AWS::Logs::Transformer ParseToOCSF - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::Logs::Transformer ParseToOCSF

This processor converts logs into Open Cybersecurity Schema Framework (OCSF) events.

For more information about this processor including examples, see parseToOSCF in the CloudWatch Logs User Guide.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "EventSource" : String,
  "OcsfVersion" : String,
  "Source" : String
}

YAML

  EventSource: String
  OcsfVersion: String
  Source: String

Properties

EventSource

Specify the service or process that produces the log events that will be converted with this processor.

Required: Yes

Type: String

Allowed values: CloudTrail | Route53Resolver | VPCFlow | EKSAudit | AWSWAF

Update requires: No interruption

OcsfVersion

Specify which version of the OCSF schema to use for the transformed log events.

Required: Yes

Type: String

Allowed values: V1.1

Update requires: No interruption

Source

The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.

Required: No

Type: String

Pattern: ^.*[a-zA-Z0-9]+.*$

Update requires: No interruption