本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
跟踪是一种配置,允许将事件作为日志文件传输到您指定的 Amazon S3 存储桶。 CloudTrail 日志文件包含一个或多个日志条目。事件代表来自任何来源的单个请求,包括有关请求的操作、操作的日期和时间、请求参数等的信息。 CloudTrail 日志文件不是公共 API 调用的有序堆栈跟踪,因此它们不会按任何特定的顺序出现。
以下示例显示了演示数据平面事件的 CloudTrail 日志条目。
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "111122223333:aws:ec2-instance:i-123412341234example", "arn": "arn:aws:sts::111122223333:assumed-role/aws:ec2-instance/i-123412341234example", "accountId": "111122223333", "accessKeyId": "AKIAI44QH8DHBEXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "111122223333:aws:ec2-instance", "arn": "arn:aws:iam::111122223333:role/aws:ec2-instance", "accountId": "111122223333", "userName": "aws:ec2-instance" }, "attributes": { "creationDate": "2023-03-05T04:00:21Z", "mfaAuthenticated": "false" }, "ec2RoleDelivery": "2.0" } }, "eventTime": "2023-03-05T06:03:49Z", "eventSource": "guardduty.amazonaws.com", "eventName": "SendSecurityTelemetry", "awsRegion": "us-east-1", "sourceIPAddress": "54.240.230.177", "userAgent": "aws-sdk-rust/0.54.1 os/linux lang/rust/1.66.0", "requestParameters": null, "responseElements": null, "requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb", "readOnly": false, "resources": [{ "accountId": "111122223333", "type": "AWS::GuardDuty::Detector", "ARN": "arn:aws:guardduty:us-west-2:111122223333:detector/12abc34d567e8fa901bc2d34e56789f0" }], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "111122223333", "eventCategory": "Data", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "guardduty-data.us-east-1.amazonaws.com" } }
以下示例显示了演示CreateIPThreatIntelSet操作(控制平面事件)的 CloudTrail 日志条目。
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "AIDACKCEVSQ6C2EXAMPLE", "arn": "arn:aws:iam::444455556666:user/Alice", "accountId": "444455556666", "accessKeyId": "AKIAI44QH8DHBEXAMPLE", "sessionContext": { "attributes": { "mfaAuthenticated": "false", "creationDate": "2018-06-14T22:54:20Z" }, "sessionIssuer": { "type": "Role", "principalId": "AIDACKCEVSQ6C2EXAMPLE", "arn": "arn:aws:iam::444455556666:user/Alice", "accountId": "444455556666", "userName": "Alice" } } }, "eventTime": "2018-06-14T22:57:56Z", "eventSource": "guardduty.amazonaws.com", "eventName": "CreateThreatIntelSet", "awsRegion": "us-west-2", "sourceIPAddress": "54.240.230.177", "userAgent": "console.amazonaws.com", "requestParameters": { "detectorId": "12abc34d567e8fa901bc2d34e56789f0", "name": "Example", "format": "TXT", "activate": false, "location": "https://s3.amazonaws.com/bucket.name/file.txt" }, "responseElements": { "threatIntelSetId": "1ab200428351c99d859bf61992460d24" }, "requestID": "5f6bf981-7026-11e8-a9fc-5b37d2684c5c", "eventID": "81337b11-e5c8-4f91-b141-deb405625bc9", "readOnly": false, "eventType": "AwsApiCall", "recipientAccountId": "444455556666" }
通过此事件信息,您可以确定已发出请求,以便在 GuardDuty 中创建威胁列表 Example。您还可以看到,该请求是由名为 Alice 的用户在 2018 年 6 月 14 日发出的。
