Amazon S3

The s3 log type tracks network requests for access to Amazon S3 buckets.

The following code snippet contains all the raw_field and ecs mappings for this log type:

  "mappings": [
    {
      "raw_field":"eventName",
      "ecs":"aws.cloudtrail.event_name"
    },
    {
      "raw_field":"eventSource",
      "ecs":"aws.cloudtrail.event_source"
    },
    {
      "raw_field":"eventTime",
      "ecs":"timestamp"
    }
  ]