data_sources/aws_cloudtrail_jobcreated.yml

name: AWS CloudTrail JobCreated
id: 6473289b-d097-4c86-a837-3cc5ae408155
version: 1
date: '2024-07-18'
author: Patrick Bareiss, Splunk
description: Data source object for AWS CloudTrail JobCreated
source: aws_cloudtrail
sourcetype: aws:cloudtrail
separator: eventName
supported_TA:
- name: Splunk Add-on for AWS
  url: https://splunkbase.splunk.com/app/1876
  version: 7.7.1
fields:
- _time
- app
- awsRegion
- aws_account_id
- command
- date_hour
- date_mday
- date_minute
- date_month
- date_second
- date_wday
- date_year
- date_zone
- desc
- dest
- dvc
- errorCode
- eventCategory
- eventID
- eventName
- eventSource
- eventTime
- eventType
- eventVersion
- host
- index
- linecount
- managementEvent
- msg
- object_category
- product
- punct
- readOnly
- recipientAccountId
- region
- requestParameters
- responseElements
- serviceEventDetails.jobArn
- serviceEventDetails.jobEventId
- serviceEventDetails.jobId
- serviceEventDetails.status
- signature
- source
- sourceIPAddress
- sourcetype
- splunk_server
- src
- src_ip
- start_time
- timeendpos
- timestartpos
- userAgent
- userIdentity.accountId
- userIdentity.invokedBy
- user_agent
- user_group_id
- vendor
- vendor_account
- vendor_product
- vendor_region
example_log: '{"eventVersion": "1.08", "userIdentity": {"accountId": "111111111111",
  "invokedBy": "s3.amazonaws.com"}, "eventTime": "2023-04-24T23:51:17Z", "eventSource":
  "s3.amazonaws.com", "eventName": "JobCreated", "awsRegion": "us-west-2", "sourceIPAddress":
  "s3.amazonaws.com", "userAgent": "s3.amazonaws.com", "requestParameters": null,
  "responseElements": null, "eventID": "894153ad-ed86-4719-bb66-6c52ef7dc767", "readOnly":
  false, "eventType": "AwsServiceEvent", "managementEvent": true, "recipientAccountId":
  "111111111111", "serviceEventDetails": {"jobId": "bb54efd8-937d-4f0c-967d-aa8443998dac",
  "jobArn": "arn:aws:s3:us-west-2:111111111111:job/bb54efd8-937d-4f0c-967d-aa8443998dac",
  "status": "New", "jobEventId": "4e70d2f1053c07a79d9be9a14e486020", "failureCodes":
  [], "statusChangeReason": []}, "eventCategory": "Management"}'