-
Notifications
You must be signed in to change notification settings - Fork 390
/
Copy pathaws_cloudfront.yml
106 lines (106 loc) · 2.11 KB
/
aws_cloudfront.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
name: AWS Cloudfront
id: 780086dc-2384-45b6-ade7-56cb00105464
version: 2
date: '2025-01-23'
author: Patrick Bareiss, Splunk
description: Logs requests made to AWS CloudFront distributions, including details
on client access, response data, and performance metrics.
mitre_components:
- Network Traffic Content
- Network Traffic Flow
- Response Metadata
- Response Content
- Logon Session Metadata
- Cloud Service Metadata
source: aws
sourcetype: aws:cloudfront:accesslogs
supported_TA:
- name: Splunk Add-on for AWS
url: https://splunkbase.splunk.com/app/1876
version: 7.9.1
fields:
- _time
- action
- app
- bytes
- bytes_in
- bytes_out
- c_ip
- c_port
- cached
- category
- client_ip
- cs_bytes
- cs_cookie
- cs_host
- cs_method
- cs_protocol
- cs_protocol_version
- cs_referer
- cs_uri_query
- cs_uri_stem
- cs_user_agent
- date
- date_hour
- date_mday
- date_minute
- date_month
- date_second
- date_wday
- date_year
- date_zone
- dest
- duration
- edge_location_name
- eventtype
- fle_encrypted_fields
- fle_status
- host
- http_content_type
- http_method
- http_user_agent
- http_user_agent_length
- index
- linecount
- punct
- response_time
- sc_bytes
- sc_content_len
- sc_content_type
- sc_range_end
- sc_range_start
- sc_status
- source
- sourcetype
- splunk_server
- src
- src_ip
- src_port
- ssl_cipher
- ssl_protocol
- status
- tag
- tag::eventtype
- time
- time_taken
- time_to_first_byte
- timeendpos
- timestartpos
- uri_path
- url
- url_domain
- url_length
- vendor_product
- x_edge_detail_result_type
- x_edge_location
- x_edge_request_id
- x_edge_response_result_type
- x_edge_result_type
- x_forwarded_for
- x_host_header
example_log: "2023-11-07\t16:58:21\tIAD55-P5\t921\t44.192.78.55\tGET\td3u5aue66f5ui4.cloudfront.net\t\
/plugins/servlet/com.jsos.shell/ShellServlet\t200\t-\tSlackbot-LinkExpanding%201.0%20(+https://api.slack.com/robots)\t\
-\t-\tLambdaGeneratedResponse\tsGwvFCkFU4qlMxatCoJRgW87P7Ee8bKQor3U6lRt6I6jaFvLC7vcPA==\t\
confluence.catjamfest.com\thttps\t232\t0.276\t-\tTLSv1.3\tTLS_AES_128_GCM_SHA256\t\
LambdaGeneratedResponse\tHTTP/1.1\t-\t-\t57232\t0.276\tLambdaGeneratedResponse\t\
text/html\t527\t-\t-"