Mappings: AWS API Gateway
| Input | Value |
|---|---|
| Vendor | AWS |
| Product | API Gateway |
| Log Format | JSON |
| Event ID Regex Pattern | _default_ |
| Output | Value |
|---|---|
| Vendor | Amazon AWS |
| Product | API Gateway |
| Record Type | NetworkHTTP |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| accountId | message.accountId | |
| cloud_provider | None | The static text AWS is populated in this schema field. |
| cloud_service | None | The static text API Gateway is populated in this schema field. |
| http_method | message.httpMethod | |
| http_response_contentLength | message.responseLength | |
| http_response_statusCode | message.status | |
| http_userAgent | message.userAgent | |
| srcDevice_ip | message_ip | |
| tcpProtocol | message.protocol | |
| timestamp | message.requestTime | We expect the orginal record value of message.requestTime is in the format dd/MMM/yyyy:HH:mm:ss Z |
| user_authDomain | message.domain |