UserName for user.name field

  • Added ECS field mapping for TLS fields

Package aws/cloudtrail Release Notes Version 1.1.3

  • Expands support for more eventNames (adding category and type)

Package aws/cloudtrail Release Notes Version 1.1.2

  • Utilizes array:append() function for array declarations.

Package aws/cloudtrail Release Notes Version 1.1.1

  • Improves the field extraction and performance.

  • Fixes misspelling of event.ype to event.type .

  • Bumps ecs.version to 8.16.0.

Package aws/cloudtrail Release Notes Version 1.1.0

  • Improves the field extraction and performance.

  • Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

  • Parses a timestamp based on the digestStartTime in case there is no eventTime field.

  • Adds new fields: event.dataset , event.reason , file.name , user.roles , source.ip , host.name and more.

  • Changes a user.name field values to lowercase.

  • Sets event.dataset and observer.type based on the event action.

  • Stops using the csv file to set the event categorization fields.

  • Renames the parser to aws-cloudtrail

Package aws/cloudtrail Release Notes Version 1.0.1

  • Improves the field extraction and performance.

  • Bumps parser version to 1.0.1

Package aws/cloudtrail Release Notes Version 1.0.0

  • This version of the package supersedes both the amazon/cloudtrail package as well as previous version of this package.

    • If you are migrating here from the amazon/cloudtrail package, the following changes apply: