Amazon AWS CloudTrail sample event messages

{"eventVersion":"1.05","userIdentity":{"type":"Root","principalId":"555555555555","arn":"arn:aws:iam::555555555555:root","accountId":"555555555555","accessKeyId":"AAAAAA1AAAAA1A1AAA11","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2019-06-11T16:43:07Z"}},"invokedBy":"signin.qradar.example.test"},"eventTime":"2019-06-11T16:54:03Z","eventSource":"iam.qradar.example.test","eventName":"AttachUserPolicy","awsRegion":"us-east-1","sourceIPAddress":"172.16.89.242","userAgent":"signin.qradar.example.test","requestParameters":{"userName":"sampleuser","policyArn":"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess"},"responseElements":null,"requestID":"849df62f-8c69-11e9-bb3c-abc750f0b415","eventID":"bdcc7610-7f82-4cde-9f6e-1c3cb1927353","eventType":"AwsApiCall","recipientAccountId":"555555555555"}

{LogStreamName: 111111111111_CloudTrail_us-east-2,Timestamp: 1505744407363,Message: {"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"AAAAAAAAAAAAAAAAAAAAA","arn":"arn:aws:iam::111111111111:user/Test-User","accountId":"111111111111","accessKeyId":"AAAAA1A1AA1AA1111AAA","userName":"Test-User","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2017-09-18T13:22:10Z"}},"invokedBy":"sub.domain.test"},"eventTime":"2017-09-18T14:10:15Z","eventSource":"sub2.domain.test","eventName":"DescribeTrails","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.187","userAgent":"sub.domain.test","requestParameters":{"includeShadowTrails":false,"trailNameList":[]},"responseElements":null,"requestID":"17b7a04c-9c7b-11e7-9d83-43d5bce2d2fc","eventID":"a4914e00-65e5-491d-b1c6-a0dd3845b302","eventType":"AwsApiCall","recipientAccountId":"111111111111"},IngestionTime: 1505744407506,EventId: 33579222362714760922479126672120053866513932467844153344}

{"eventVersion":"1.08","userIdentity":{"type":"IdentityCenterUser","accountId":"123456799082","onBehalfOf":{"userId":"a11111-1111-1111-11a1-111aa100aa77","identityStoreArn":"arn:aws:identitystore::111111111:identitystore/d-111177a1a"},"credentialId":"1111a001111111a1a11111a0a[…]"},"eventTime":"2020-12-07T20:33:58Z","eventSource":"signin.amazonaws.com","eventName":"CredentialChallenge","awsRegion":"us-east-1","sourceIPAddress":"10.0.0.3","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/10.0.0.4 Safari/537.36","requestParameters":null,"responseElements":null,"additionalEventData":{"CredentialType":"PASSWORD","UserName":"testuser"},"requestID":"5ab44ffb-1234-4f47-abcd-1adebd4afead","eventID":"27bc7704-c1ab-1234-abcd-d0e628e0e604","readOnly":false,"eventType":"AwsServiceEvent","managementEvent":true,"eventCategory":"Management","serviceEventDetails":{"CredentialChallenge":"Success"}}

{"eventVersion":"1.08","userIdentity":{"type":"AssumedRole","userName":"GroupManagerRole","accountId":"123456799082","principalId":"123456799082"},"group":{"groupId":"11a1a111-1111-1010-aaa1-01111a1111a0","displayName":"HIDDEN_DUE_TO_SECURITY_REASONS","groupAttributes":{"description":{"stringValue":"HIDDEN_DUE_TO_SECURITY_REASONS"}}},"eventTime":"2020-12-08T18:56:15Z","eventName":"CreateGroup","eventSource":"sso-directory.amazonaws.com","awsRegion":"us-east-1","sourceIPAddress":"10.0.0.7","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/10.0.0.8 Safari/537.36","requestParameters":null,"responseElements":null,"additionalEventData":{"AuthWorkflowID":"abcf67c4-1234-4e2b-8527-fe539e328fa7","CredentialType":"PASSWORD","UserName":"testuser@example.com"},"requestID":"5ab44ffb-1234-4f47-abcd-1adebd4afead","eventID":"27bc7704-c1ab-1234-abcd-d0e628e0e604","readOnly":false,"eventType":"AwsServiceEvent","managementEvent":true,"eventCategory":"Management","recipientAccountId":"111122223333","serviceEventDetails":{"CredentialChallenge":"Success"}}