ParseToOCSF
This processor converts logs into Open Cybersecurity Schema
Framework (OCSF)
For more information about this processor including examples, see parseToOCSF in the CloudWatch Logs User Guide.
Contents
- eventSource
-
Specify the service or process that produces the log events that will be converted with this processor.
Type: String
Valid Values:
CloudTrail | Route53Resolver | VPCFlow | EKSAudit | AWSWAFRequired: Yes
- ocsfVersion
-
Specify which version of the OCSF schema to use for the transformed log events.
Type: String
Valid Values:
V1.1 | V1.5Required: Yes
- mappingVersion
-
Identifies the specific release of the Open Cybersecurity Schema Framework (OCSF) transformer being used to parse OCSF data. Defaults to the latest version if not specified. Does not automatically update.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 10.
Pattern:
^\d+\.\d+(\.\d+)?$Required: No
- source
-
The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
