With AWS TLS 1.0 and 1.1 depreciation coming in June, please add to the ingest pipeline parsing of tlsDetails structure.
{
...
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "ssm.us-west-2.amazonaws.com"
}
...
}
With AWS TLS 1.0 and 1.1 depreciation coming in June, please add to the ingest pipeline parsing of tlsDetails structure.
Reference:
https://aws.amazon.com/blogs/mt/using-aws-cloudtrail-lake-to-identify-older-tls-connections-to-aws-service-endpoints/