This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::Logs::Transformer ParseToOCSF
This processor converts logs into Open Cybersecurity Schema
Framework (OCSF)
For more information about this processor including examples, see parseToOSCF in the CloudWatch Logs User Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "EventSource" :String, "OcsfVersion" :String, "Source" :String}
YAML
EventSource:StringOcsfVersion:StringSource:String
Properties
EventSource-
Specify the service or process that produces the log events that will be converted with this processor.
Required: Yes
Type: String
Allowed values:
CloudTrail | Route53Resolver | VPCFlow | EKSAudit | AWSWAFUpdate requires: No interruption
OcsfVersion-
Specify which version of the OCSF schema to use for the transformed log events.
Required: Yes
Type: String
Allowed values:
V1.1Update requires: No interruption
Source-
The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.
Required: No
Type: String
Pattern:
^.*[a-zA-Z0-9]+.*$Update requires: No interruption
