ParseToOCSF
This processor converts logs into Open Cybersecurity Schema Framework (OCSF)
For more information about this processor including examples, see parseToOSCF in the CloudWatch Logs User Guide.
Contents
- eventSource
-
Specify the service or process that produces the log events that will be converted with this processor.
Type: String
Valid Values:
CloudTrail | Route53Resolver | VPCFlow | EKSAudit | AWSWAFRequired: Yes
- ocsfVersion
-
Specify which version of the OCSF schema to use for the transformed log events.
Type: String
Valid Values:
V1.1Required: Yes
- source
-
The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
