Class: Aws::SecurityLake::Types::CreateCustomLogSourceRequest

Inherits:

Struct

• Object
• Struct
• Aws::SecurityLake::Types::CreateCustomLogSourceRequest

Includes:

Aws::Structure

Defined in:

lib/aws-sdk-securitylake/types.rb

Overview

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #configuration ⇒ Types::CustomLogSourceConfiguration

  The configuration used for the third-party custom source.

• #event_classes ⇒ Array<String>

  The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake.

• #source_name ⇒ String

  Specify the name for a third-party custom source.

• #source_version ⇒ String

  Specify the source version for the third-party custom source, to limit log collection to a specific version of custom data source.

Instance Attribute Details

#configuration ⇒ Types::CustomLogSourceConfiguration

The configuration used for the third-party custom source.

Returns:

• (Types::CustomLogSourceConfiguration)

# File 'lib/aws-sdk-securitylake/types.rb', line 264

class CreateCustomLogSourceRequest < Struct.new(
  :configuration,
  :event_classes,
  :source_name,
  :source_version)
  SENSITIVE = []
  include Aws::Structure
end

#event_classes ⇒ Array<String>

The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:

• ‘ACCESS_ACTIVITY`

• ‘FILE_ACTIVITY`

• ‘KERNEL_ACTIVITY`

• ‘KERNEL_EXTENSION`

• ‘MEMORY_ACTIVITY`

• ‘MODULE_ACTIVITY`

• ‘PROCESS_ACTIVITY`

• ‘REGISTRY_KEY_ACTIVITY`

• ‘REGISTRY_VALUE_ACTIVITY`

• ‘RESOURCE_ACTIVITY`

• ‘SCHEDULED_JOB_ACTIVITY`

• ‘SECURITY_FINDING`

• ‘ACCOUNT_CHANGE`

• ‘AUTHENTICATION`

• ‘AUTHORIZATION`

• ‘ENTITY_MANAGEMENT_AUDIT`

• ‘DHCP_ACTIVITY`

• ‘NETWORK_ACTIVITY`

• ‘DNS_ACTIVITY`

• ‘FTP_ACTIVITY`

• ‘HTTP_ACTIVITY`

• ‘RDP_ACTIVITY`

• ‘SMB_ACTIVITY`

• ‘SSH_ACTIVITY`

• ‘CONFIG_STATE`

• ‘INVENTORY_INFO`

• ‘EMAIL_ACTIVITY`

• ‘API_ACTIVITY`

• ‘CLOUD_API`

Returns:

• (Array<String>)

# File 'lib/aws-sdk-securitylake/types.rb', line 264

class CreateCustomLogSourceRequest < Struct.new(
  :configuration,
  :event_classes,
  :source_name,
  :source_version)
  SENSITIVE = []
  include Aws::Structure
end

#source_name ⇒ String

Specify the name for a third-party custom source. This must be a Regionally unique value. The ‘sourceName` you enter here, is used in the `LogProviderRole` name which follows the convention `AmazonSecurityLake-Provider-of the custom source-region`. You must use a `CustomLogSource` name that is shorter than or equal to 20 characters. This ensures that the `LogProviderRole` name is below the 64 character limit.

Returns:

• (String)

# File 'lib/aws-sdk-securitylake/types.rb', line 264

class CreateCustomLogSourceRequest < Struct.new(
  :configuration,
  :event_classes,
  :source_name,
  :source_version)
  SENSITIVE = []
  include Aws::Structure
end

#source_version ⇒ String

Specify the source version for the third-party custom source, to limit log collection to a specific version of custom data source.

Returns:

• (String)

# File 'lib/aws-sdk-securitylake/types.rb', line 264

class CreateCustomLogSourceRequest < Struct.new(
  :configuration,
  :event_classes,
  :source_name,
  :source_version)
  SENSITIVE = []
  include Aws::Structure
end