Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra. # Exemple de requêtes de CloudTrail données de Security Lake AWS CloudTrail suit l'activité des utilisateurs et l'utilisation de l'API dans Services AWS. Les abonnés peuvent interroger CloudTrail des données pour connaître les types d'informations suivants : Voici quelques exemples de requêtes de CloudTrail données pour la version AWS source 1 : **Tentatives non autorisées Services AWS au cours des 7 derniers jours** ``` SELECT time, api.service.name, api.operation, api.response.error, api.response.message, unmapped['responseElements'], cloud.region, actor.user.uuid, src_endpoint.ip, http_request.user_agent FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_cloud_trail_mgmt_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND api.response.error in ( 'Client.UnauthorizedOperation', 'Client.InvalidPermission.NotFound', 'Client.OperationNotPermitted', 'AccessDenied') ORDER BY time desc LIMIT 25 ``` **Liste de toutes les CloudTrail activités depuis l'adresse IP source `192.0.2.1` au cours des 7 derniers jours** ``` SELECT api.request.uid, time, api.service.name, api.operation, cloud.region, actor.user.uuid, src_endpoint.ip, http_request.user_agent FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_cloud_trail_mgmt_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND src_endpoint.ip = '127.0.0.1.' ORDER BY time desc LIMIT 25 ``` **Liste de toutes les activités de l'IAM au cours des 7 derniers jours** ``` SELECT * FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_cloud_trail_mgmt_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND api.service.name = 'iam.amazonaws.com' ORDER BY time desc LIMIT 25 ``` **Instances où l'identifiant a `AIDACKCEVSQ6C2EXAMPLE` été utilisé au cours des 7 derniers jours** ``` SELECT actor.user.uid, actor.user.uuid, actor.user.account_uid, cloud.region FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_cloud_trail_mgmt_1_0 WHERE eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) AND actor.user.credential_uid = 'AIDACKCEVSQ6C2EXAMPLE' LIMIT 25 ``` **Liste des CloudTrail enregistrements ayant échoué au cours des 7 derniers jours** ``` SELECT actor.user.uid, actor.user.uuid, actor.user.account_uid, cloud.region FROM amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_cloud_trail_mgmt_1_0 WHERE status='failed' and eventDay BETWEEN cast(date_format(current_timestamp - INTERVAL '7' day, '%Y%m%d%H') as varchar) and cast(date_format(current_timestamp - INTERVAL '0' day, '%Y%m%d%H') as varchar) ORDER BY time DESC LIMIT 25 ```