Amazon AWS Route 53 sample event messages

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Amazon AWS Route 53 sample message when you use the Amazon S3 REST API protocol

The following Amazon AWS Route 53 sample event message shows a response to a DNS query.

{"version":"1.100000","account_id":"769160150729","region":"us-east-1","vpc_id":"vpc-d2153caa","query_timestamp":"2021-08-02T06:53:37Z","query_name":"logs.us-east-1.example.com.","query_type":"A","query_class":"IN","rcode":"NOERROR","answers":[{"Rdata":"10.46.155.107","Type":"A","Class":"IN"},{"Rdata":"10.236.94.151","Type":"A","Class":"IN"},{"Rdata":"10.236.94.222","Type":"A","Class":"IN"},{"Rdata":"10.94.231.73","Type":"A","Class":"IN"},{"Rdata":"10.236.94.196","Type":"A","Class":"IN"},{"Rdata":"10.94.233.20","Type":"A","Class":"IN"},{"Rdata":"10.236.94.154","Type":"A","Class":"IN"},{"Rdata":"10.236.94.179","Type":"A","Class":"IN"}],"srcaddr":"172.31.82.134","srcport":"35535","transport":"UDP","srcids":{"instance":"i-0b87871261ae87217"}}
Table 1. Highlighted fields in the Amazon AWS Route 53 event
QRadar field name Highlighted payload field name
Event ID query_type + rcode
Category The Category value is always AWSRoute53 for Amazon AWS Route 53 logs.
Time query_timestamp
Source IP srcaddr
Source Port srcport

Amazon AWS Route 53 sample message when you use the Amazon Web Services protocol

The following Amazon AWS Route 53 sample event message shows a response to a DNS query.

1.0 2017-12-13T08:16:03.983Z Z123412341234 example.com ANY NOERROR UDP FRA6 2001:db8::1234 2001:db8:abcd::/48
Table 2. Highlighted fields in the Amazon AWS Route 53 sample event
QRadar field name Highlighted payload field name
Event ID ANY NOERROR
Category The Category value is always AWSRoute53 for Amazon AWS Route 53 logs.
Time 2017-12-13T08:16:03.983Z
Source IP 2001:db8::1234