Add possibility to filter out events on subscription level
Closed this issue · 3 comments
Andrey9kin commented
Add possibility to filter out events on subscription level
cageyv commented
This is good example for add to filter:
Case:
- Account part of AWS Organization
- Person login through AWS SSO
- Person open RDS Aurora cluster
Event:
arn:aws:sts::XXXXXXXX:assumed-role/AWSReservedSSO_XXXXXX/vladimir.XXXX@XXXXX.com called ListAccounts but failed due to AccessDenied
Error message: CallerValidation check failed
Why:
chrispicht commented
I want to filter out messages about tenableio-connector making calls that will never succeed.
arn:aws:sts::123104204098:assumed-role/tenableio-connector/tenable-get-trails-0ca39b30-f227-44cb-acc8-e096c7657527 called GetTrailStatus but failed due to
AccessDenied
Error message:
User: arn:aws:sts::123104204098:assumed-role/tenableio-connector/tenable-get-trails-0ca39b30-f227-44cb-acc8-e096c7657527 is not authorized to perform: cloudtrail:GetTrailStatus on resource: arn:aws:cloudtrail:us-east-1:045758098048:trail/main because no identity-based policy allows the cloudtrail:GetTrailStatus action
Time: 2021-11-11 13:34:32 UTC
Id: 3e6f5ab6-da6e-43cd-9997-6710fd2aad1f
Account Id: 123104204098
Event location in s3:
AWSLogs/o-rrdq1iyird/123104204098/CloudTrail/us-east-1/2021/11/11/123104204098_CloudTrail_us-east-1_20211111T1335Z_jloPdYM4UTJFcMaz.json.gz
Andrey9kin commented
@chrispicht just added possibility to filter out stuff 52ad1f4
going to release as 2.3.0