Amazon AWS Route 53 sample event messages
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Amazon AWS Route 53 sample message when you use the Amazon S3 REST API protocol
The following Amazon AWS Route 53 sample event message shows a response to a DNS query.
{"version":"1.100000","account_id":"769160150729","region":"us-east-1","vpc_id":"vpc-d2153caa","query_timestamp":"2021-08-02T06:53:37Z","query_name":"logs.us-east-1.example.com.","query_type":"A","query_class":"IN","rcode":"NOERROR","answers":[{"Rdata":"10.46.155.107","Type":"A","Class":"IN"},{"Rdata":"10.236.94.151","Type":"A","Class":"IN"},{"Rdata":"10.236.94.222","Type":"A","Class":"IN"},{"Rdata":"10.94.231.73","Type":"A","Class":"IN"},{"Rdata":"10.236.94.196","Type":"A","Class":"IN"},{"Rdata":"10.94.233.20","Type":"A","Class":"IN"},{"Rdata":"10.236.94.154","Type":"A","Class":"IN"},{"Rdata":"10.236.94.179","Type":"A","Class":"IN"}],"srcaddr":"172.31.82.134","srcport":"35535","transport":"UDP","srcids":{"instance":"i-0b87871261ae87217"}}
QRadar field name | Highlighted payload field name |
---|---|
Event ID | query_type + rcode |
Category | The Category value is always AWSRoute53 for Amazon AWS Route 53 logs. |
Time | query_timestamp |
Source IP | srcaddr |
Source Port | srcport |
Amazon AWS Route 53 sample message when you use the Amazon Web Services protocol
The following Amazon AWS Route 53 sample event message shows a response to a DNS query.
1.0 2017-12-13T08:16:03.983Z Z123412341234 example.com ANY NOERROR UDP FRA6 2001:db8::1234 2001:db8:abcd::/48
QRadar field name | Highlighted payload field name |
---|---|
Event ID | ANY NOERROR |
Category | The Category value is always AWSRoute53 for Amazon AWS Route 53 logs. |
Time | 2017-12-13T08:16:03.983Z |
Source IP | 2001:db8::1234 |