Skip to content

Commit 5c8c025

Browse files
ZaulaoZaulao
committed
feat(cloudtrail): add AWS SSM related request data to extracted fields
Signed-off-by: Zaulao <29334377+Zaulao@users.noreply.github.com>
1 parent 3231b92 commit 5c8c025

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

plugins/cloudtrail/README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,9 @@ Here is the current set of supported fields:
4444
| `ct.request.host` | `string` | None | the host included in the request |
4545
| `ct.request.name` | `string` | None | the name of the entity being acted on in the request. |
4646
| `ct.request.policy` | `string` | None | the policy included in the request |
47+
| `ct.request.reason` | `string` | None | the reason included in the request. |
48+
| `ct.request.target` | `string` | None | the target included in the request. |
49+
| `ct.request.documentName` | `string` | None | the documentName included in the request. |
4750
| `ct.request.serialnumber` | `string` | None | the serial number provided in the request. |
4851
| `ct.request.servicename` | `string` | None | the service name provided in the request. |
4952
| `ct.request.subnetid` | `string` | None | the subnet ID provided in the request. |

plugins/cloudtrail/pkg/cloudtrail/extract.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,9 @@ var supportedFields = []sdk.FieldEntry{
5454
{Type: "string", Name: "ct.request.host", Display: "Request Host Name", Desc: "the host included in the request"},
5555
{Type: "string", Name: "ct.request.name", Display: "Host Name", Desc: "the name of the entity being acted on in the request."},
5656
{Type: "string", Name: "ct.request.policy", Display: "Host Policy", Desc: "the policy included in the request"},
57+
{Type: "string", Name: "ct.request.reason", Display: "Request Reason", Desc: "the reason included in the request."},
58+
{Type: "string", Name: "ct.request.target", Display: "Request Target", Desc: "the target included in the request."},
59+
{Type: "string", Name: "ct.request.documentName", Display: "Request Document Name", Desc: "the document included in the request."},
5760
{Type: "string", Name: "ct.request.serialnumber", Display: "Request Serial Number", Desc: "the serial number provided in the request."},
5861
{Type: "string", Name: "ct.request.servicename", Display: "Request Service", Desc: "the service name provided in the request."},
5962
{Type: "string", Name: "ct.request.subnetid", Display: "Request Subnet ID", Desc: "the subnet ID provided in the request."},
@@ -302,6 +305,12 @@ func getfieldStr(jdata *fastjson.Value, field string) (bool, string, int, int) {
302305
fsval = jdata.Get("requestParameters", "name")
303306
case "ct.request.policy":
304307
fsval = jdata.Get("requestParameters", "policy")
308+
case "ct.request.reason":
309+
fsval = jdata.Get("requestParameters", "reason")
310+
case "ct.request.target":
311+
fsval = jdata.Get("requestParameters", "target")
312+
case "ct.request.documentName":
313+
fsval = jdata.Get("requestParameters", "documentName")
305314
case "ct.request.serialnumber":
306315
fsval = jdata.Get("requestParameters", "serialNumber")
307316
case "ct.request.servicename":

0 commit comments

Comments
 (0)