To then pull these logs into Panther, you will need to set up an S3 bucket in the Panther Console.
schema: AWS.Config
fields:
- name: relatedEvents
description: RelatedEvents field
type: array
element:
type: json
- name: relationships
description: Relationships field
type: array
element:
type: object
fields:
- name: resourceId
description: ResourceId field
type: string
- name: resourceType
description: ResourceType field
type: string
- name: name
description: Name field
type: string
- name: configuration
required: true
description: Configuration field
type: json
- name: supplementaryConfiguration
description: SupplementaryConfiguration field
type: json
- name: tags
description: Tags field
type: json
- name: configurationItemVersion
description: ConfigurationItemVersion field
type: string
- name: configurationItemCaptureTime
required: true
description: ConfigurationItemCaptureTime field
type: timestamp
timeFormat: rfc3339
isEventTime: true
- name: configurationStateId
description: ConfigurationStateId field
type: bigint
- name: awsAccountId
required: true
description: AwsAccountId field
type: string
indicators:
- aws_account_id
- name: configurationItemStatus
description: ConfigurationItemStatus field
type: string
- name: resourceType
required: true
description: ResourceType field
type: string
- name: resourceId
description: ResourceId field
type: string
- name: resourceName
description: ResourceName field
type: string
- name: ARN
description: ARN field
type: string
indicators:
- aws_arn
- name: awsRegion
description: AwsRegion field
type: string
- name: availabilityZone
description: AvailabilityZone field
type: string
- name: configurationStateMd5Hash
description: ConfigurationStateMd5Hash field
type: string
indicators:
- md5
- name: resourceCreationTime
description: ResourceCreationTime field
type: timestamp
timeFormat: rfc3339
