Package aws/cloudtrail Release Notes

Package aws/cloudtrail Release Notes Version 1.1.5

  • Added fallback to userIdentity.userName for user.name field

  • Updated ECS version to 8.17.0

Package aws/cloudtrail Release Notes Version 1.1.4

  • Added support for Role type in user identity mapping

  • Added fallback to additionalEventData.UserName for user.name field

  • Added ECS field mapping for TLS fields

Package aws/cloudtrail Release Notes Version 1.1.3

  • Expands support for more eventNames (adding category and type)

Package aws/cloudtrail Release Notes Version 1.1.2

  • Utilizes array:append() function for array declarations.

Package aws/cloudtrail Release Notes Version 1.1.1

  • Improves the field extraction and performance.

  • Fixes misspelling of event.ype to event.type.

  • Bumps ecs.version to 8.16.0.

Package aws/cloudtrail Release Notes Version 1.1.0

  • Improves the field extraction and performance.

  • Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

  • Parses a timestamp based on the digestStartTime in case there is no eventTime field.

  • Adds new fields: event.dataset, event.reason, file.name, user.roles, source.ip, host.name and more.

  • Changes a user.name field values to lowercase.

  • Sets event.dataset and observer.type based on the event action.

  • Stops using the csv file to set the event categorization fields.

  • Renames the parser to aws-cloudtrail

Package aws/cloudtrail Release Notes Version 1.0.1

  • Improves the field extraction and performance.

  • Bumps parser version to 1.0.1

Package aws/cloudtrail Release Notes Version 1.0.0

  • This version of the package supersedes both the amazon/cloudtrail package as well as previous version of this package.

    • If you are migrating here from the amazon/cloudtrail package, the following changes apply: