diff --git a/internal/inventory/asset.go b/internal/inventory/asset.go index 99604dee43..8d2f632017 100644 --- a/internal/inventory/asset.go +++ b/internal/inventory/asset.go @@ -330,9 +330,34 @@ type AssetResourcePolicy struct { Condition map[string]any `json:"condition,omitempty"` } +// EntityMetadata maps metadata required to use Entity Store +type entityMetadata struct { + Entity AssetClassification `json:"asset"` + Cloud *AssetCloud `json:"cloud,omitempty"` + Host *AssetHost `json:"host,omitempty"` +} + // AssetEnricher functional builder function type AssetEnricher func(asset *AssetEvent) +func (a *AssetEvent) getEntityMetadata() map[string]entityMetadata { + ids := a.Asset.Id + + if len(ids) == 0 { + return nil + } + + // Picking up only first id, we need to make a decision on if we + // have a "primary" id or if we duplicate data + return map[string]entityMetadata{ + ids[0]: { + Entity: a.Asset.AssetClassification, + Cloud: a.Cloud, + Host: a.Host, + }, + } +} + func NewAssetEvent(c AssetClassification, ids []string, name string, enrichers ...AssetEnricher) AssetEvent { a := AssetEvent{ Asset: Asset{ diff --git a/internal/inventory/inventory.go b/internal/inventory/inventory.go index 3cc7438127..e7311b0f37 100644 --- a/internal/inventory/inventory.go +++ b/internal/inventory/inventory.go @@ -119,6 +119,7 @@ func (a *AssetInventory) publish(assets []AssetEvent) { "iam": e.IAM, "resource_policies": e.ResourcePolicies, "related.entity": relatedEntity, + "entities": map[string]any{"metadata": e.getEntityMetadata()}, }, } }) diff --git a/internal/inventory/inventory_test.go b/internal/inventory/inventory_test.go index 685d951634..5c649e12a5 100644 --- a/internal/inventory/inventory_test.go +++ b/internal/inventory/inventory_test.go @@ -73,7 +73,7 @@ func TestAssetInventory_Run(t *testing.T) { }, "iam": &AssetIAM{ Id: pointers.Ref("a123123"), - Arn: pointers.Ref("123123:123123:123123"), + Arn: pointers.Ref("123123:123123:123123`"), }, "resource_policies": []AssetResourcePolicy{ { @@ -86,6 +86,14 @@ func TestAssetInventory_Run(t *testing.T) { }, }, "related.entity": []string{"arn:aws:ec2:us-east::ec2/234567890"}, + "entities": map[string]any{ + "metadata": map[string]entityMetadata{ + "arn:aws:ec2:us-east::ec2/234567890": { + Category: string(CategoryInfrastructure), + Type: string(TypeVirtualMachine), + }, + }, + }, }, }, } diff --git a/logs/cloudbeat-events-data-20241119-1.ndjson b/logs/cloudbeat-events-data-20241119-1.ndjson new file mode 100644 index 0000000000..88e02845bc --- /dev/null +++ b/logs/cloudbeat-events-data-20241119-1.ndjson @@ -0,0 +1,606 @@ +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.370+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/jeff-b-tin\",\"AIDA2IBR2EZTIE5RMVZ7Y\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/jeff-b-tin\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"name\":\"jeff-b-tin\",\"last_access\":\"N/A\",\"mfa_active\":false,\"password_last_changed\":\"N/A\",\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTIE5RMVZ7Y\",\"access_keys\":[{\"has_used\":true,\"last_access\":\"2024-11-18T13:07:00Z\",\"rotation_date\":\"2024-10-23T22:48:52Z\",\"active\":true},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"arn\":\"arn:aws:iam::704479110758:user/jeff-b-tin\"},\"id\":[\"arn:aws:iam::704479110758:user/jeff-b-tin\",\"AIDA2IBR2EZTIE5RMVZ7Y\"],\"name\":\"jeff-b-tin\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/kfir\",\"AIDA2IBR2EZTAEKACIBOF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/kfir\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"tags\":null,\"raw\":{\"name\":\"kfir\",\"last_access\":\"2024-10-08T13:46:56Z\",\"arn\":\"arn:aws:iam::704479110758:user/kfir\",\"mfa_active\":true,\"access_keys\":[{\"has_used\":true,\"last_access\":\"2023-05-10T21:47:00Z\",\"rotation_date\":\"2023-05-10T21:36:35Z\",\"active\":true},{\"active\":true,\"has_used\":true,\"last_access\":\"2023-08-24T15:37:00Z\",\"rotation_date\":\"2023-06-12T14:10:08Z\"}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonRoute53FullAccess\",\"PolicyName\":\"AmazonRoute53FullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMFullAccess\",\"PolicyName\":\"IAMFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/BuildSecSupport\",\"PolicyName\":\"BuildSecSupport\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/ReadOnlyElasticsearchAccessPolicy\",\"PolicyName\":\"ReadOnlyElasticsearchAccessPolicy\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/SNS-full-access\",\"PolicyName\":\"SNS-full-access\"}],\"password_last_changed\":\"2024-09-12T12:03:17Z\",\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTAEKACIBOF\",\"mfa_devices\":[{\"is_virtual\":true,\"EnableDate\":\"2020-07-29T08:56:05Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/kfir\",\"UserName\":\"kfir\"}]},\"id\":[\"arn:aws:iam::704479110758:user/kfir\",\"AIDA2IBR2EZTAEKACIBOF\"],\"name\":\"kfir\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/kops\",\"AIDA2IBR2EZTKTJNO3IKQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/kops\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[],\"last_access\":\"N/A\",\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTKTJNO3IKQ\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2022-05-08T12:23:00Z\",\"rotation_date\":\"2022-04-19T07:02:41Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":null,\"name\":\"kops\",\"arn\":\"arn:aws:iam::704479110758:user/kops\"},\"id\":[\"arn:aws:iam::704479110758:user/kops\",\"AIDA2IBR2EZTKTJNO3IKQ\"],\"name\":\"kops\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-10-14T11:04:00Z\",\"rotation_date\":\"2024-02-07T15:56:53Z\"},{\"active\":false,\"has_used\":true,\"last_access\":\"2024-07-25T10:29:00Z\",\"rotation_date\":\"2024-06-04T22:55:56Z\"}],\"mfa_devices\":[{\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/google\",\"UserName\":\"kostas.stamatakis@elastic.co\",\"is_virtual\":true,\"EnableDate\":\"2024-01-09T10:05:37Z\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"last_access\":\"2024-10-30T14:38:42Z\",\"arn\":\"arn:aws:iam::704479110758:user/kostas.stamatakis@elastic.co\",\"password_last_changed\":\"2024-10-14T11:29:19Z\",\"mfa_active\":true,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTFZZRD2VFQ\",\"inline_policies\":[{\"PolicyName\":\"AWSRevokeOlderSessions\",\"policy\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Deny%22%2C%22Action%22%3A%5B%22%2A%22%5D%2C%22Resource%22%3A%5B%22%2A%22%5D%2C%22Condition%22%3A%7B%22DateLessThan%22%3A%7B%22aws%3ATokenIssueTime%22%3A%222024-10-14T11%3A24%3A47.228Z%22%7D%7D%7D%5D%7D\"}],\"name\":\"kostas.stamatakis@elastic.co\"},\"id\":[\"arn:aws:iam::704479110758:user/kostas.stamatakis@elastic.co\",\"AIDA2IBR2EZTFZZRD2VFQ\"],\"name\":\"kostas.stamatakis@elastic.co\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/kostas.stamatakis@elastic.co\",\"AIDA2IBR2EZTFZZRD2VFQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/kostas.stamatakis@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/kuba.sobon@elastic.co\",\"AIDA2IBR2EZTFQGUK77NW\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/kuba.sobon@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"PolicyName\":\"AmazonDynamoDBFullAccess\"},{\"PolicyName\":\"IAM_ENABLE_MFA\",\"PolicyArn\":\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"PolicyName\":\"es-dev-readonly\"}],\"name\":\"kuba.sobon@elastic.co\",\"arn\":\"arn:aws:iam::704479110758:user/kuba.sobon@elastic.co\",\"password_last_changed\":\"2024-10-10T07:56:17Z\",\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTFQGUK77NW\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-10-25T12:10:00Z\",\"rotation_date\":\"2024-10-25T10:40:15Z\"},{\"active\":true,\"has_used\":true,\"last_access\":\"2024-10-30T13:41:00Z\",\"rotation_date\":\"2024-10-25T12:06:52Z\"}],\"mfa_active\":false,\"last_access\":\"2024-11-05T13:59:16Z\"},\"id\":[\"arn:aws:iam::704479110758:user/kuba.sobon@elastic.co\",\"AIDA2IBR2EZTFQGUK77NW\"],\"name\":\"kuba.sobon@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/lola\",\"AIDA2IBR2EZTIIKG7KQHV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/lola\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"tags\":null,\"raw\":{\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/KMS-FullAccess\",\"PolicyName\":\"KMS-FullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Terraform-eks\",\"PolicyName\":\"Terraform-eks\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Cloudbeat_Eks_policy\",\"PolicyName\":\"Cloudbeat_Eks_policy\"}],\"arn\":\"arn:aws:iam::704479110758:user/lola\",\"user_id\":\"AIDA2IBR2EZTIIKG7KQHV\",\"mfa_devices\":[{\"is_virtual\":true,\"EnableDate\":\"2023-05-02T16:03:09Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/iphone\",\"UserName\":\"lola\"}],\"inline_policies\":[{\"policy\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Deny%22%2C%22Action%22%3A%5B%22%2A%22%5D%2C%22Resource%22%3A%5B%22%2A%22%5D%2C%22Condition%22%3A%7B%22DateLessThan%22%3A%7B%22aws%3ATokenIssueTime%22%3A%222024-10-30T13%3A48%3A02.078Z%22%7D%7D%7D%5D%7D\",\"PolicyName\":\"AWSRevokeOlderSessions\"}],\"name\":\"lola\",\"last_access\":\"2024-11-14T15:48:50Z\",\"password_last_changed\":\"2024-10-30T13:59:12Z\",\"mfa_active\":true,\"password_enabled\":true,\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-14T18:06:00Z\",\"rotation_date\":\"2023-04-27T14:43:33Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}]},\"id\":[\"arn:aws:iam::704479110758:user/lola\",\"AIDA2IBR2EZTIIKG7KQHV\"],\"name\":\"lola\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:user/max.kholod\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"password_enabled\":true,\"password_last_changed\":\"2024-10-11T07:15:45Z\",\"mfa_active\":true,\"inline_policies\":[],\"attached_policies\":[{\"PolicyName\":\"IAMUserChangePassword\",\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\"}],\"name\":\"max.kholod\",\"last_access\":\"2024-11-19T12:23:09Z\",\"arn\":\"arn:aws:iam::704479110758:user/max.kholod\",\"user_id\":\"AIDA2IBR2EZTJS3E6QE2V\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-19T12:40:00Z\",\"rotation_date\":\"2023-08-30T11:00:55Z\"},{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false}],\"mfa_devices\":[{\"is_virtual\":true,\"EnableDate\":\"2023-07-20T13:31:37Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/Iphone13\",\"UserName\":\"max.kholod\"}]},\"id\":[\"arn:aws:iam::704479110758:user/max.kholod\",\"AIDA2IBR2EZTJS3E6QE2V\"],\"name\":\"max.kholod\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/max.kholod\",\"AIDA2IBR2EZTJS3E6QE2V\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/nick.alayil@elastic.co\",\"AIDA2IBR2EZTAD2A6VNOB\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/nick.alayil@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:user/nick.alayil@elastic.co\",\"AIDA2IBR2EZTAD2A6VNOB\"],\"name\":\"nick.alayil@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"last_access\":\"2024-11-07T18:36:14Z\",\"mfa_active\":true,\"password_enabled\":true,\"mfa_devices\":[{\"is_virtual\":true,\"EnableDate\":\"2023-05-04T22:00:08Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:u2f/user/nick.alayil@elastic.co/Nick-Yubikey-FRH65NOHHBEPZCZRGZDQXPVVPM\",\"UserName\":\"nick.alayil@elastic.co\"}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AdministratorAccess\",\"PolicyName\":\"AdministratorAccess\"}],\"name\":\"nick.alayil@elastic.co\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-10-28T18:12:00Z\",\"rotation_date\":\"2024-10-19T01:05:36Z\"},{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-19T09:06:00Z\",\"rotation_date\":\"2024-10-24T00:17:07Z\"}],\"arn\":\"arn:aws:iam::704479110758:user/nick.alayil@elastic.co\",\"password_last_changed\":\"2024-10-28T04:44:05Z\",\"user_id\":\"AIDA2IBR2EZTAD2A6VNOB\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/oleg.sucharevich@elastic.co\",\"AIDA2IBR2EZTCZLVX44RI\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:user/oleg.sucharevich@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"name\":\"oleg.sucharevich@elastic.co\",\"last_access\":\"2024-09-18T07:15:40Z\",\"password_enabled\":true,\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-19T10:45:00Z\",\"rotation_date\":\"2022-09-07T07:20:49Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":[{\"PolicyName\":\"IAMUserChangePassword\",\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"PolicyName\":\"AmazonDynamoDBFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\",\"PolicyName\":\"IAM_ENABLE_MFA\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"PolicyName\":\"es-dev-readonly\"}],\"arn\":\"arn:aws:iam::704479110758:user/oleg.sucharevich@elastic.co\",\"password_last_changed\":\"2024-09-02T12:19:04Z\",\"mfa_active\":true,\"user_id\":\"AIDA2IBR2EZTCZLVX44RI\",\"mfa_devices\":[{\"is_virtual\":true,\"EnableDate\":\"2022-09-07T07:33:46Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/oleg.sucharevich@elastic.co\",\"UserName\":\"oleg.sucharevich@elastic.co\"}],\"inline_policies\":[]},\"id\":[\"arn:aws:iam::704479110758:user/oleg.sucharevich@elastic.co\",\"AIDA2IBR2EZTCZLVX44RI\"],\"name\":\"oleg.sucharevich@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/or.ouziel@elastic.co\",\"AIDA2IBR2EZTPQ7UPHRYQ\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:user/or.ouziel@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"tags\":null,\"raw\":{\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-10-30T13:48:00Z\",\"rotation_date\":\"2024-10-30T11:28:41Z\"},{\"last_access\":\"2024-10-26T13:57:00Z\",\"rotation_date\":\"2023-02-21T06:21:35Z\",\"active\":true,\"has_used\":true}],\"name\":\"or.ouziel@elastic.co\",\"last_access\":\"2024-10-30T11:24:51Z\",\"arn\":\"arn:aws:iam::704479110758:user/or.ouziel@elastic.co\",\"mfa_active\":false,\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"PolicyName\":\"AmazonDynamoDBFullAccess\"},{\"PolicyName\":\"IAM_ENABLE_MFA\",\"PolicyArn\":\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"PolicyName\":\"es-dev-readonly\"}],\"password_last_changed\":\"2024-10-27T12:59:29Z\",\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTPQ7UPHRYQ\"},\"id\":[\"arn:aws:iam::704479110758:user/or.ouziel@elastic.co\",\"AIDA2IBR2EZTPQ7UPHRYQ\"],\"name\":\"or.ouziel@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"name\":\"oren@build.security\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"mfa_devices\":[{\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/oren@build.security\",\"UserName\":\"oren@build.security\",\"is_virtual\":true,\"EnableDate\":\"2021-06-10T09:19:36Z\"}],\"inline_policies\":[],\"password_last_changed\":\"2024-10-27T12:22:56Z\",\"access_keys\":[{\"rotation_date\":\"2021-06-06T10:53:04Z\",\"active\":false,\"has_used\":true,\"last_access\":\"2022-12-05T22:58:00Z\"},{\"active\":true,\"has_used\":true,\"last_access\":\"2024-06-10T00:50:00Z\",\"rotation_date\":\"2022-12-05T22:59:54Z\"}],\"name\":\"oren@build.security\",\"last_access\":\"2024-10-28T15:06:22Z\",\"arn\":\"arn:aws:iam::704479110758:user/oren@build.security\",\"mfa_active\":true,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTMQRDG5GFP\",\"attached_policies\":[{\"PolicyName\":\"IAMUserChangePassword\",\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonS3FullAccess\",\"PolicyName\":\"AmazonS3FullAccess\"}]},\"id\":[\"arn:aws:iam::704479110758:user/oren@build.security\",\"AIDA2IBR2EZTMQRDG5GFP\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/oren@build.security\",\"AIDA2IBR2EZTMQRDG5GFP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/oren@build.security\":{\"category\":\"identity\",\"type\":\"user\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/orestis.floros@elastic.co\",\"AIDA2IBR2EZTNWS7VHYWD\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:user/orestis.floros@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"tags\":null,\"raw\":{\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"last_access\":\"2024-11-18T15:05:37Z\",\"arn\":\"arn:aws:iam::704479110758:user/orestis.floros@elastic.co\",\"mfa_active\":false,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTNWS7VHYWD\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-10-28T15:11:00Z\",\"rotation_date\":\"2024-08-29T14:44:45Z\"},{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-18T17:21:00Z\",\"rotation_date\":\"2024-01-23T16:35:24Z\"}],\"name\":\"orestis.floros@elastic.co\",\"password_last_changed\":\"2024-10-23T09:20:56Z\"},\"id\":[\"arn:aws:iam::704479110758:user/orestis.floros@elastic.co\",\"AIDA2IBR2EZTNWS7VHYWD\"],\"name\":\"orestis.floros@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/paulo\",\"AIDA2IBR2EZTHN4BRBISO\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/paulo\":{\"category\":\"identity\",\"type\":\"user\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\"}],\"last_access\":\"2024-10-02T00:10:45Z\",\"password_last_changed\":\"2024-08-13T21:09:04Z\",\"mfa_active\":false,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTHN4BRBISO\",\"access_keys\":[{\"has_used\":true,\"last_access\":\"2024-11-15T09:42:00Z\",\"rotation_date\":\"2023-03-02T21:20:01Z\",\"active\":true},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"name\":\"paulo\",\"arn\":\"arn:aws:iam::704479110758:user/paulo\"},\"id\":[\"arn:aws:iam::704479110758:user/paulo\",\"AIDA2IBR2EZTHN4BRBISO\"],\"name\":\"paulo\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"name\":\"qa-agentless-cspm\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-07-24T14:53:00Z\",\"rotation_date\":\"2024-05-12T09:46:47Z\"},{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false}],\"arn\":\"arn:aws:iam::704479110758:user/qa-agentless-cspm\",\"name\":\"qa-agentless-cspm\",\"last_access\":\"N/A\",\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTLINK372JU\",\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}]},\"id\":[\"arn:aws:iam::704479110758:user/qa-agentless-cspm\",\"AIDA2IBR2EZTLINK372JU\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/qa-agentless-cspm\",\"AIDA2IBR2EZTLINK372JU\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/qa-agentless-cspm\":{\"category\":\"identity\",\"type\":\"user\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/ricky\",\"AIDA2IBR2EZTNIBZ5AOSG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/ricky\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"rotation_date\":\"2023-03-01T14:53:25Z\",\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-19T01:11:00Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"arn\":\"arn:aws:iam::704479110758:user/ricky\",\"user_id\":\"AIDA2IBR2EZTNIBZ5AOSG\",\"inline_policies\":[],\"name\":\"ricky\",\"last_access\":\"2024-09-23T22:27:13Z\",\"password_last_changed\":\"2024-09-23T22:27:52Z\",\"mfa_active\":false,\"password_enabled\":true},\"id\":[\"arn:aws:iam::704479110758:user/ricky\",\"AIDA2IBR2EZTNIBZ5AOSG\"],\"name\":\"ricky\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"name\":\"romulo.farias@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"password_last_changed\":\"2024-10-14T11:52:06Z\",\"name\":\"romulo.farias@elastic.co\",\"last_access\":\"2024-11-14T12:08:55Z\",\"arn\":\"arn:aws:iam::704479110758:user/romulo.farias@elastic.co\",\"mfa_active\":false,\"password_enabled\":true,\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-14T10:31:00Z\",\"rotation_date\":\"2024-09-12T13:50:26Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[{\"PolicyName\":\"allow-manage-own-mfa\",\"policy\":\"%7B%0A%09%22Version%22%3A%20%222012-10-17%22%2C%0A%09%22Statement%22%3A%20%5B%0A%09%09%7B%0A%09%09%09%22Sid%22%3A%20%22VisualEditor0%22%2C%0A%09%09%09%22Effect%22%3A%20%22Allow%22%2C%0A%09%09%09%22Action%22%3A%20%5B%0A%09%09%09%09%22iam%3ADeactivateMFADevice%22%2C%0A%09%09%09%09%22iam%3AGetMFADevice%22%2C%0A%09%09%09%09%22iam%3ADeleteVirtualMFADevice%22%2C%0A%09%09%09%09%22iam%3AEnableMFADevice%22%2C%0A%09%09%09%09%22iam%3AResyncMFADevice%22%2C%0A%09%09%09%09%22iam%3AUntagMFADevice%22%2C%0A%09%09%09%09%22iam%3ATagMFADevice%22%2C%0A%09%09%09%09%22iam%3ACreateVirtualMFADevice%22%2C%0A%09%09%09%09%22iam%3AListMFADevices%22%2C%0A%09%09%09%09%22iam%3AListMFADeviceTags%22%0A%09%09%09%5D%2C%0A%09%09%09%22Resource%22%3A%20%5B%0A%09%09%09%09%22arn%3Aaws%3Aiam%3A%3A%2A%3Amfa%2F%2A%22%2C%0A%09%09%09%09%22arn%3Aaws%3Aiam%3A%3A%2A%3Auser%2Fromulo.farias%40elastic.co%22%0A%09%09%09%5D%0A%09%09%7D%2C%0A%09%09%7B%0A%09%09%09%22Sid%22%3A%20%22VisualEditor1%22%2C%0A%09%09%09%22Effect%22%3A%20%22Allow%22%2C%0A%09%09%09%22Action%22%3A%20%22iam%3AListVirtualMFADevices%22%2C%0A%09%09%09%22Resource%22%3A%20%22%2A%22%0A%09%09%7D%0A%09%5D%0A%7D\"},{\"PolicyName\":\"create-trust-anchor-permissions\",\"policy\":\"%7B%0A%09%22Version%22%3A%20%222012-10-17%22%2C%0A%09%22Statement%22%3A%20%5B%0A%09%09%7B%0A%09%09%09%22Sid%22%3A%20%22VisualEditor0%22%2C%0A%09%09%09%22Effect%22%3A%20%22Allow%22%2C%0A%09%09%09%22Action%22%3A%20%5B%0A%09%09%09%09%22rolesanywhere%3ACreateTrustAnchor%22%2C%0A%09%09%09%09%22iam%3APassRole%22%0A%09%09%09%5D%2C%0A%09%09%09%22Resource%22%3A%20%5B%0A%09%09%09%09%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2F%2A%22%0A%09%09%09%5D%0A%09%09%7D%0A%09%5D%0A%7D\"},{\"PolicyName\":\"search-resource-explorer\",\"policy\":\"%7B%0A%09%22Version%22%3A%20%222012-10-17%22%2C%0A%09%22Statement%22%3A%20%5B%0A%09%09%7B%0A%09%09%09%22Sid%22%3A%20%22VisualEditor0%22%2C%0A%09%09%09%22Effect%22%3A%20%22Allow%22%2C%0A%09%09%09%22Action%22%3A%20%5B%0A%09%09%09%09%22resource-explorer-2%3ABatchGetView%22%2C%0A%09%09%09%09%22resource-explorer-2%3AListIndexesForMembers%22%2C%0A%09%09%09%09%22resource-explorer-2%3AListSupportedResourceTypes%22%2C%0A%09%09%09%09%22resource-explorer-2%3AListViews%22%2C%0A%09%09%09%09%22resource-explorer-2%3AGetAccountLevelServiceConfiguration%22%2C%0A%09%09%09%09%22resource-explorer-2%3AListIndexes%22%2C%0A%09%09%09%09%22resource-explorer-2%3AGetIndex%22%2C%0A%09%09%09%09%22resource-explorer-2%3AGetView%22%2C%0A%09%09%09%09%22resource-explorer-2%3AListTagsForResource%22%2C%0A%09%09%09%09%22resource-explorer-2%3AGetDefaultView%22%2C%0A%09%09%09%09%22resource-explorer-2%3ASearch%22%0A%09%09%09%5D%2C%0A%09%09%09%22Resource%22%3A%20%22%2A%22%0A%09%09%7D%0A%09%5D%0A%7D\"}],\"attached_policies\":[{\"PolicyName\":\"IAMUserChangePassword\",\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\"},{\"PolicyName\":\"AmazonDynamoDBFullAccess\",\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\",\"PolicyName\":\"IAM_ENABLE_MFA\"},{\"PolicyName\":\"Developers_eks\",\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\"},{\"PolicyName\":\"assume-eks-cloudbeat-tf-5jA\",\"PolicyArn\":\"arn:aws:iam::704479110758:policy/assume-eks-cloudbeat-tf-5jA\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"PolicyName\":\"es-dev-readonly\"}],\"user_id\":\"AIDA2IBR2EZTJMPOR52WV\"},\"id\":[\"arn:aws:iam::704479110758:user/romulo.farias@elastic.co\",\"AIDA2IBR2EZTJMPOR52WV\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:iam::704479110758:user/romulo.farias@elastic.co\",\"AIDA2IBR2EZTJMPOR52WV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/romulo.farias@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/sean.rathier@elastic.co\",\"AIDA2IBR2EZTBLZAKLAK6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/sean.rathier@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"name\":\"sean.rathier@elastic.co\",\"last_access\":\"2024-08-26T15:53:14Z\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTBLZAKLAK6\",\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"PolicyName\":\"AmazonDynamoDBFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\",\"PolicyName\":\"IAM_ENABLE_MFA\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"PolicyName\":\"es-dev-readonly\"}],\"password_last_changed\":\"2024-08-26T15:53:28Z\",\"password_enabled\":true,\"access_keys\":[{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false},{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false}],\"arn\":\"arn:aws:iam::704479110758:user/sean.rathier@elastic.co\"},\"id\":[\"arn:aws:iam::704479110758:user/sean.rathier@elastic.co\",\"AIDA2IBR2EZTBLZAKLAK6\"],\"name\":\"sean.rathier@elastic.co\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/serverless_ci\",\"AIDA2IBR2EZTGCFGBY6PG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/serverless_ci\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[],\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/serverless_ci\",\"user_id\":\"AIDA2IBR2EZTGCFGBY6PG\",\"access_keys\":[{\"last_access\":\"2024-11-19T12:23:00Z\",\"rotation_date\":\"2024-11-10T07:52:19Z\",\"active\":true,\"has_used\":true},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"serverless_ci\",\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"password_enabled\":false},\"id\":[\"arn:aws:iam::704479110758:user/serverless_ci\",\"AIDA2IBR2EZTGCFGBY6PG\"],\"name\":\"serverless_ci\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/shashanks\",\"AIDA2IBR2EZTFSX4LPD2A\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/shashanks\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[],\"name\":\"shashanks\",\"last_access\":\"2024-10-30T11:03:42Z\",\"arn\":\"arn:aws:iam::704479110758:user/shashanks\",\"mfa_active\":false,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTFSX4LPD2A\",\"access_keys\":[{\"last_access\":\"2024-11-19T12:48:00Z\",\"rotation_date\":\"2024-10-30T11:40:52Z\",\"active\":true,\"has_used\":true},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AdministratorAccess\",\"PolicyName\":\"AdministratorAccess\"}],\"password_last_changed\":\"2024-10-30T11:04:22Z\"},\"id\":[\"arn:aws:iam::704479110758:user/shashanks\",\"AIDA2IBR2EZTFSX4LPD2A\"],\"name\":\"shashanks\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"password_last_changed\":\"2024-10-23T15:43:30Z\",\"arn\":\"arn:aws:iam::704479110758:user/smriti.smriti@elastic.co\",\"mfa_active\":false,\"password_enabled\":true,\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2024-05-27T13:41:43Z\"},{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"name\":\"smriti.smriti@elastic.co\",\"last_access\":\"2024-11-06T13:41:19Z\",\"user_id\":\"AIDA2IBR2EZTFVNLWSC7R\"},\"id\":[\"arn:aws:iam::704479110758:user/smriti.smriti@elastic.co\",\"AIDA2IBR2EZTFVNLWSC7R\"],\"name\":\"smriti.smriti@elastic.co\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/smriti.smriti@elastic.co\",\"AIDA2IBR2EZTFVNLWSC7R\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/smriti.smriti@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/Tehila\",\"AIDA2IBR2EZTAMNID3WF4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/Tehila\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"name\":\"Tehila\",\"last_access\":\"2021-07-13T10:21:33Z\",\"mfa_active\":true,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTAMNID3WF4\",\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2021-04-12T14:12:56Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"mfa_devices\":[{\"UserName\":\"Tehila\",\"is_virtual\":true,\"EnableDate\":\"2021-05-10T10:46:09Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/Tehila\"}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"arn\":\"arn:aws:iam::704479110758:user/Tehila\",\"password_last_changed\":\"2021-07-11T15:11:45Z\"},\"id\":[\"arn:aws:iam::704479110758:user/Tehila\",\"AIDA2IBR2EZTAMNID3WF4\"],\"name\":\"Tehila\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"name\":\"terraform-deployment\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"},{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false}],\"inline_policies\":[],\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTIOXMYQPPV\",\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AWSCloudMapFullAccess\",\"PolicyName\":\"AWSCloudMapFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonEC2FullAccess\",\"PolicyName\":\"AmazonEC2FullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonRDSFullAccess\",\"PolicyName\":\"AmazonRDSFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecretsManagerReadWrite\",\"PolicyName\":\"SecretsManagerReadWrite\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonECS_FullAccess\",\"PolicyName\":\"AmazonECS_FullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonSNSFullAccess\",\"PolicyName\":\"AmazonSNSFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonSQSFullAccess\",\"PolicyName\":\"AmazonSQSFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/KMS-FullAccess\",\"PolicyName\":\"KMS-FullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/terraform-deployment-policy\",\"PolicyName\":\"terraform-deployment-policy\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/FullElasticsearchAccessPolicy\",\"PolicyName\":\"FullElasticsearchAccessPolicy\"}],\"name\":\"terraform-deployment\",\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/terraform-deployment\",\"password_enabled\":false},\"id\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA2IBR2EZTIOXMYQPPV\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA2IBR2EZTIOXMYQPPV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/terraform-deployment\":{\"type\":\"user\",\"category\":\"identity\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"id\":[\"arn:aws:iam::704479110758:user/terrancedj\",\"AIDA2IBR2EZTHCDJLKHDD\"],\"name\":\"terrancedj\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"mfa_active\":false,\"password_enabled\":true,\"inline_policies\":[],\"name\":\"terrancedj\",\"last_access\":\"2024-11-08T14:46:06Z\",\"password_last_changed\":\"2024-10-24T21:48:35Z\",\"user_id\":\"AIDA2IBR2EZTHCDJLKHDD\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-09T04:15:00Z\",\"rotation_date\":\"2024-10-31T16:50:27Z\"},{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AdministratorAccess\",\"PolicyName\":\"AdministratorAccess\"}],\"arn\":\"arn:aws:iam::704479110758:user/terrancedj\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/terrancedj\",\"AIDA2IBR2EZTHCDJLKHDD\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/terrancedj\":{\"category\":\"identity\",\"type\":\"user\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:user/test-access-key-no-rotation-90-days-fail\",\"AIDA2IBR2EZTAFPKTDWSM\"],\"name\":\"test-access-key-no-rotation-90-days-fail\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"user_id\":\"AIDA2IBR2EZTAFPKTDWSM\",\"access_keys\":[{\"has_used\":true,\"last_access\":\"2023-06-26T10:09:00Z\",\"rotation_date\":\"2023-03-08T16:01:09Z\",\"active\":true},{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false}],\"inline_policies\":[],\"last_access\":\"2023-03-08T16:21:35Z\",\"arn\":\"arn:aws:iam::704479110758:user/test-access-key-no-rotation-90-days-fail\",\"password_last_changed\":\"2023-03-08T16:22:04Z\",\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"name\":\"test-access-key-no-rotation-90-days-fail\",\"mfa_active\":false,\"password_enabled\":true}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/test-access-key-no-rotation-90-days-fail\",\"AIDA2IBR2EZTAFPKTDWSM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/test-access-key-no-rotation-90-days-fail\":{\"category\":\"identity\",\"type\":\"user\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/test-mfa-virtual-never-used\",\"AIDA2IBR2EZTG2M53B23P\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/test-mfa-virtual-never-used\":{\"type\":\"user\",\"category\":\"identity\"}},\"asset\":{\"tags\":null,\"raw\":{\"inline_policies\":[],\"attached_policies\":null,\"user_id\":\"AIDA2IBR2EZTG2M53B23P\",\"password_last_changed\":\"2023-03-08T10:12:00Z\",\"mfa_active\":true,\"password_enabled\":true,\"access_keys\":[{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"mfa_devices\":[{\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/test-mfa-virtual-never-used\",\"UserName\":\"test-mfa-virtual-never-used\",\"is_virtual\":true,\"EnableDate\":\"2023-03-08T10:13:43Z\"}],\"name\":\"test-mfa-virtual-never-used\",\"last_access\":\"no_information\",\"arn\":\"arn:aws:iam::704479110758:user/test-mfa-virtual-never-used\"},\"id\":[\"arn:aws:iam::704479110758:user/test-mfa-virtual-never-used\",\"AIDA2IBR2EZTG2M53B23P\"],\"name\":\"test-mfa-virtual-never-used\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/test-mfa-virtual-pass\",\"AIDA2IBR2EZTPVBRRJML4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/test-mfa-virtual-pass\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"user_id\":\"AIDA2IBR2EZTPVBRRJML4\",\"access_keys\":[{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false},{\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false,\"last_access\":\"N/A\"}],\"inline_policies\":[],\"name\":\"test-mfa-virtual-pass\",\"password_last_changed\":\"2023-03-08T09:59:12Z\",\"password_enabled\":true,\"mfa_devices\":[{\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/test-mfa-virtual-pass\",\"UserName\":\"test-mfa-virtual-pass\",\"is_virtual\":true,\"EnableDate\":\"2023-03-08T10:03:07Z\"}],\"attached_policies\":null,\"last_access\":\"2023-03-08T10:05:06Z\",\"arn\":\"arn:aws:iam::704479110758:user/test-mfa-virtual-pass\",\"mfa_active\":true},\"id\":[\"arn:aws:iam::704479110758:user/test-mfa-virtual-pass\",\"AIDA2IBR2EZTPVBRRJML4\"],\"name\":\"test-mfa-virtual-pass\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"arn\":\"arn:aws:iam::704479110758:user/test-no-mfa-fail\",\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTBJRX4WB45\",\"access_keys\":[{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"name\":\"test-no-mfa-fail\",\"last_access\":\"2023-03-08T13:18:31Z\",\"password_last_changed\":\"2023-03-08T13:18:56Z\",\"mfa_active\":false},\"id\":[\"arn:aws:iam::704479110758:user/test-no-mfa-fail\",\"AIDA2IBR2EZTBJRX4WB45\"],\"name\":\"test-no-mfa-fail\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/test-no-mfa-fail\",\"AIDA2IBR2EZTBJRX4WB45\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/test-no-mfa-fail\":{\"category\":\"identity\",\"type\":\"user\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/test-password-never-used-fail\",\"AIDA2IBR2EZTHRX3M35UN\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/test-password-never-used-fail\":{\"category\":\"identity\",\"type\":\"user\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"raw\":{\"access_keys\":[{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"name\":\"test-password-never-used-fail\",\"last_access\":\"N/A\",\"mfa_active\":false,\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTHRX3M35UN\",\"inline_policies\":[],\"attached_policies\":null,\"arn\":\"arn:aws:iam::704479110758:user/test-password-never-used-fail\",\"password_last_changed\":\"N/A\"},\"id\":[\"arn:aws:iam::704479110758:user/test-password-never-used-fail\",\"AIDA2IBR2EZTHRX3M35UN\"],\"name\":\"test-password-never-used-fail\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::704479110758:user/test-setup-access-keys-during-init-fail\",\"AIDA2IBR2EZTHIUKP6DZ2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/test-setup-access-keys-during-init-fail\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2023-03-08T14:21:57Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"name\":\"test-setup-access-keys-during-init-fail\",\"password_last_changed\":\"2023-03-08T14:20:47Z\",\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTHIUKP6DZ2\",\"inline_policies\":[],\"last_access\":\"no_information\",\"arn\":\"arn:aws:iam::704479110758:user/test-setup-access-keys-during-init-fail\",\"mfa_active\":false},\"id\":[\"arn:aws:iam::704479110758:user/test-setup-access-keys-during-init-fail\",\"AIDA2IBR2EZTHIUKP6DZ2\"],\"name\":\"test-setup-access-keys-during-init-fail\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/test-user-1-active-1-not-active-keys-pass\",\"AIDA2IBR2EZTDJUTOY57N\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/test-user-1-active-1-not-active-keys-pass\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"rotation_date\":\"2023-03-08T15:45:13Z\",\"active\":false,\"has_used\":false,\"last_access\":\"N/A\"},{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2023-03-08T15:45:28Z\"}],\"last_access\":\"no_information\",\"arn\":\"arn:aws:iam::704479110758:user/test-user-1-active-1-not-active-keys-pass\",\"mfa_active\":false,\"password_enabled\":true,\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"name\":\"test-user-1-active-1-not-active-keys-pass\",\"password_last_changed\":\"2023-03-08T15:44:39Z\",\"user_id\":\"AIDA2IBR2EZTDJUTOY57N\"},\"id\":[\"arn:aws:iam::704479110758:user/test-user-1-active-1-not-active-keys-pass\",\"AIDA2IBR2EZTDJUTOY57N\"],\"name\":\"test-user-1-active-1-not-active-keys-pass\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:user/test-user-2-active-keys\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"last_access\":\"no_information\",\"arn\":\"arn:aws:iam::704479110758:user/test-user-2-active-keys\",\"password_last_changed\":\"2023-03-08T15:37:11Z\",\"user_id\":\"AIDA2IBR2EZTNJZBGZFWA\",\"access_keys\":[{\"rotation_date\":\"2023-03-08T15:37:56Z\",\"active\":true,\"has_used\":false,\"last_access\":\"N/A\"},{\"last_access\":\"N/A\",\"rotation_date\":\"2023-03-08T15:38:24Z\",\"active\":true,\"has_used\":false}],\"inline_policies\":[],\"name\":\"test-user-2-active-keys\",\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"mfa_active\":false,\"password_enabled\":true},\"id\":[\"arn:aws:iam::704479110758:user/test-user-2-active-keys\",\"AIDA2IBR2EZTNJZBGZFWA\"],\"name\":\"test-user-2-active-keys\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/test-user-2-active-keys\",\"AIDA2IBR2EZTNJZBGZFWA\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:user/test-user-one-active-key\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[],\"name\":\"test-user-one-active-key\",\"last_access\":\"no_information\",\"mfa_active\":false,\"password_enabled\":true,\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2023-03-08T15:42:40Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"arn\":\"arn:aws:iam::704479110758:user/test-user-one-active-key\",\"password_last_changed\":\"2023-03-08T15:41:59Z\",\"user_id\":\"AIDA2IBR2EZTD3HBCJO4Y\"},\"id\":[\"arn:aws:iam::704479110758:user/test-user-one-active-key\",\"AIDA2IBR2EZTD3HBCJO4Y\"],\"name\":\"test-user-one-active-key\",\"category\":\"identity\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/test-user-one-active-key\",\"AIDA2IBR2EZTD3HBCJO4Y\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/test-user-with-inline-policy-fail\",\"AIDA2IBR2EZTLD72AQYDI\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/test-user-with-inline-policy-fail\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:user/test-user-with-inline-policy-fail\",\"AIDA2IBR2EZTLD72AQYDI\"],\"name\":\"test-user-with-inline-policy-fail\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[{\"PolicyName\":\"test-inline-policy\",\"policy\":\"%7B%0A%20%20%20%20%22Version%22%3A%20%222012-10-17%22%2C%0A%20%20%20%20%22Statement%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22Sid%22%3A%20%22VisualEditor0%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%22Effect%22%3A%20%22Allow%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%22Action%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3AListTagsLogGroup%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3ADescribeLogGroups%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3ADescribeLogStreams%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3ADescribeSubscriptionFilters%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3ADescribeMetricFilters%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3AListTagsForResource%22%0A%20%20%20%20%20%20%20%20%20%20%20%20%5D%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%22Resource%22%3A%20%22arn%3Aaws%3Alogs%3A%2A%3A704479110758%3Alog-group%3A%2A%22%0A%20%20%20%20%20%20%20%20%7D%2C%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22Sid%22%3A%20%22VisualEditor1%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%22Effect%22%3A%20%22Allow%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%22Action%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3ADescribeQueries%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3ADescribeExportTasks%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3ADescribeQueryDefinitions%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3ADescribeResourcePolicies%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3ADescribeDestinations%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22logs%3AListLogDeliveries%22%0A%20%20%20%20%20%20%20%20%20%20%20%20%5D%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%22Resource%22%3A%20%22%2A%22%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%5D%0A%7D\"}],\"arn\":\"arn:aws:iam::704479110758:user/test-user-with-inline-policy-fail\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTLD72AQYDI\",\"access_keys\":[{\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false,\"last_access\":\"N/A\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":null,\"name\":\"test-user-with-inline-policy-fail\",\"last_access\":\"N/A\",\"password_last_changed\":\"N/A\",\"password_enabled\":false}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/tin\",\"AIDA2IBR2EZTCA6YOZKCK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/tin\":{\"type\":\"user\",\"category\":\"identity\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"password_last_changed\":\"2024-07-15T12:23:49Z\",\"mfa_active\":true,\"user_id\":\"AIDA2IBR2EZTCA6YOZKCK\",\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AdministratorAccess\",\"PolicyName\":\"AdministratorAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"arn\":\"arn:aws:iam::704479110758:user/tin\",\"last_access\":\"2024-07-15T12:22:31Z\",\"password_enabled\":true,\"access_keys\":[{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"mfa_devices\":[{\"UserName\":\"tin\",\"is_virtual\":true,\"EnableDate\":\"2023-10-10T12:57:07Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/tins_authy\"}],\"name\":\"tin\"},\"id\":[\"arn:aws:iam::704479110758:user/tin\",\"AIDA2IBR2EZTCA6YOZKCK\"],\"name\":\"tin\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"tags\":null,\"raw\":{\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"tin-demo-user\",\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/tin-demo-user\",\"password_last_changed\":\"N/A\",\"password_enabled\":false,\"access_keys\":[{\"rotation_date\":\"2024-10-18T15:54:58Z\",\"active\":true,\"has_used\":true,\"last_access\":\"2024-10-20T02:09:00Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTNODED5XDL\"},\"id\":[\"arn:aws:iam::704479110758:user/tin-demo-user\",\"AIDA2IBR2EZTNODED5XDL\"],\"name\":\"tin-demo-user\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/tin-demo-user\",\"AIDA2IBR2EZTNODED5XDL\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/tin-demo-user\":{\"category\":\"identity\",\"type\":\"user\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/tin@elasticsearch.com\",\"AIDA2IBR2EZTMFTQ4E6H3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/tin@elasticsearch.com\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"name\":\"tin@elasticsearch.com\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"last_access\":\"2024-11-07T08:26:31Z\",\"arn\":\"arn:aws:iam::704479110758:user/tin@elasticsearch.com\",\"password_last_changed\":\"2024-10-14T15:24:00Z\",\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTMFTQ4E6H3\",\"access_keys\":[{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"name\":\"tin@elasticsearch.com\",\"mfa_active\":false,\"inline_policies\":[],\"attached_policies\":null},\"id\":[\"arn:aws:iam::704479110758:user/tin@elasticsearch.com\",\"AIDA2IBR2EZTMFTQ4E6H3\"]},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/uri.weisman@elastic.co\",\"AIDA2IBR2EZTCVFAD2QP6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/uri.weisman@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"has_used\":true,\"last_access\":\"2024-11-18T13:05:00Z\",\"rotation_date\":\"2024-03-13T14:08:36Z\",\"active\":true},{\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false,\"last_access\":\"N/A\"}],\"inline_policies\":[],\"last_access\":\"2024-08-05T12:15:45Z\",\"password_enabled\":true,\"mfa_active\":true,\"user_id\":\"AIDA2IBR2EZTCVFAD2QP6\",\"mfa_devices\":[{\"UserName\":\"uri.weisman@elastic.co\",\"is_virtual\":true,\"EnableDate\":\"2024-03-03T09:27:10Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/Google-Authenticator\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"name\":\"uri.weisman@elastic.co\",\"arn\":\"arn:aws:iam::704479110758:user/uri.weisman@elastic.co\",\"password_last_changed\":\"2024-06-09T06:12:12Z\"},\"id\":[\"arn:aws:iam::704479110758:user/uri.weisman@elastic.co\",\"AIDA2IBR2EZTCVFAD2QP6\"],\"name\":\"uri.weisman@elastic.co\",\"category\":\"identity\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:user/weld-user\":{\"type\":\"user\",\"category\":\"identity\"}},\"asset\":{\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/weld-policy\",\"PolicyName\":\"weld-policy\"}],\"name\":\"weld-user\",\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTDLTERXT5L\",\"inline_policies\":[],\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/weld-user\",\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-02-09T15:53:00Z\",\"rotation_date\":\"2023-10-10T13:15:25Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}]},\"id\":[\"arn:aws:iam::704479110758:user/weld-user\",\"AIDA2IBR2EZTDLTERXT5L\"],\"name\":\"weld-user\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/weld-user\",\"AIDA2IBR2EZTDLTERXT5L\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"password_last_changed\":\"2024-09-26T10:59:35Z\",\"mfa_active\":false,\"access_keys\":[{\"last_access\":\"2023-06-29T02:16:00Z\",\"rotation_date\":\"2023-03-28T12:27:26Z\",\"active\":true,\"has_used\":true},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"last_access\":\"2024-10-29T11:45:38Z\",\"name\":\"yarden\",\"arn\":\"arn:aws:iam::704479110758:user/yarden\",\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTGEFV5LLIB\"},\"id\":[\"arn:aws:iam::704479110758:user/yarden\",\"AIDA2IBR2EZTGEFV5LLIB\"],\"name\":\"yarden\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/yarden\",\"AIDA2IBR2EZTGEFV5LLIB\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/yarden\":{\"category\":\"identity\",\"type\":\"user\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:root\",\"0\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:root\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"name\":\"\",\"last_access\":\"2024-09-25T18:09:15Z\",\"arn\":\"arn:aws:iam::704479110758:root\",\"password_last_changed\":\"2023-01-13T20:11:19Z\",\"mfa_active\":true,\"inline_policies\":[],\"mfa_devices\":[{\"UserName\":\"elastic-security-cloud-security-dev\",\"is_virtual\":true,\"EnableDate\":\"2023-01-13T20:14:15Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/root-account-mfa-device\"}],\"attached_policies\":[],\"password_enabled\":true,\"user_id\":\"0\",\"access_keys\":[{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false},{\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false,\"last_access\":\"N/A\"}]},\"id\":[\"arn:aws:iam::704479110758:root\",\"0\"],\"name\":\"\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.371+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"related.entity\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-ap-northeast-2\"],\"entity.metadata\":{\"arn:aws:s3:::cf-templates-dtg3kq29phyp-ap-northeast-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"Region\":\"ap-northeast-2\",\"name\":\"cf-templates-dtg3kq29phyp-ap-northeast-2\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-ap-northeast-2\"],\"name\":\"cf-templates-dtg3kq29phyp-ap-northeast-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.372+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"ap-northeast-3\",\"name\":\"cf-templates-dtg3kq29phyp-ap-northeast-3\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-ap-northeast-3\"],\"name\":\"cf-templates-dtg3kq29phyp-ap-northeast-3\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-ap-northeast-3\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:s3:::cf-templates-dtg3kq29phyp-ap-northeast-3\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"related.entity\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-eu-west-2\"],\"entity.metadata\":{\"arn:aws:s3:::cf-templates-dtg3kq29phyp-eu-west-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"tags\":null,\"raw\":{\"name\":\"cf-templates-dtg3kq29phyp-eu-west-2\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"},\"id\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-eu-west-2\"],\"name\":\"cf-templates-dtg3kq29phyp-eu-west-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"related.entity\":[\"arn:aws:s3:::dima-test-123\"],\"entity.metadata\":{\"arn:aws:s3:::dima-test-123\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"name\":\"dima-test-123\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"},\"id\":[\"arn:aws:s3:::dima-test-123\"],\"name\":\"dima-test-123\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::test-aws-kms-key-pass\"],\"entity.metadata\":{\"arn:aws:s3:::test-aws-kms-key-pass\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"raw\":{\"name\":\"test-aws-kms-key-pass\",\"sse_algorithm\":\"aws:kms\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"},\"id\":[\"arn:aws:s3:::test-aws-kms-key-pass\"],\"name\":\"test-aws-kms-key-pass\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"asset\":{\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-mfa-disabled-fail\"},\"id\":[\"arn:aws:s3:::test-aws-mfa-disabled-fail\"],\"name\":\"test-aws-mfa-disabled-fail\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::test-aws-mfa-disabled-fail\"],\"entity.metadata\":{\"arn:aws:s3:::test-aws-mfa-disabled-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::test-aws-no-encryption-fail\"],\"entity.metadata\":{\"arn:aws:s3:::test-aws-no-encryption-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"test-aws-no-encryption-fail\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"},\"id\":[\"arn:aws:s3:::test-aws-no-encryption-fail\"],\"name\":\"test-aws-no-encryption-fail\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-fail/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_fail\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"entity.metadata\":{\"arn:aws:s3:::test-aws-sec-transport-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"name\":\"test-aws-sec-transport-fail\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\",\"Sid\":\"Rule2_1_2_fail\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"]},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"entity.metadata\":{\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"name\":\"test-aws-sec-transport-no-condition-fail\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\"],\"condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_no_statement\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"}}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\",\"Sid\":\"Rule2_1_2\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sse-s3-pass\"},\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"name\":\"test-aws-sse-s3-pass\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::test-aws-sse-s3-pass/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"entity.metadata\":{\"arn:aws:s3:::test-aws-sse-s3-pass\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"cf-templates-dtg3kq29phyp-us-east-2\"},\"id\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-us-east-2\"],\"name\":\"cf-templates-dtg3kq29phyp-us-east-2\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-us-east-2\"],\"entity.metadata\":{\"arn:aws:s3:::cf-templates-dtg3kq29phyp-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"related.entity\":[\"arn:aws:s3:::elastic-cspm-cft-test\"],\"entity.metadata\":{\"arn:aws:s3:::elastic-cspm-cft-test\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"elastic-cspm-cft-test\"},\"id\":[\"arn:aws:s3:::elastic-cspm-cft-test\"],\"name\":\"elastic-cspm-cft-test\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\"},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"entity.metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entity.metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\"},{\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\"},\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"name\":\"tf-state-bucket-test-infra\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}},{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"],\"version\":\"2012-10-17\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"resource_policies\":[{\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowTLSRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"entity.metadata\":{\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"],\"Sid\":\"AllowTLSRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\"},\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:s3:::aqua-autoconnect-cfn-stac-kinesisfirehosebucketa00-nqeiqqfq3enc\"],\"entity.metadata\":{\"arn:aws:s3:::aqua-autoconnect-cfn-stac-kinesisfirehosebucketa00-nqeiqqfq3enc\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aqua-autoconnect-cfn-stac-kinesisfirehosebucketa00-nqeiqqfq3enc\"},\"id\":[\"arn:aws:s3:::aqua-autoconnect-cfn-stac-kinesisfirehosebucketa00-nqeiqqfq3enc\"],\"name\":\"aqua-autoconnect-cfn-stac-kinesisfirehosebucketa00-nqeiqqfq3enc\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"asset\":{\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"]},{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"asset\":{\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\",\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-us-east-1\"],\"entity.metadata\":{\"arn:aws:s3:::cf-templates-dtg3kq29phyp-us-east-1\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"name\":\"cf-templates-dtg3kq29phyp-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"cf-templates-dtg3kq29phyp-us-east-1\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-us-east-1\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"id\":\"AllowSSLRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\"}],\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"entity.metadata\":{\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"],\"Sid\":\"AllowSSLRequestsOnly\",\"Action\":\"s3:*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"entity.metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\",\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"]}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\"},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"]},{\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"entity.metadata\":{\"arn:aws:s3:::general-bucket-loggin-buildsecurity-virginia\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"general-bucket-loggin-buildsecurity-virginia\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::general-bucket-loggin-buildsecurity-virginia\"],\"name\":\"general-bucket-loggin-buildsecurity-virginia\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::general-bucket-loggin-buildsecurity-virginia\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo\"],\"entity.metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"paulo-cloudtrail-logs-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo\"],\"name\":\"paulo-cloudtrail-logs-cdr-demo\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"entity.metadata\":{\"arn:aws:s3:::rmf-cloudtrail-backup-test\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"rmf-cloudtrail-backup-test\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::rmf-cloudtrail-backup-test\"],\"name\":\"rmf-cloudtrail-backup-test\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::rmf-cloudtrail-backup-test\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"entity.metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"}},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"entity.metadata\":{\"arn:aws:s3:::tin-config-test\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}}},{\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"name\":\"tin-config-test\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"]},{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552556\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"asset\":{\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.373+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"]},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entity.metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"related.entity\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-us-west-2\"],\"entity.metadata\":{\"arn:aws:s3:::cf-templates-dtg3kq29phyp-us-west-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"cf-templates-dtg3kq29phyp-us-west-2\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-us-west-2\"],\"name\":\"cf-templates-dtg3kq29phyp-us-west-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"resource_policies\":[],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"asset\":{\"raw\":{\"name\":\"cloudtrail-ingest-builds-serverlessdeploymentbuck-5a9tji6n3klw\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::cloudtrail-ingest-builds-serverlessdeploymentbuck-5a9tji6n3klw\"],\"name\":\"cloudtrail-ingest-builds-serverlessdeploymentbuck-5a9tji6n3klw\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::cloudtrail-ingest-builds-serverlessdeploymentbuck-5a9tji6n3klw\"],\"entity.metadata\":{\"arn:aws:s3:::cloudtrail-ingest-builds-serverlessdeploymentbuck-5a9tji6n3klw\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"entity.metadata\":{\"arn:aws:s3:::cloudtrail-ingest-buildsecurity.elastic.co\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-west-2\",\"name\":\"cloudtrail-ingest-buildsecurity.elastic.co\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::cloudtrail-ingest-buildsecurity.elastic.co\"],\"name\":\"cloudtrail-ingest-buildsecurity.elastic.co\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::cloudtrail-ingest-buildsecurity.elastic.co\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}}},{\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entity.metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"raw\":{\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"name\":\"tin-cdr-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"entity.metadata\":{\"arn:aws:s3:::tin-serverless-forwarder-config-store\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"id\":[\"arn:aws:s3:::tin-serverless-forwarder-config-store\"],\"name\":\"tin-serverless-forwarder-config-store\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"tin-serverless-forwarder-config-store\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::tin-serverless-forwarder-config-store\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-eu-central-1\"],\"entity.metadata\":{\"arn:aws:s3:::cf-templates-dtg3kq29phyp-eu-central-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-central-1\",\"name\":\"cf-templates-dtg3kq29phyp-eu-central-1\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true}},\"id\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-eu-central-1\"],\"name\":\"cf-templates-dtg3kq29phyp-eu-central-1\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entity.metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"amir-cf\"},\"id\":[\"arn:aws:s3:::amir-cf\"],\"name\":\"amir-cf\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}]}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"]},{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.338Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null}},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"name\":\"aws-cloudtrail-logs-opa-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"entity.metadata\":{\"arn:aws:s3:::buildsecurity-pdp-images\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"name\":\"buildsecurity-pdp-images\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"buildsecurity-pdp-images\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::buildsecurity-pdp-images\"]},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::buildsecurity-pdp-images\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]}}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entity.metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"name\":\"buildsecurity-tfstate\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-eu-west-1\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:s3:::cf-templates-dtg3kq29phyp-eu-west-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"name\":\"cf-templates-dtg3kq29phyp-eu-west-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"cf-templates-dtg3kq29phyp-eu-west-1\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::cf-templates-dtg3kq29phyp-eu-west-1\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"entity.metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"}},{\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\"},{\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"id\":\"AddPerm\",\"effect\":\"Allow\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::csp-allure-reports\"],\"entity.metadata\":{\"arn:aws:s3:::csp-allure-reports\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-allure-reports\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\",\"Sid\":\"AddPerm\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"name\":\"csp-allure-reports\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"entity.metadata\":{\"arn:aws:s3:::csp-kops\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-kops\"},\"id\":[\"arn:aws:s3:::csp-kops\"],\"name\":\"csp-kops\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::csp-kops\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::demo-rds-dump\"],\"entity.metadata\":{\"arn:aws:s3:::demo-rds-dump\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"demo-rds-dump\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false}},\"id\":[\"arn:aws:s3:::demo-rds-dump\"],\"name\":\"demo-rds-dump\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"]}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entity.metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"name\":\"dev-alb-5td21grs\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::dev-es-internal-manual-snapshots\"],\"entity.metadata\":{\"arn:aws:s3:::dev-es-internal-manual-snapshots\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-es-internal-manual-snapshots\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::dev-es-internal-manual-snapshots\"],\"name\":\"dev-es-internal-manual-snapshots\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::dev-es-tenant-manual-snapshots\"],\"entity.metadata\":{\"arn:aws:s3:::dev-es-tenant-manual-snapshots\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-es-tenant-manual-snapshots\"},\"id\":[\"arn:aws:s3:::dev-es-tenant-manual-snapshots\"],\"name\":\"dev-es-tenant-manual-snapshots\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\"},\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"name\":\"dev-flow-logs-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\"},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"asset\":{\"tags\":null,\"raw\":{\"name\":\"dev-rds-dump-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::dev-rds-dump-5td21grs\"],\"name\":\"dev-rds-dump-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::dev-rds-dump-5td21grs\"],\"entity.metadata\":{\"arn:aws:s3:::dev-rds-dump-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"entity.metadata\":{\"arn:aws:s3:::dev-s3-access-bucket-logging\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"id\":[\"arn:aws:s3:::dev-s3-access-bucket-logging\"],\"name\":\"dev-s3-access-bucket-logging\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-s3-access-bucket-logging\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::dev-s3-access-bucket-logging\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entity.metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"name\":\"devops-alb-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"]},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::devops-es-internal-manual-snapshots\"],\"entity.metadata\":{\"arn:aws:s3:::devops-es-internal-manual-snapshots\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-es-internal-manual-snapshots\"},\"id\":[\"arn:aws:s3:::devops-es-internal-manual-snapshots\"],\"name\":\"devops-es-internal-manual-snapshots\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:s3:::devops-es-tenant-manual-snapshots\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-es-tenant-manual-snapshots\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false}},\"id\":[\"arn:aws:s3:::devops-es-tenant-manual-snapshots\"],\"name\":\"devops-es-tenant-manual-snapshots\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::devops-es-tenant-manual-snapshots\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entity.metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"name\":\"devops-flow-logs-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::devops-rds-dump-m04ivw2j\"],\"entity.metadata\":{\"arn:aws:s3:::devops-rds-dump-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-rds-dump-m04ivw2j\"},\"id\":[\"arn:aws:s3:::devops-rds-dump-m04ivw2j\"],\"name\":\"devops-rds-dump-m04ivw2j\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:s3:::devops-s3-access-bucket-logging\"],\"entity.metadata\":{\"arn:aws:s3:::devops-s3-access-bucket-logging\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"id\":[\"arn:aws:s3:::devops-s3-access-bucket-logging\"],\"name\":\"devops-s3-access-bucket-logging\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"devops-s3-access-bucket-logging\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::evgb\"],\"entity.metadata\":{\"arn:aws:s3:::evgb\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"evgb\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::evgb\"],\"name\":\"evgb\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"eyal-s3-bucket-name\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::eyal-s3-bucket-name\"],\"name\":\"eyal-s3-bucket-name\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::eyal-s3-bucket-name\"],\"entity.metadata\":{\"arn:aws:s3:::eyal-s3-bucket-name\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::general-access-logging-buildsecurity\"],\"entity.metadata\":{\"arn:aws:s3:::general-access-logging-buildsecurity\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"general-access-logging-buildsecurity\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::general-access-logging-buildsecurity\"],\"name\":\"general-access-logging-buildsecurity\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"entity.metadata\":{\"arn:aws:s3:::maxcold-test-bucket-8-10-qa\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"maxcold-test-bucket-8-10-qa\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::maxcold-test-bucket-8-10-qa\"],\"name\":\"maxcold-test-bucket-8-10-qa\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::maxcold-test-bucket-8-10-qa\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"entity.metadata\":{\"arn:aws:s3:::my-s3-policies-bucket\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"id\":[\"arn:aws:s3:::my-s3-policies-bucket\"],\"name\":\"my-s3-policies-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"my-s3-policies-bucket\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::my-s3-policies-bucket\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entity.metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\"},\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"name\":\"poc-alb-afrxhcnr\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"poc-es-internal-manual-snapshots\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::poc-es-internal-manual-snapshots\"],\"name\":\"poc-es-internal-manual-snapshots\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::poc-es-internal-manual-snapshots\"],\"entity.metadata\":{\"arn:aws:s3:::poc-es-internal-manual-snapshots\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::poc-es-tenant-manual-snapshots\"],\"entity.metadata\":{\"arn:aws:s3:::poc-es-tenant-manual-snapshots\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"id\":[\"arn:aws:s3:::poc-es-tenant-manual-snapshots\"],\"name\":\"poc-es-tenant-manual-snapshots\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-es-tenant-manual-snapshots\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entity.metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"name\":\"poc-flow-logs-afrxhcnr\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::poc-rds-dump-afrxhcnr\"],\"entity.metadata\":{\"arn:aws:s3:::poc-rds-dump-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-rds-dump-afrxhcnr\"},\"id\":[\"arn:aws:s3:::poc-rds-dump-afrxhcnr\"],\"name\":\"poc-rds-dump-afrxhcnr\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::poc-s3-access-bucket-logging\"],\"entity.metadata\":{\"arn:aws:s3:::poc-s3-access-bucket-logging\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"name\":\"poc-s3-access-bucket-logging\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"poc-s3-access-bucket-logging\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::poc-s3-access-bucket-logging\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::private-deployments-tfstate\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:s3:::private-deployments-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"private-deployments-tfstate\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::private-deployments-tfstate\"],\"name\":\"private-deployments-tfstate\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}],\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entity.metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"name\":\"qa-alb-h9nrpcij\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.374+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::qa-es-internal-manual-snapshots\"],\"entity.metadata\":{\"arn:aws:s3:::qa-es-internal-manual-snapshots\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"name\":\"qa-es-internal-manual-snapshots\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::qa-es-internal-manual-snapshots\"],\"name\":\"qa-es-internal-manual-snapshots\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.375+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::qa-es-tenant-manual-snapshots\"],\"entity.metadata\":{\"arn:aws:s3:::qa-es-tenant-manual-snapshots\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"qa-es-tenant-manual-snapshots\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::qa-es-tenant-manual-snapshots\"],\"name\":\"qa-es-tenant-manual-snapshots\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.375+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entity.metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.375+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::qa-rds-dump-h9nrpcij\"],\"entity.metadata\":{\"arn:aws:s3:::qa-rds-dump-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"name\":\"qa-rds-dump-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-rds-dump-h9nrpcij\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::qa-rds-dump-h9nrpcij\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.375+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:s3:::qa-s3-access-bucket-logging\"],\"entity.metadata\":{\"arn:aws:s3:::qa-s3-access-bucket-logging\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-s3-access-bucket-logging\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::qa-s3-access-bucket-logging\"],\"name\":\"qa-s3-access-bucket-logging\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.375+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:s3:::spinnaker-persist\"],\"entity.metadata\":{\"arn:aws:s3:::spinnaker-persist\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"spinnaker-persist\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::spinnaker-persist\"],\"name\":\"spinnaker-persist\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.375+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::tempbuildsecurity\"],\"entity.metadata\":{\"arn:aws:s3:::tempbuildsecurity\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"name\":\"tempbuildsecurity\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"tempbuildsecurity\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::tempbuildsecurity\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.375+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::test-aws-no-public-access-pass\"],\"entity.metadata\":{\"arn:aws:s3:::test-aws-no-public-access-pass\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"test-aws-no-public-access-pass\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::test-aws-no-public-access-pass\"],\"name\":\"test-aws-no-public-access-pass\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:10:15.375+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:10:05.339Z\",\"related.entity\":[\"arn:aws:s3:::test-aws-public-access-allowed-fail\"],\"entity.metadata\":{\"arn:aws:s3:::test-aws-public-access-allowed-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"test-aws-public-access-allowed-fail\",\"sse_algorithm\":\"AES256\",\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":false},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::test-aws-public-access-allowed-fail\"],\"name\":\"test-aws-public-access-allowed-fail\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:18:36.297+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:18:25.485Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"],\"version\":\"2012-10-17\",\"id\":\"AddPerm\"}],\"related.entity\":[\"arn:aws:s3:::csp-allure-reports\"],\"entity.metadata\":{\"arn:aws:s3:::csp-allure-reports\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-allure-reports\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\",\"Sid\":\"AddPerm\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"name\":\"csp-allure-reports\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"3fc60921-deee-4d4c-95ce-5d796435425b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1089] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:18:36.300+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:18:25.485Z\",\"entity.metadata\":{\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AllowTLSRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"]}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":true}},\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"3fc60921-deee-4d4c-95ce-5d796435425b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowTLSRequestsOnly\",\"effect\":\"Deny\"}],\"related.entity\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1333] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:18:36.300+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:18:25.485Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"3fc60921-deee-4d4c-95ce-5d796435425b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"],\"Sid\":\"AllowSSLRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AllowSSLRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"related.entity\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1288] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:18:36.300+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:18:25.485Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"3fc60921-deee-4d4c-95ce-5d796435425b\"},\"resource_policies\":[{\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-fail/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_fail\",\"effect\":\"Deny\"}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"entity.metadata\":{\"arn:aws:s3:::test-aws-sec-transport-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"name\":\"test-aws-sec-transport-fail\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\",\"Sid\":\"Rule2_1_2_fail\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1197] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:18:36.300+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:18:25.485Z\",\"agent\":{\"ephemeral_id\":\"3fc60921-deee-4d4c-95ce-5d796435425b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"entity.metadata\":{\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\"},\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"name\":\"test-aws-sec-transport-no-condition-fail\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"id\":\"Rule2_1_2_no_statement\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\"],\"condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"version\":\"2012-10-17\"}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1340] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:18:36.300+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:18:25.485Z\",\"entity.metadata\":{\"arn:aws:s3:::test-aws-sse-s3-pass\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"raw\":{\"name\":\"test-aws-sse-s3-pass\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\",\"Sid\":\"Rule2_1_2\",\"Action\":\"s3:*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"},\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"name\":\"test-aws-sse-s3-pass\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"3fc60921-deee-4d4c-95ce-5d796435425b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::test-aws-sse-s3-pass/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1159] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-25T15:09:59.497+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-25T14:09:44.101Z\",\"related.entity\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AllowTLSRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"]}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"4509fc2c-5c8d-483a-bfe5-a7ec2bc56f68\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowTLSRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3461] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-25T15:09:59.500+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-25T14:09:44.101Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"4509fc2c-5c8d-483a-bfe5-a7ec2bc56f68\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowSSLRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"]}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowSSLRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"}}],\"related.entity\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3345] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-25T15:09:59.500+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-25T14:09:44.101Z\",\"resource_policies\":[{\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"],\"version\":\"2012-10-17\",\"id\":\"AddPerm\",\"effect\":\"Allow\",\"principal\":{\"*\":\"*\"}}],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"4509fc2c-5c8d-483a-bfe5-a7ec2bc56f68\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::csp-allure-reports\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::csp-allure-reports\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"raw\":{\"name\":\"csp-allure-reports\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\",\"Sid\":\"AddPerm\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"name\":\"csp-allure-reports\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2752] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-25T15:09:59.500+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-25T14:09:44.101Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_fail\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-fail/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}}}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-fail\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"name\":\"test-aws-sec-transport-fail\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Rule2_1_2_fail\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"4509fc2c-5c8d-483a-bfe5-a7ec2bc56f68\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3100] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-25T15:09:59.500+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-25T14:09:44.101Z\",\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"4509fc2c-5c8d-483a-bfe5-a7ec2bc56f68\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}}}]}},\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"name\":\"test-aws-sec-transport-no-condition-fail\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\"],\"condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_no_statement\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:PutObject\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3433] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-25T15:09:59.501+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-25T14:09:44.101Z\",\"resource_policies\":[{\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sse-s3-pass/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2\"}],\"related.entity\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sse-s3-pass\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"4509fc2c-5c8d-483a-bfe5-a7ec2bc56f68\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sse-s3-pass\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\",\"Sid\":\"Rule2_1_2\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"name\":\"test-aws-sse-s3-pass\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2998] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.735+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"]},{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4670] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'zyDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4633 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"asset\":{\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4935] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '0CDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4898 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4879] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '0SDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4842 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\",\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"]},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\"},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5206] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '0iDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5169 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4125] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '0yDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4088 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"}}],\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\",\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"]}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"]}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5810] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '1iDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5773 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5034] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '2iDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4997 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}}},{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\"},{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"name\":\"tin-config-test\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4929] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '2yDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4896 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"]}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"amir-cf\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::amir-cf\"],\"name\":\"amir-cf\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2682] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '3CDaaZMB2U0HadUyGsWR'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2672 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}}},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5164] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '3SDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5127 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4956] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '3iDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4919 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4914] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '3yDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4877 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\"},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"]}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5152] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '4CDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5115 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"},{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"name\":\"aws-cloudtrail-logs-opa-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"]},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}}},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:6075] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '4SDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:6038 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false}},\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"name\":\"buildsecurity-tfstate\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]}}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3301] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '4yDaaZMB2U0HadUyGsWR'. Preview of field's value: '{AWS=[arn:aws:iam::704479110758:user/terraform-deployment, AIDA476ILCEFBVRUJXNFV]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3215 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"},{\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\"},{\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4473] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '5SDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4440 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"]}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"name\":\"dev-alb-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4118] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '6SDaaZMB2U0HadUyGsWR'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4079 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"name\":\"dev-flow-logs-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"]}],\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3929] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '7CDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3889 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"name\":\"devops-alb-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4175] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '7yDaaZMB2U0HadUyGsWR'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4136 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"agent\":{\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"devops-flow-logs-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"}],\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3977] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '8iDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3937 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"]}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"name\":\"poc-alb-afrxhcnr\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4118] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '-iDaaZMB2U0HadUyGsWR'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4079 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\"}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"name\":\"poc-flow-logs-afrxhcnr\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3929] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '_SDaaZMB2U0HadUyGsWR'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3889 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"name\":\"qa-alb-h9nrpcij\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4099] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ASDaaZMB2U0HadUyGsaR'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4060 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-flow-logs-h9nrpcij\"},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3913] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'BCDaaZMB2U0HadUyGsaR'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3873 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5061] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'CyDaaZMB2U0HadUyGsaR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5024 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5061] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'DCDaaZMB2U0HadUyGsaR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5024 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5033] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'DSDaaZMB2U0HadUyGsaR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4996 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5120] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'DiDaaZMB2U0HadUyGsaR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5083 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\"}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3956] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'DyDaaZMB2U0HadUyGsaR'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3922 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.337Z\",\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"agent\":{\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"raw\":{\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"Action\":\"s3:GetBucketAcl\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"name\":\"tin-cdr-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4770] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'FCDaaZMB2U0HadUyGsaR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4733 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.338Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\"},\"asset\":{\"tags\":null,\"raw\":{\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\"},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4924] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'GiDaaZMB2U0HadUyGsaR'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4887 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-26T20:02:01.738+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-26T19:01:51.338Z\",\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"tf-state-bucket-test-infra\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}},{\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\",\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\"},\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"name\":\"tf-state-bucket-test-infra\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-3\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"984927ca-7359-4aa1-baf8-06ad32baf290\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3643] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'JCDaaZMB2U0HadUyGsaR'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3577 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.703+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4924] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'cIAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4887 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"asset\":{\"raw\":{\"name\":\"amir-cf\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::amir-cf\"],\"name\":\"amir-cf\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"]}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2682] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'cYAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2672 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}}},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5164] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'coAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5127 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"]},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4956] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'c4AfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4919 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4914] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'dIAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4877 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5152] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'dYAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5115 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"},{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"name\":\"aws-cloudtrail-logs-opa-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:6075] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'doAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:6038 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\",\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"]}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":true},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"name\":\"buildsecurity-tfstate\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\"},\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3301] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'eIAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{AWS=[AIDA476ILCEFBVRUJXNFV, arn:aws:iam::704479110758:user/terraform-deployment]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3215 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\"},{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\"},{\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\"}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4473] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'eoAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4440 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"name\":\"dev-alb-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4118] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'foAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4079 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"name\":\"dev-flow-logs-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\"},\"resource_policies\":[{\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3929] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'gYAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3889 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"asset\":{\"name\":\"devops-alb-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4175] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'hIAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4136 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"asset\":{\"raw\":{\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"name\":\"devops-flow-logs-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3977] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'h4AfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3937 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\"},\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"name\":\"poc-alb-afrxhcnr\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"]}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4118] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'j4AfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4079 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"]}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"name\":\"poc-flow-logs-afrxhcnr\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3929] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'koAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3889 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"name\":\"qa-alb-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4099] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'loAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4060 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\"},\"asset\":{\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"]},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3913] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'mYAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3873 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\"},{\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\"},\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"name\":\"tf-state-bucket-test-infra\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3643] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ooAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3577 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4670] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'pYAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4633 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"agent\":{\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}}},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4935] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'poAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4898 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4879] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'p4AfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4842 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\",\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5206] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'qIAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5169 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4125] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'qYAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4088 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5810] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'rIAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5773 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\"},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5034] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'sIAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4997 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"name\":\"tin-config-test\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4929] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'sYAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4896 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5061] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'soAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5024 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"tags\":null,\"raw\":{\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5061] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 's4AfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5024 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\"},{\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5033] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'tIAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4996 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5120] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'tYAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5083 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AmazonBedrockLogsWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3956] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'toAfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3922 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-27T15:56:30.707+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-27T14:56:20.011Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"bff5457b-b13f-45c9-8f91-a9d9a5abccd6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"tin-cdr-demo\"},\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"name\":\"tin-cdr-demo\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\"},{\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4770] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'u4AfbpMBJOc6ZpWlrhXE'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4733 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.321+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"raw\":{\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4670] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'gUTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4633 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4935] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'gkTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4898 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"]},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4879] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'g0TwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4842 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"]},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\",\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5206] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'hETwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5169 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}]},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4125] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'hUTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4088 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"},{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true}},\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5810] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'iETwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5773 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"]},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5034] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'jETwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4997 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}}},{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"name\":\"tin-config-test\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\"},{\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4929] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'jUTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4896 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true}},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4924] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'kUTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4887 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"amir-cf\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"amir-cf\"},\"id\":[\"arn:aws:s3:::amir-cf\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"]}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2682] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'kkTwcpMBL52mudecKO5F'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2672 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"]},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5164] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'k0TwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5127 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\"},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4956] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'lETwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4919 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}]},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4914] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'lUTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4877 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5152] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'lkTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5115 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"asset\":{\"name\":\"aws-cloudtrail-logs-opa-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}}},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:6075] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'l0TwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:6038 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"buildsecurity-tfstate\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\"}]},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\"},\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3301] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'mUTwcpMBL52mudecKO5F'. Preview of field's value: '{AWS=[AIDA476ILCEFBVRUJXNFV, arn:aws:iam::704479110758:user/terraform-deployment]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3215 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\"}],\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4473] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'm0TwcpMBL52mudecKO5F'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4440 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"]}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"name\":\"dev-alb-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4118] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'n0TwcpMBL52mudecKO5F'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4079 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"name\":\"dev-flow-logs-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"]}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3929] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'okTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3889 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"devops-alb-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\",\"Action\":\"s3:GetBucketAcl\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4175] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'pUTwcpMBL52mudecKO5F'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4136 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"name\":\"devops-flow-logs-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3977] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'qETwcpMBL52mudecKO5F'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3937 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"]},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"]}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"name\":\"poc-alb-afrxhcnr\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4118] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'sETwcpMBL52mudecKO5F'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4079 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"name\":\"poc-flow-logs-afrxhcnr\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3929] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 's0TwcpMBL52mudecKO5F'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3889 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}],\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"qa-alb-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}]}},\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4099] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 't0TwcpMBL52mudecKO5F'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4060 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3913] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ukTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3873 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"category\":\"infrastructure\"},\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5061] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'wUTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5024 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5061] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'wkTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5024 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5033] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'w0TwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4996 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"]},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5120] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'xETwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5083 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"}},\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3956] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'xUTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3922 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"agent\":{\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\"},{\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"name\":\"tin-cdr-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4770] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ykTwcpMBL52mudecKO5F'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4733 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T14:22:42.325+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T13:22:31.338Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"60322271-0435-400d-8642-064ea1b0489b\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"]},{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\",\"Action\":\"s3:ListBucket\"},{\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"name\":\"tf-state-bucket-test-infra\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3643] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '1kTwcpMBL52mudecKO5F'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3577 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.146+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"asset\":{\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5465] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '5UUYc5MBL52mudec4hH0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5428 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\"},{\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"name\":\"tf-state-bucket-test-infra\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}},{\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}}],\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4184] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '5kUYc5MBL52mudec4hH0'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4118 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"amir-cf\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"}}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::amir-cf\"],\"name\":\"amir-cf\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"],\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3223] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '50UYc5MBL52mudec4hH0'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3213 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5705] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '6EUYc5MBL52mudec4hH0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5668 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"]}],\"agent\":{\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5497] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '6UUYc5MBL52mudec4hH0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5460 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5455] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '6kUYc5MBL52mudec4hH0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5418 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"]},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5693] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '60UYc5MBL52mudec4hH0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5656 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"name\":\"aws-cloudtrail-logs-opa-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:6616] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '7EUYc5MBL52mudec4hH0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:6579 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]}}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\",\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"name\":\"buildsecurity-tfstate\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:3842] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '7kUYc5MBL52mudec4hH0'. Preview of field's value: '{AWS=[arn:aws:iam::704479110758:user/terraform-deployment, AIDA476ILCEFBVRUJXNFV]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:3756 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}},{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\"},\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5014] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '8EUYc5MBL52mudec4hH0'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4981 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}}}}},\"asset\":{\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"name\":\"dev-alb-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4659] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '9EUYc5MBL52mudec4hH0'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4620 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"name\":\"dev-flow-logs-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4470] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '90UYc5MBL52mudec4hH0'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4430 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"name\":\"devops-alb-m04ivw2j\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4716] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '-kUYc5MBL52mudec4hH0'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4677 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.147+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"name\":\"devops-flow-logs-m04ivw2j\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4518] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '_UUYc5MBL52mudec4hH0'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4478 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"]},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"name\":\"poc-alb-afrxhcnr\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"]}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4659] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'BUUYc5MBL52mudec4hL0'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4620 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"resource_policies\":[{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"name\":\"poc-flow-logs-afrxhcnr\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4470] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'CEUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4430 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false}},\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"name\":\"qa-alb-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4640] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'DEUYc5MBL52mudec4hL0'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4601 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"]}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4454] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'D0UYc5MBL52mudec4hL0'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4414 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"]},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\"},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5211] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'IkUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5174 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5476] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'I0UYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5439 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5420] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'JEUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5383 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5747] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'JUUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5710 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4666] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'JkUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4629 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"},{\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\",\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true}},\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"]},{\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:6351] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'KUUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:6314 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\"},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5575] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'LUUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5538 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\"},{\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\"},{\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"name\":\"tin-config-test\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5470] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'LkUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5437 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}}},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5602] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'L0UYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5565 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5602] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MEUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5565 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5574] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MUUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5537 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5661] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MkUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5624 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"}}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:4497] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'M0UYc5MBL52mudec4hL0'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:4463 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-28T15:07:11.148+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-28T14:07:01.073Z\",\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"tin-cdr-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::tin-cdr-demo\"]},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"59a65665-398e-48e3-a172-142ba51156b1\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:5311] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'OEUYc5MBL52mudec4hL0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:5274 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.110+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"raw\":{\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"]},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1990] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'LrQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1953 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2066] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'L7QfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2029 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\"},\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2042] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MLQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2005 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\",\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2161] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MbQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2124 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1752] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MrQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1715 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"related_entity_id\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"},{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\"}],\"Version\":\"2012-10-17\"}},\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"},{\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"}}],\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2311] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'NbQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2274 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false}},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"related_entity_id\":null,\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2109] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ObQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2072 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-config-test\"},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"related_entity_id\":null,\"name\":\"tin-config-test\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"}},{\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1994] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'OrQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1961 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"resource_policies\":[{\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"],\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"}}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::amir-cf\"],\"name\":\"amir-cf\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"amir-cf\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1153] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'O7QfjJMBOaTiDQUWMpkW'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1143 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"sub_type\":\"s3-bucket\",\"tags\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}}},{\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2143] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'PLQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2106 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2075] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'PbQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2038 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2057] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'PrQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2020 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null},\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2160] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'P7QfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2123 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"asset\":{\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-opa-demo\"},\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"name\":\"aws-cloudtrail-logs-opa-demo\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"]},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2365] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QLQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2328 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\"},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"name\":\"buildsecurity-tfstate\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\",\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"]}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"version\":\"2012-10-17\",\"id\":\"1\"}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1462] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QrQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{AWS=[AIDA476ILCEFBVRUJXNFV, arn:aws:iam::704479110758:user/terraform-deployment]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1376 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"asset\":{\"related_entity_id\":null,\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"sub_category\":\"storage\",\"raw\":{\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}},{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\"},{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\"},{\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1849] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'RLQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1816 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"]}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"related_entity_id\":null,\"name\":\"dev-alb-5td21grs\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1735] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'SLQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1696 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"related_entity_id\":null,\"name\":\"dev-flow-logs-5td21grs\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1708] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'S7QfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1668 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\",\"Action\":\"s3:GetBucketAcl\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\"},\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"name\":\"devops-alb-m04ivw2j\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1759] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'TrQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1720 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"asset\":{\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\"},\"category\":\"infrastructure\",\"related_entity_id\":null,\"name\":\"devops-flow-logs-m04ivw2j\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"]}],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1729] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'UbQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1689 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"asset\":{\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"poc-alb-afrxhcnr\",\"tags\":null,\"raw\":{\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1735] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'WbQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1696 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"related_entity_id\":null,\"name\":\"poc-flow-logs-afrxhcnr\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1708] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'XLQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1668 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"raw\":{\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"related_entity_id\":null,\"name\":\"qa-alb-h9nrpcij\",\"type\":\"object-storage\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1727] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'YLQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1688 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"]}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"related_entity_id\":null,\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1701] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Y7QfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1661 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"]},{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"tf-state-bucket-test-infra\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\",\"Action\":[\"s3:GetObject\",\"s3:PutObject\"]}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"related_entity_id\":null,\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1538] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'bLQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1472 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sub_category\":\"storage\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"tags\":null,\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2120] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'bbQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2083 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552557\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2120] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'brQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2083 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2108] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'b7QfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2071 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"related_entity_id\":null,\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2146] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'cLQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2109 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\"},\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1763] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'cbQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1729 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"tin-cdr-demo\"},\"name\":\"tin-cdr-demo\",\"category\":\"infrastructure\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1970] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'drQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1933 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.663Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck\",\"Action\":[\"s3:ListBucket\",\"s3:GetBucketAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"version\":\"2012-10-17\"},{\"id\":\"AWSCloudTrailWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1795] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'eLQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1758 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:44:35.113+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:44:24.664Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"Version\":\"2012-10-17\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"]},{\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"72c66a98-dd3a-4e37-9ff7-e7dc702c54a0\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2046] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'fbQfjJMBOaTiDQUWMpkW'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2009 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.505+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite\"}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"Sid\":\"AWSCloudTrailAclCheck\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"sse_algorithm\":\"AES256\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1795] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'YrQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1758 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}]}},\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"type\":\"object-storage\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2046] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Z7QmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2009 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"type\":\"object-storage\",\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"]},{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1990] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'c7QmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1953 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"type\":\"object-storage\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sse_algorithm\":\"AES256\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2066] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'dLQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2029 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"tags\":null,\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2042] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'dbQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2005 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\"},\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2161] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'drQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2124 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"]},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1752] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'd7QmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1715 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"related_entity_id\":null,\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\"},{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sub_category\":\"storage\"},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"}}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2311] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'erQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2274 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"related_entity_id\":null,\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2109] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'frQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2072 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\"},{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"tin-config-test\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"related_entity_id\":null},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1994] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'f7QmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1961 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\"},\"asset\":{\"id\":[\"arn:aws:s3:::amir-cf\"],\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"amir-cf\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\",\"Action\":\"s3:GetObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"related_entity_id\":null,\"name\":\"amir-cf\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"]}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1153] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'gLQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1143 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"]},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"related_entity_id\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2143] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'gbQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2106 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"asset\":{\"type\":\"object-storage\",\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"sub_category\":\"storage\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2075] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'grQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2038 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"agent\":{\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"]},{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2057] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'g7QmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2020 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"asset\":{\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"related_entity_id\":null,\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2160] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'hLQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2123 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"agent\":{\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"]},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2365] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'hbQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2328 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]}}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"name\":\"buildsecurity-tfstate\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1462] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'h7QmjJMBOaTiDQUWjqDd'. Preview of field's value: '{AWS=[AIDA476ILCEFBVRUJXNFV, arn:aws:iam::704479110758:user/terraform-deployment]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1376 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\"},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"]}],\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"name\":\"config-bucket-704479110758\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"},{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1849] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ibQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1816 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"]}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"related_entity_id\":null,\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"dev-alb-5td21grs\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1735] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'jbQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1696 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"related_entity_id\":null,\"sub_category\":\"storage\",\"tags\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"name\":\"dev-flow-logs-5td21grs\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1708] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'kLQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1668 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"asset\":{\"name\":\"devops-alb-m04ivw2j\",\"sub_category\":\"storage\",\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1759] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'k7QmjJMBOaTiDQUWjqDd'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1720 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"related_entity_id\":null,\"name\":\"devops-flow-logs-m04ivw2j\",\"category\":\"infrastructure\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\"}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1729] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'lrQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1689 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"]},{\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"related_entity_id\":null,\"name\":\"poc-alb-afrxhcnr\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\"},\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1735] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'nrQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1696 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"asset\":{\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"related_entity_id\":null,\"name\":\"poc-flow-logs-afrxhcnr\",\"category\":\"infrastructure\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1708] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'obQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1668 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"asset\":{\"related_entity_id\":null,\"name\":\"qa-alb-h9nrpcij\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1727] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'pbQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1688 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\"}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"qa-flow-logs-h9nrpcij\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1701] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'qLQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1661 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\"},{\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\",\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true}},\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"related_entity_id\":null,\"sub_type\":\"s3-bucket\",\"tags\":null,\"name\":\"tf-state-bucket-test-infra\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"]}],\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1538] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'sLQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1472 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2120] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'sbQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2083 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"category\":\"infrastructure\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"type\":\"object-storage\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2120] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'srQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2083 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"agent\":{\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"raw\":{\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2108] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 's7QmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2071 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}}},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2146] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'tLQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2109 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"related_entity_id\":null,\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sub_type\":\"s3-bucket\",\"tags\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1763] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'tbQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1729 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T11:52:37.506+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T10:52:27.463Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"eb208613-581f-476f-a62d-61c64ef50cca\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"Action\":\"s3:GetBucketAcl\"},{\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"related_entity_id\":null,\"name\":\"tin-cdr-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1970] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'urQmjJMBOaTiDQUWjqDd'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1933 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.130+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"asset\":{\"name\":\"amir-cf\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::amir-cf\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"amir-cf\"},\"related_entity_id\":null},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"]}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1523] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ObQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1513 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.131+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\"},{\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true}},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2513] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'OrQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2476 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.131+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"category\":\"infrastructure\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"related_entity_id\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2445] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'O7QxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2408 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.131+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2427] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'PLQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2390 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.131+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}}},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sub_category\":\"storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2530] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'PbQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2493 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.131+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-opa-demo\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2735] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'PrQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2698 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.131+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]},\"version\":\"2012-10-17\",\"id\":\"1\"}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"buildsecurity-tfstate\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\",\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1832] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QLQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{AWS=[arn:aws:iam::704479110758:user/terraform-deployment, AIDA476ILCEFBVRUJXNFV]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1746 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.131+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"agent\":{\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"config-bucket-704479110758\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\"},{\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"sub_type\":\"s3-bucket\",\"tags\":null,\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2219] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QrQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2186 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.131+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"name\":\"dev-alb-5td21grs\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"related_entity_id\":null,\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2105] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'RrQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2066 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.131+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"]}],\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"category\":\"infrastructure\",\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"related_entity_id\":null,\"name\":\"dev-flow-logs-5td21grs\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2078] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'SbQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2038 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.131+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"tags\":null,\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"name\":\"devops-alb-m04ivw2j\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2129] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'TLQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2090 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"asset\":{\"related_entity_id\":null,\"name\":\"devops-flow-logs-m04ivw2j\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\"},\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2099] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'T7QxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2059 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"]}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"name\":\"poc-alb-afrxhcnr\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2105] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'V7QxjJMBOaTiDQUWZr2s'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2066 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"related_entity_id\":null,\"name\":\"poc-flow-logs-afrxhcnr\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2078] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'WrQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2038 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"name\":\"qa-alb-h9nrpcij\",\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"related_entity_id\":null,\"tags\":null},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2097] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'XrQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2058 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"asset\":{\"tags\":null,\"raw\":{\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"related_entity_id\":null,\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"]},{\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2071] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'YbQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2031 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"asset\":{\"related_entity_id\":null,\"name\":\"tf-state-bucket-test-infra\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\",\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-3\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"]},{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"category\":\"infrastructure\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1908] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'crQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1842 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"Action\":\"s3:GetBucketAcl\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2360] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'dbQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2323 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"asset\":{\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2436] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'drQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2399 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}}},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2412] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'd7QxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2375 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2531] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'eLQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2494 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\"},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2122] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ebQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2085 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"},{\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"}}],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"},{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2681] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'fLQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2644 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"asset\":{\"tags\":null,\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2479] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'gLQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2442 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"type\":\"object-storage\",\"name\":\"tin-config-test\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}}},{\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\"},{\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}}},{\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\"},{\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2364] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'gbQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2331 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2490] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'grQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2453 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2490] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'g7QxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2453 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"related_entity_id\":null,\"type\":\"object-storage\",\"tags\":null,\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2478] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'hLQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2441 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2516] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'hbQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2479 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AmazonBedrockLogsWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"}},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2133] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'hrQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2099 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"]},{\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"name\":\"tin-cdr-demo\",\"tags\":null,\"raw\":{\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\"},{\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2340] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'i7QxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2303 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"Sid\":\"AWSCloudTrailAclCheck\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"sse_algorithm\":\"AES256\"},\"related_entity_id\":null,\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"id\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"type\":\"object-storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2165] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'jbQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2128 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T12:04:28.132+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T11:04:18.054Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"tags\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"related_entity_id\":null,\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"9ee6b5f9-827e-4c7d-86f0-b0d213625b07\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2416] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'krQxjJMBOaTiDQUWZr2s'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2379 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:50:13.837+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:50:01.196Z\",\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-fail\":{\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"category\":\"infrastructure\"}}},\"asset\":{\"related_entity_id\":null,\"name\":\"test-aws-sec-transport-fail\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"test-aws-sec-transport-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\",\"Sid\":\"Rule2_1_2_fail\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"},\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"type\":\"object-storage\",\"tags\":null,\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"b6635847-a2d0-4df7-aeba-15908eedb192\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"id\":\"Rule2_1_2_fail\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-fail/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1399] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:50:13.840+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:50:01.196Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_no_statement\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\"],\"condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}}}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"}}}},\"asset\":{\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"Effect\":\"Deny\",\"Principal\":\"*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sse_algorithm\":\"AES256\"},\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"name\":\"test-aws-sec-transport-no-condition-fail\",\"category\":\"infrastructure\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"b6635847-a2d0-4df7-aeba-15908eedb192\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1542] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:50:13.840+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:50:01.196Z\",\"agent\":{\"ephemeral_id\":\"b6635847-a2d0-4df7-aeba-15908eedb192\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sse-s3-pass\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"name\":\"test-aws-sse-s3-pass\",\"sub_category\":\"storage\",\"raw\":{\"Region\":\"eu-west-2\",\"name\":\"test-aws-sse-s3-pass\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\",\"Sid\":\"Rule2_1_2\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sse-s3-pass/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1361] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:50:13.840+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:50:01.196Z\",\"asset\":{\"category\":\"infrastructure\",\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-allure-reports\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AddPerm\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"related_entity_id\":null,\"name\":\"csp-allure-reports\",\"tags\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"b6635847-a2d0-4df7-aeba-15908eedb192\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"],\"version\":\"2012-10-17\",\"id\":\"AddPerm\",\"effect\":\"Allow\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:GetObject\"]}],\"related.entity\":[\"arn:aws:s3:::csp-allure-reports\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::csp-allure-reports\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1291] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:50:13.840+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:50:01.196Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"b6635847-a2d0-4df7-aeba-15908eedb192\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"],\"Sid\":\"AllowTLSRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"related_entity_id\":null,\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowTLSRequestsOnly\"}],\"related.entity\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1535] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:50:13.840+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:50:01.196Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AllowSSLRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"related.entity\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"],\"Sid\":\"AllowSSLRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"}},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"b6635847-a2d0-4df7-aeba-15908eedb192\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1490] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.740+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.441Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"type\":\"object-storage\",\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2360] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'rww5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2323 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.441Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\"}},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2436] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'sAw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2399 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.441Z\",\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\"},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}}},\"asset\":{\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2412] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'sQw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2375 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.441Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\",\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2531] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'sgw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2494 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.441Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}]},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"type\":\"object-storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2122] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'sww5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2085 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.441Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"},{\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\",\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"}}],\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2681] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'tgw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2644 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}}},\"asset\":{\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\"},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"agent\":{\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2479] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ugw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2442 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"asset\":{\"name\":\"tin-config-test\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::tin-config-test\"],\"related_entity_id\":null,\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}}},{\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null},\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"}},{\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"}},{\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2364] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'uww5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2331 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"name\":\"tf-state-bucket-test-infra\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"related_entity_id\":null,\"type\":\"object-storage\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\"},{\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\"}]}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"]}],\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1908] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'xww5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1842 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::amir-cf/*\"],\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"]}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::amir-cf\"],\"name\":\"amir-cf\",\"sub_category\":\"storage\",\"related_entity_id\":null,\"category\":\"infrastructure\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"amir-cf\",\"sse_algorithm\":\"AES256\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1523] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'yAw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1513 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}}},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2513] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'yQw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2476 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"category\":\"infrastructure\"}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"raw\":{\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\"},\"related_entity_id\":null,\"sub_type\":\"s3-bucket\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2445] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ygw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2408 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\"},{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2427] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'yww5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2390 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\"},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"sub_category\":\"storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2530] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'zAw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2493 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"agent\":{\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-opa-demo\"},\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-opa-demo\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2735] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'zQw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2698 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"1\",\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"]}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\"},\"name\":\"buildsecurity-tfstate\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]}}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1832] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'zww5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{AWS=[arn:aws:iam::704479110758:user/terraform-deployment, AIDA476ILCEFBVRUJXNFV]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1746 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"name\":\"config-bucket-704479110758\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\"},{\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2219] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '0Qw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2186 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"category\":\"infrastructure\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"dev-alb-5td21grs\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"]}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"agent\":{\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2105] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '1Qw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2066 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"category\":\"infrastructure\"}}},\"asset\":{\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"name\":\"dev-flow-logs-5td21grs\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2078] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '2Aw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2038 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"devops-alb-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2129] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '2ww5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2090 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"related_entity_id\":null,\"name\":\"devops-flow-logs-m04ivw2j\",\"type\":\"object-storage\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"}},\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2099] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '3gw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2059 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"}},\"related_entity_id\":null,\"name\":\"poc-alb-afrxhcnr\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2105] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '5gw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2066 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"resource_policies\":[{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"]}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}]}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2078] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '6Qw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2038 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}],\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"category\":\"infrastructure\"}}},\"asset\":{\"name\":\"qa-alb-h9nrpcij\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2097] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '7Qw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2058 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"raw\":{\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\"}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2071] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '8Aw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2031 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552556\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2490] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '9ww5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2453 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\"},\"asset\":{\"sub_category\":\"storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}}},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552557\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552557\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2490] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '-Aw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2453 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2478] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '-Qw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2441 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2516] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '-gw5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2479 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"tags\":null,\"related_entity_id\":null,\"sub_category\":\"storage\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2133] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '-ww5jZMBcCpMDCGJ4_Fu'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2099 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"related_entity_id\":null,\"name\":\"tin-cdr-demo\",\"type\":\"object-storage\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2340] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'AAw5jZMBcCpMDCGJ4_Ju'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2303 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"agent\":{\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck\",\"effect\":\"Allow\"},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"Sid\":\"AWSCloudTrailAclCheck\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"sse_algorithm\":\"AES256\"},\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2165] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Agw5jZMBcCpMDCGJ4_Ju'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2128 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-03T16:53:21.743+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-03T15:53:09.442Z\",\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\"},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"related_entity_id\":null,\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"0acfe8eb-0677-40d0-bc09-63f192b91822\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2416] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Bww5jZMBcCpMDCGJ4_Ju'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2379 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.805+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"asset\":{\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"related_entity_id\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2378] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '8a3QkZMBPgajyL8VLIrg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2341 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.807+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"related_entity_id\":null,\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2454] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '8q3QkZMBPgajyL8VLIrg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2417 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.807+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true}}},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2430] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '863QkZMBPgajyL8VLIrg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2393 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.807+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\",\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\"},{\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"related_entity_id\":null,\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2549] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '9K3QkZMBPgajyL8VLIrg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2512 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"tags\":null,\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"related_entity_id\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"}},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2140] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '9a3QkZMBPgajyL8VLIrg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2103 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\"},{\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"},{\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"},{\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\",\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sub_category\":\"storage\",\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2699] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '-K3QkZMBPgajyL8VLIrg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2662 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"category\":\"infrastructure\"}}},\"asset\":{\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sub_category\":\"storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2497] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '_K3QkZMBPgajyL8VLIrg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2460 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-config-test\"},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"related_entity_id\":null,\"name\":\"tin-config-test\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\"},{\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"related.entity\":[\"arn:aws:s3:::tin-config-test\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2382] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '_a3QkZMBPgajyL8VLIrg'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2349 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"resource_policies\":[{\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"],\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"amir-cf\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"amir-cf\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::amir-cf\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1541] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '_q3QkZMBPgajyL8VLIrg'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1531 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2531] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '_63QkZMBPgajyL8VLIrg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2494 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\"},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\"},\"related_entity_id\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2463] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'AK3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2426 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}}},{\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2445] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Aa3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2408 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true}},\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"type\":\"object-storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2548] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Aq3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2511 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"]},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2753] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'A63QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2716 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"asset\":{\"name\":\"buildsecurity-tfstate\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"related_entity_id\":null,\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null},\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]}}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1850] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Ba3QkZMBPgajyL8VLIvg'. Preview of field's value: '{AWS=[arn:aws:iam::704479110758:user/terraform-deployment, AIDA476ILCEFBVRUJXNFV]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1764 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"category\":\"infrastructure\",\"raw\":{\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}},{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\"},{\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"related_entity_id\":null,\"name\":\"config-bucket-704479110758\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2237] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'B63QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2204 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}}}}},\"asset\":{\"name\":\"dev-alb-5td21grs\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2123] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'C63QkZMBPgajyL8VLIvg'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2084 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"dev-flow-logs-5td21grs\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2096] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Dq3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2056 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"related_entity_id\":null,\"name\":\"devops-alb-m04ivw2j\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2147] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Ea3QkZMBPgajyL8VLIvg'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2108 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"name\":\"devops-flow-logs-m04ivw2j\",\"sub_category\":\"storage\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\"}]},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2117] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'FK3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2077 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"]}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"category\":\"infrastructure\"}}},\"asset\":{\"name\":\"poc-alb-afrxhcnr\",\"sub_category\":\"storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\",\"Action\":\"s3:GetBucketAcl\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\"},\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2123] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'HK3QkZMBPgajyL8VLIvg'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2084 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"poc-flow-logs-afrxhcnr\",\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2096] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'H63QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2056 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}}}}},\"asset\":{\"tags\":null,\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"name\":\"qa-alb-h9nrpcij\",\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null}},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2115] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'I63QkZMBPgajyL8VLIvg'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2076 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-flow-logs-h9nrpcij\"},\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2089] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Jq3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2049 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"type\":\"object-storage\",\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"category\":\"infrastructure\"}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552556\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2508] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'La3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2471 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}}},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2508] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Lq3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2471 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"raw\":{\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2496] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'L63QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2459 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"asset\":{\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2534] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MK3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2497 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"asset\":{\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2151] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Ma3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2117 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"}}}},\"asset\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"name\":\"tin-cdr-demo\",\"related_entity_id\":null,\"sub_category\":\"storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::tin-cdr-demo\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2358] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Nq3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2321 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"Sid\":\"AWSCloudTrailAclCheck\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2183] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'OK3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2146 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"asset\":{\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sub_category\":\"storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2434] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Pa3QkZMBPgajyL8VLIvg'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2397 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:15:59.808+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:15:49.235Z\",\"asset\":{\"related_entity_id\":null,\"name\":\"tf-state-bucket-test-infra\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\"},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\",\"Action\":[\"s3:GetObject\",\"s3:PutObject\"]}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"tags\":null,\"type\":\"object-storage\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"f7a0a5cf-9fdb-488f-9f64-1e30d3956c93\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-3\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"]}],\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1926] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'P63QkZMBPgajyL8VLIvg'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1860 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.516+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"category\":\"infrastructure\",\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"]},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2378] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'J5DmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2341 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"sub_category\":\"storage\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2454] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'KJDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2417 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2430] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'KZDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2393 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\",\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2549] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'KpDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2512 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2140] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'K5DmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2103 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"asset\":{\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"related_entity_id\":null,\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sub_category\":\"storage\",\"tags\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"},{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2699] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'LpDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2662 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"}},\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"related_entity_id\":null,\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2497] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MpDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2460 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}},{\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-config-test\"},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"name\":\"tin-config-test\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2382] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'M5DmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2349 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_category\":\"storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\"},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552556\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2508] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'NJDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2471 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2508] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'NZDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2471 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}}},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2496] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'NpDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2459 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.535Z\",\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sub_category\":\"storage\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2534] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'N5DmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2497 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"sub_category\":\"storage\",\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"related_entity_id\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\"},\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2151] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'OJDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2117 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"category\":\"infrastructure\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"related_entity_id\":null,\"name\":\"tin-cdr-demo\",\"sub_category\":\"storage\",\"raw\":{\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}}},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2358] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'PZDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2321 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\"},{\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\"}],\"Version\":\"2012-10-17\"}},\"related_entity_id\":null,\"name\":\"tf-state-bucket-test-infra\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"]},{\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1926] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QJDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1860 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"]}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}}},\"asset\":{\"name\":\"amir-cf\",\"sub_category\":\"storage\",\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"amir-cf\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"Statement1\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::amir-cf\"]}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1541] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QZDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1531 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2531] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QpDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2494 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\"},{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2463] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Q5DmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2426 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"},{\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\"},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2445] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'RJDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2408 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}}},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sub_category\":\"storage\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2548] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'RZDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2511 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}}},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}}},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2753] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'RpDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2716 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"tags\":null,\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"related_entity_id\":null,\"name\":\"buildsecurity-tfstate\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"1\",\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"]}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]}}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1850] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'SJDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{AWS=[AIDA476ILCEFBVRUJXNFV, arn:aws:iam::704479110758:user/terraform-deployment]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1764 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.519+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\"},{\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2237] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'SpDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2204 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.520+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"name\":\"dev-alb-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"related_entity_id\":null,\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2123] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'TpDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2084 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.520+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}}}}},\"asset\":{\"name\":\"dev-flow-logs-5td21grs\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"},{\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2096] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'UZDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2056 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.520+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\"},\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"related_entity_id\":null,\"sub_type\":\"s3-bucket\",\"name\":\"devops-alb-m04ivw2j\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2147] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'VJDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2108 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.520+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"agent\":{\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"]},{\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2117] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'V5DmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2077 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.520+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"name\":\"poc-alb-afrxhcnr\",\"type\":\"object-storage\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2123] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'X5DmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2084 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.520+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\"},{\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"name\":\"poc-flow-logs-afrxhcnr\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"]}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2096] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'YpDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2056 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.520+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"asset\":{\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"related_entity_id\":null,\"name\":\"qa-alb-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2115] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ZpDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2076 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.520+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"asset\":{\"name\":\"qa-flow-logs-h9nrpcij\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"]}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2089] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'aZDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2049 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.520+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\"},\"cloud\":{\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck\"},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"id\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"Sid\":\"AWSCloudTrailAclCheck\",\"Action\":[\"s3:ListBucket\",\"s3:GetBucketAcl\"],\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"},\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2183] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'cJDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2146 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:40:07.520+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:39:56.536Z\",\"asset\":{\"related_entity_id\":null,\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"6c3091f1-16d7-479f-89c8-db2c193a0e5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2434] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'dZDmkZMB_WcMW9U0Q2t1'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2397 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:51:16.458+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:48:02.486Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"],\"Sid\":\"AllowTLSRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":true}},\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"related_entity_id\":null,\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AllowTLSRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"related.entity\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"08fd9cfc-210e-44fd-ad47-b2f1ee0896c5\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1903] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:51:16.461+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:48:02.486Z\",\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"08fd9cfc-210e-44fd-ad47-b2f1ee0896c5\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowSSLRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"raw\":{\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AllowSSLRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"]}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"},\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1849] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:51:16.461+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:48:02.486Z\",\"related.entity\":[\"arn:aws:s3:::csp-allure-reports\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::csp-allure-reports\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"08fd9cfc-210e-44fd-ad47-b2f1ee0896c5\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"asset\":{\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"related_entity_id\":null,\"name\":\"csp-allure-reports\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AddPerm\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-allure-reports\",\"sse_algorithm\":\"AES256\"},\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AddPerm\",\"effect\":\"Allow\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1622] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:51:16.462+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:48:02.486Z\",\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Rule2_1_2_fail\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"name\":\"test-aws-sec-transport-fail\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"08fd9cfc-210e-44fd-ad47-b2f1ee0896c5\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-fail/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_fail\"}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1739] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:51:16.467+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:48:02.486Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"*\":\"*\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\"],\"condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_no_statement\",\"effect\":\"Deny\"}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"name\":\"test-aws-sec-transport-no-condition-fail\",\"type\":\"object-storage\",\"raw\":{\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"08fd9cfc-210e-44fd-ad47-b2f1ee0896c5\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1895] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T14:51:16.467+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T13:48:02.486Z\",\"asset\":{\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sse-s3-pass\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\",\"Sid\":\"Rule2_1_2\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"Version\":\"2012-10-17\"}},\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"name\":\"test-aws-sse-s3-pass\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"08fd9cfc-210e-44fd-ad47-b2f1ee0896c5\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::test-aws-sse-s3-pass/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sse-s3-pass\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1694] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.423+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"related_entity_id\":null,\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"]},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2378] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Ey4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2341 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"agent\":{\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"tags\":null,\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2454] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'FC4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2417 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"category\":\"infrastructure\",\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2430] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'FS4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2393 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2549] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Fi4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2512 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2140] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Fy4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2103 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"},{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\"},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"]},{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\"}],\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2699] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Gi4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2662 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"tags\":null,\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2497] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Hi4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2460 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"resource_policies\":[{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\"},{\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::tin-config-test\"],\"related_entity_id\":null,\"name\":\"tin-config-test\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\"},{\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}},{\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2382] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Hy4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2349 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"amir-cf\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::amir-cf\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"name\":\"amir-cf\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1541] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'IC4BkpMBUejDGVGIBxE0'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1531 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\"},{\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2531] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'IS4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2494 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"category\":\"infrastructure\"}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true}},\"related_entity_id\":null,\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2463] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Ii4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2426 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sub_category\":\"storage\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2445] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Iy4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2408 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\"},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2548] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'JC4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2511 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.426+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true}},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-opa-demo\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2753] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'JS4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2716 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"resource_policies\":[{\"principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"buildsecurity-tfstate\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"type\":\"object-storage\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1850] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Jy4BkpMBUejDGVGIBxE0'. Preview of field's value: '{AWS=[AIDA476ILCEFBVRUJXNFV, arn:aws:iam::704479110758:user/terraform-deployment]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1764 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\"},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"]}],\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"sub_type\":\"s3-bucket\",\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2237] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'KS4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2204 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"]}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"related_entity_id\":null,\"name\":\"dev-alb-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2123] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'LS4BkpMBUejDGVGIBxE0'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2084 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"name\":\"dev-flow-logs-5td21grs\",\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\"}],\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2096] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MC4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2056 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"related_entity_id\":null,\"name\":\"devops-alb-m04ivw2j\",\"sub_category\":\"storage\",\"tags\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2147] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'My4BkpMBUejDGVGIBxE0'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2108 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"related_entity_id\":null,\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null},\"name\":\"devops-flow-logs-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2117] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Ni4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2077 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"asset\":{\"related_entity_id\":null,\"sub_category\":\"storage\",\"raw\":{\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"tags\":null,\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"name\":\"poc-alb-afrxhcnr\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2123] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Pi4BkpMBUejDGVGIBxE0'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2084 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"]}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"poc-flow-logs-afrxhcnr\",\"sub_category\":\"storage\",\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2096] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QS4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2056 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"type\":\"object-storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\"},\"related_entity_id\":null,\"name\":\"qa-alb-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2115] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'RS4BkpMBUejDGVGIBxE0'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2076 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"related_entity_id\":null,\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2089] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'SC4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2049 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"asset\":{\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"name\":\"tf-state-bucket-test-infra\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\"},{\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\",\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\"},\"related_entity_id\":null,\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"]}],\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1926] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'UC4BkpMBUejDGVGIBxE0'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1860 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true}},\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2508] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'US4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2471 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"]},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2508] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Ui4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2471 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"agent\":{\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2496] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Uy4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2459 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2534] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'VC4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2497 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"raw\":{\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AmazonBedrockLogsWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"resource_policies\":[{\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\"}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2151] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'VS4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2117 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"sub_category\":\"storage\",\"tags\":null,\"related_entity_id\":null,\"name\":\"tin-cdr-demo\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}]},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2358] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Wi4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2321 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"asset\":{\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"Sid\":\"AWSCloudTrailAclCheck\"},{\"Sid\":\"AWSCloudTrailWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"sse_algorithm\":\"AES256\"},\"related_entity_id\":null,\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\":{\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2183] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'XC4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2146 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:09:21.427+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:09:10.720Z\",\"asset\":{\"related_entity_id\":null,\"tags\":null,\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\"}},\"cloud\":{\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}}}],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"70b9b662-0017-4638-9b76-4ff65eea64cd\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2434] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'YS4BkpMBUejDGVGIBxE0'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2397 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:35:49.640+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:35:38.406Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AllowTLSRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"related.entity\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"48ab4c66-f1b8-4c13-96dd-2d7026a738a6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"],\"Sid\":\"AllowTLSRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true}},\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"related_entity_id\":null,\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1903] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:35:49.643+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:35:38.406Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AllowSSLRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"related.entity\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"48ab4c66-f1b8-4c13-96dd-2d7026a738a6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"category\":\"infrastructure\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"],\"Sid\":\"AllowSSLRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"sse_algorithm\":\"aws:kms\"},\"related_entity_id\":null,\"type\":\"object-storage\",\"tags\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1849] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:35:49.643+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:35:38.406Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"48ab4c66-f1b8-4c13-96dd-2d7026a738a6\"},\"resource_policies\":[{\"id\":\"AddPerm\",\"effect\":\"Allow\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::csp-allure-reports\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::csp-allure-reports\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"csp-allure-reports\",\"category\":\"infrastructure\",\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\",\"Sid\":\"AddPerm\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-allure-reports\"}},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1622] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:35:49.643+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:35:38.406Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-fail/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_fail\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"name\":\"test-aws-sec-transport-fail\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Rule2_1_2_fail\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\"}]}}},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"48ab4c66-f1b8-4c13-96dd-2d7026a738a6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1739] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:35:49.643+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:35:38.406Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"48ab4c66-f1b8-4c13-96dd-2d7026a738a6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_no_statement\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\"],\"condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}}}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1895] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-04T15:35:49.643+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-04T14:35:38.406Z\",\"related.entity\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sse-s3-pass\":{\"type\":\"object-storage\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"category\":\"infrastructure\"}}},\"asset\":{\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"test-aws-sse-s3-pass\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\",\"Sid\":\"Rule2_1_2\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"},\"related_entity_id\":null,\"name\":\"test-aws-sse-s3-pass\",\"category\":\"infrastructure\",\"type\":\"object-storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"48ab4c66-f1b8-4c13-96dd-2d7026a738a6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"Elastics-Macbook-Pro.local\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sse-s3-pass/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1694] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T15:40:47.017+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T14:40:36.261Z\",\"related.entity\":[\"arn:aws:s3:::csp-allure-reports\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::csp-allure-reports\":{\"entity\":{\"name\":\"csp-allure-reports\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-allure-reports\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\",\"Sid\":\"AddPerm\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null}},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"type\":\"object-storage\",\"tags\":null,\"name\":\"csp-allure-reports\",\"sub_category\":\"storage\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\",\"Sid\":\"AddPerm\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\"}]},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-allure-reports\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"3ec0e004-3bd9-4edf-a486-211f8831be5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AddPerm\",\"effect\":\"Allow\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1913] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T15:40:47.019+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T14:40:36.261Z\",\"resource_policies\":[{\"id\":\"Rule2_1_2_fail\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-fail/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-fail\":{\"entity\":{\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"tags\":null,\"related_entity_id\":null,\"name\":\"test-aws-sec-transport-fail\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\",\"Sid\":\"Rule2_1_2_fail\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"Effect\":\"Deny\",\"Principal\":\"*\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"}}}},\"asset\":{\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"name\":\"test-aws-sec-transport-fail\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"name\":\"test-aws-sec-transport-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\",\"Sid\":\"Rule2_1_2_fail\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"3ec0e004-3bd9-4edf-a486-211f8831be5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2190] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T15:40:47.020+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T14:40:36.261Z\",\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"3ec0e004-3bd9-4edf-a486-211f8831be5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_no_statement\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\"],\"condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}}}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\":{\"entity\":{\"name\":\"test-aws-sec-transport-no-condition-fail\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sub_category\":\"storage\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"related_entity_id\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2428] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T15:40:47.020+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T14:40:36.261Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::test-aws-sse-s3-pass/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sse-s3-pass\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"name\":\"test-aws-sse-s3-pass\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\",\"Sid\":\"Rule2_1_2\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"},\"related_entity_id\":null,\"name\":\"test-aws-sse-s3-pass\",\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"}}}},\"asset\":{\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\",\"Sid\":\"Rule2_1_2\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sse-s3-pass\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"name\":\"test-aws-sse-s3-pass\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"3ec0e004-3bd9-4edf-a486-211f8831be5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\"},\"cloud\":{\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2120] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T15:40:47.020+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T14:40:36.261Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"3ec0e004-3bd9-4edf-a486-211f8831be5a\"},\"resource_policies\":[{\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowTLSRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\":{\"entity\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"],\"Sid\":\"AllowTLSRequestsOnly\"}]},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"category\":\"infrastructure\",\"related_entity_id\":null,\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"sub_category\":\"storage\",\"related_entity_id\":null,\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"],\"Sid\":\"AllowTLSRequestsOnly\",\"Action\":\"s3:*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":true},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2518] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T15:40:47.020+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T14:40:36.261Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\":{\"entity\":{\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"],\"Sid\":\"AllowSSLRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false}},\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"],\"Sid\":\"AllowSSLRequestsOnly\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"related_entity_id\":null,\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"3ec0e004-3bd9-4edf-a486-211f8831be5a\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AllowSSLRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"related.entity\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2429] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:04:44.996+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:04:34.056Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"ddc4e890-1935-4eee-9a4b-f669a4ad79f2\"},\"resource_policies\":[{\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowTLSRequestsOnly\"}],\"related.entity\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\":{\"entity\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AllowTLSRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"]}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"related_entity_id\":null,\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"type\":\"object-storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2013] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:04:44.999+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:04:34.056Z\",\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowSSLRequestsOnly\",\"effect\":\"Deny\"}],\"related.entity\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\":{\"entity\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"],\"Sid\":\"AllowSSLRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"},\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"ddc4e890-1935-4eee-9a4b-f669a4ad79f2\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1959] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:04:44.999+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:04:34.056Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"ddc4e890-1935-4eee-9a4b-f669a4ad79f2\"},\"related.entity\":[\"arn:aws:s3:::csp-allure-reports\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::csp-allure-reports\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"name\":\"csp-allure-reports\",\"sub_category\":\"storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\",\"Sid\":\"AddPerm\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-allure-reports\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"],\"version\":\"2012-10-17\",\"id\":\"AddPerm\",\"effect\":\"Allow\",\"principal\":{\"*\":\"*\"}}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1732] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:04:44.999+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:04:34.056Z\",\"asset\":{\"related_entity_id\":null,\"name\":\"test-aws-sec-transport-fail\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\",\"Sid\":\"Rule2_1_2_fail\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"Effect\":\"Deny\",\"Principal\":\"*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-fail\"},\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"ddc4e890-1935-4eee-9a4b-f669a4ad79f2\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_fail\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-fail/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}}}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-fail\":{\"entity\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1849] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:04:44.999+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:04:34.056Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"ddc4e890-1935-4eee-9a4b-f669a4ad79f2\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_no_statement\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\"],\"condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}}}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\"},\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2005] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:04:44.999+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:04:34.056Z\",\"agent\":{\"ephemeral_id\":\"ddc4e890-1935-4eee-9a4b-f669a4ad79f2\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sse-s3-pass/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"}}],\"related.entity\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sse-s3-pass\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"name\":\"test-aws-sse-s3-pass\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"category\":\"infrastructure\",\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sse-s3-pass\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\",\"Sid\":\"Rule2_1_2\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1804] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:42:52.990+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:42:42.003Z\",\"resource_policies\":[{\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowTLSRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"}}],\"related.entity\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"],\"Sid\":\"AllowTLSRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":true}},\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"aa7054b0-8eb4-472e-b260-7e3259a0a1f4\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2013] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:42:52.993+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:42:42.003Z\",\"related.entity\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"aa7054b0-8eb4-472e-b260-7e3259a0a1f4\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"type\":\"object-storage\",\"tags\":null,\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"],\"Sid\":\"AllowSSLRequestsOnly\",\"Action\":\"s3:*\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"},\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"related_entity_id\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AllowSSLRequestsOnly\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1959] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:42:52.993+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:42:42.003Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"aa7054b0-8eb4-472e-b260-7e3259a0a1f4\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"],\"version\":\"2012-10-17\",\"id\":\"AddPerm\"}],\"related.entity\":[\"arn:aws:s3:::csp-allure-reports\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::csp-allure-reports\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"csp-allure-reports\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"related_entity_id\":null,\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AddPerm\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-allure-reports\"}},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1732] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:42:52.993+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:42:42.003Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"aa7054b0-8eb4-472e-b260-7e3259a0a1f4\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-fail\":{\"entity\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\",\"Sid\":\"Rule2_1_2_fail\",\"Action\":\"s3:*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"name\":\"test-aws-sec-transport-fail\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_fail\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-fail/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1849] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:42:52.993+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:42:42.003Z\",\"asset\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true}},\"related_entity_id\":null},\"cloud\":{\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"aa7054b0-8eb4-472e-b260-7e3259a0a1f4\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\"],\"condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_no_statement\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2005] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-05T16:42:52.993+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-05T15:42:42.003Z\",\"related.entity\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"aa7054b0-8eb4-472e-b260-7e3259a0a1f4\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sse-s3-pass\":{\"entity\":{\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"name\":\"test-aws-sse-s3-pass\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"related_entity_id\":null,\"sub_type\":\"s3-bucket\",\"raw\":{\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sse-s3-pass\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"Rule2_1_2\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"resource\":[\"arn:aws:s3:::test-aws-sse-s3-pass/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1804] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:14:26.225+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:14:15.414Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::csp-allure-reports\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"agent\":{\"ephemeral_id\":\"644c1b4b-8b83-4362-a4bb-d79fe8e264a6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"csp-allure-reports\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"csp-allure-reports\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::csp-allure-reports/allure_reports/*\",\"Sid\":\"AddPerm\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::csp-allure-reports\"],\"related_entity_id\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"principal\":{\"*\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"],\"version\":\"2012-10-17\",\"id\":\"AddPerm\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::csp-allure-reports\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1732] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:14:26.228+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:14:15.415Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\":{\"entity\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"related_entity_id\":null,\"sub_category\":\"storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"],\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\",\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1/*\"],\"Sid\":\"AllowTLSRequestsOnly\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"644c1b4b-8b83-4362-a4bb-d79fe8e264a6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowTLSRequestsOnly\",\"effect\":\"Deny\"}],\"related.entity\":[\"arn:aws:s3:::731a1-terragrunt-example-terraform-state-prod-us-east-1\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2013] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:14:26.228+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:14:15.415Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"resource_policies\":[{\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AllowSSLRequestsOnly\"}],\"related.entity\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"644c1b4b-8b83-4362-a4bb-d79fe8e264a6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"sse_algorithm\":\"aws:kms\",\"bucket_policy\":{\"Statement\":[{\"Principal\":\"*\",\"Resource\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk/*\"],\"Sid\":\"AllowSSLRequestsOnly\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\"}],\"Version\":\"2012-10-17\"}},\"related_entity_id\":null,\"name\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::datadog-forwarder-forwarderbucket-9kwbmmywdjqk\"]}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1959] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:14:26.228+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:14:15.415Z\",\"asset\":{\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"name\":\"test-aws-sec-transport-fail\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"test-aws-sec-transport-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-fail/*\",\"Sid\":\"Rule2_1_2_fail\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"Effect\":\"Deny\",\"Principal\":\"*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-fail/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_fail\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-fail\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-fail\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"644c1b4b-8b83-4362-a4bb-d79fe8e264a6\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1849] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:14:26.228+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:14:15.415Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\":{\"entity\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\",\"name\":\"test-aws-sec-transport-no-condition-fail\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}},\"Effect\":\"Deny\",\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\",\"Sid\":\"Rule2_1_2_no_statement\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2_no_statement\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail/*\"],\"condition\":{\"StringEquals\":{\"s3:RequestObjectTag/Department\":\"CloudPosture\"}}}],\"related.entity\":[\"arn:aws:s3:::test-aws-sec-transport-no-condition-fail\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"644c1b4b-8b83-4362-a4bb-d79fe8e264a6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2005] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:14:26.228+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:14:15.415Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::test-aws-sse-s3-pass\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"test-aws-sse-s3-pass\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Principal\":\"*\",\"Resource\":\"arn:aws:s3:::test-aws-sse-s3-pass/*\",\"Sid\":\"Rule2_1_2\",\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-2\"},\"id\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"related_entity_id\":null,\"name\":\"test-aws-sse-s3-pass\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::test-aws-sse-s3-pass/*\"],\"condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"Rule2_1_2\",\"effect\":\"Deny\",\"principal\":{\"*\":\"*\"},\"action\":[\"s3:*\"]}],\"related.entity\":[\"arn:aws:s3:::test-aws-sse-s3-pass\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"644c1b4b-8b83-4362-a4bb-d79fe8e264a6\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1804] object mapping for [asset.raw.bucket_policy.Statement.Principal] tried to parse field [Principal] as object, but found a concrete value\"}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.103+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"related_entity_id\":null,\"type\":\"object-storage\",\"tags\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2488] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'xoc-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2451 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2564] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'x4c-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2527 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"asset\":{\"related_entity_id\":null,\"sub_category\":\"storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"entity\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2540] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'yIc-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2503 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"entity\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sub_category\":\"storage\",\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\",\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2659] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'yYc-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2622 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"agent\":{\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"]},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}]}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2250] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'yoc-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2213 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\",\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"related_entity_id\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"]},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2809] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'zYc-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2772 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"agent\":{\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}}},{\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\"},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2607] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '0Yc-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2570 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"tin-config-test\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"]},{\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"]}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2492] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '0oc-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2459 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"agent\":{\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"]}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}}},\"asset\":{\"id\":[\"arn:aws:s3:::amir-cf\"],\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\",\"Action\":\"s3:GetObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"amir-cf\"},\"related_entity_id\":null,\"name\":\"amir-cf\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1651] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '04c-nJMBy7hEgelsDXu5'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1641 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\"},{\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2641] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '1Ic-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2604 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"entity\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}}}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"related_entity_id\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2573] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '1Yc-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2536 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sub_category\":\"storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2555] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '1oc-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2518 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"]}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2658] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '14c-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2621 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}}},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"entity\":{\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-opa-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2863] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '2Ic-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2826 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]}}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"name\":\"buildsecurity-tfstate\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"Enabled\":true,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\"}],\"Version\":\"2012-10-17\"}},\"related_entity_id\":null,\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1960] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '2oc-nJMBy7hEgelsDXu5'. Preview of field's value: '{AWS=[AIDA476ILCEFBVRUJXNFV, arn:aws:iam::704479110758:user/terraform-deployment]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1874 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"entity\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"related_entity_id\":null,\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2347] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '3Ic-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2314 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.289Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"entity\":{\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"name\":\"dev-alb-5td21grs\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2233] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '4Ic-nJMBy7hEgelsDXu5'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2194 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\"},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\"}],\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\"},\"related_entity_id\":null,\"name\":\"dev-flow-logs-5td21grs\",\"sub_type\":\"s3-bucket\",\"tags\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2206] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '44c-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2166 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"]},{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"]}],\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"devops-alb-m04ivw2j\",\"type\":\"object-storage\",\"raw\":{\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2257] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '5oc-nJMBy7hEgelsDXu5'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2218 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\"},{\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}}},\"asset\":{\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"name\":\"devops-flow-logs-m04ivw2j\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\"}]}},\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2227] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '6Yc-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2187 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"name\":\"poc-alb-afrxhcnr\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2233] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '8Yc-nJMBy7hEgelsDXu5'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2194 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}}},\"asset\":{\"raw\":{\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\"},\"name\":\"poc-flow-logs-afrxhcnr\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2206] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '9Ic-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2166 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"asset\":{\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"name\":\"qa-alb-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"agent\":{\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2225] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '-Ic-nJMBy7hEgelsDXu5'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2186 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"related_entity_id\":null,\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\",\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2199] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id '-4c-nJMBy7hEgelsDXu5'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2159 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2618] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Aoc-nJMBy7hEgelsDXy5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2581 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"entity\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2618] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'A4c-nJMBy7hEgelsDXy5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2581 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"entity\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"}}}},\"asset\":{\"related_entity_id\":null,\"category\":\"infrastructure\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2606] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'BIc-nJMBy7hEgelsDXy5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2569 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sub_category\":\"storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2644] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'BYc-nJMBy7hEgelsDXy5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2607 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2261] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Boc-nJMBy7hEgelsDXy5'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2227 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\"},{\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"related_entity_id\":null,\"tags\":null,\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\"},{\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\"},\"name\":\"tin-cdr-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2468] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'C4c-nJMBy7hEgelsDXy5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2431 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"version\":\"2012-10-17\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\":{\"cloud\":{\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"Sid\":\"AWSCloudTrailAclCheck\",\"Action\":[\"s3:ListBucket\",\"s3:GetBucketAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"}},\"related_entity_id\":null,\"sub_category\":\"storage\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"id\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2293] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'DYc-nJMBy7hEgelsDXy5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2256 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_type\":\"s3-bucket\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"related_entity_id\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2544] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Eoc-nJMBy7hEgelsDXy5'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2507 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-06T14:52:13.106+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-06T13:52:02.290Z\",\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"entity\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"tf-state-bucket-test-infra\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\",\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}},{\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\"}],\"Version\":\"2012-10-17\"}},\"type\":\"object-storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"e05c8055-6913-4713-8e99-17d6d17c4177\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2036] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'FYc-nJMBy7hEgelsDXy5'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1970 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.710+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"asset\":{\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"related_entity_id\":null,\"name\":\"tf-state-bucket-test-infra\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\",\"Action\":\"s3:ListBucket\"},{\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"]}],\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"asset\":{\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2071] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'FjT5sJMB85hrXsGIbrCc'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2005 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"asset\":{\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"raw\":{\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2653] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'FzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2616 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552557\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"agent\":{\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2653] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'GDT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2616 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"asset\":{\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"raw\":{\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null}},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2641] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'GTT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2604 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2679] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'GjT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2642 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"related_entity_id\":null,\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"category\":\"infrastructure\",\"type\":\"object-storage\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"}},\"version\":\"2012-10-17\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2296] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'GzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2262 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}}},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"tin-cdr-demo\",\"sub_category\":\"storage\",\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"category\":\"infrastructure\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"tin-cdr-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2503] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'IDT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2466 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::amir-cf\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::amir-cf\"],\"related_entity_id\":null,\"name\":\"amir-cf\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\",\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"amir-cf\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"]}],\"related.entity\":[\"arn:aws:s3:::amir-cf\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1686] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'IjT5sJMB85hrXsGIbrCc'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1676 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"related_entity_id\":null,\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2676] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'IzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2639 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"}}}},\"asset\":{\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2608] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'JDT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2571 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"sub_category\":\"storage\",\"tags\":null,\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"category\":\"infrastructure\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2590] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'JTT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2553 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\"},\"related_entity_id\":null,\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2693] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'JjT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2656 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}}},\"asset\":{\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-opa-demo\",\"category\":\"infrastructure\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2898] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'JzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2861 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]}}],\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"buildsecurity-tfstate\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"buildsecurity-tfstate\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"1\",\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"AIDA476ILCEFBVRUJXNFV\",\"arn:aws:iam::704479110758:user/terraform-deployment\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"]}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":true},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1995] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'KTT5sJMB85hrXsGIbrCc'. Preview of field's value: '{AWS=[AIDA476ILCEFBVRUJXNFV, arn:aws:iam::704479110758:user/terraform-deployment]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1909 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\"},{\"Sid\":\"AWSConfigBucketDelivery\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\"},\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2382] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'KzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2349 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"type\":\"object-storage\",\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\",\"Action\":\"s3:GetBucketAcl\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"related_entity_id\":null,\"name\":\"dev-alb-5td21grs\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2268] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'LzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2229 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"asset\":{\"related_entity_id\":null,\"name\":\"dev-flow-logs-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2241] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MjT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2201 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\"},\"asset\":{\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\"},\"name\":\"devops-alb-m04ivw2j\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"]},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2292] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'NTT5sJMB85hrXsGIbrCc'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2253 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"name\":\"devops-flow-logs-m04ivw2j\",\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null}},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2262] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ODT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2222 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"]}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}}},\"asset\":{\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"name\":\"poc-alb-afrxhcnr\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2268] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QDT5sJMB85hrXsGIbrCc'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2229 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\"}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"related_entity_id\":null,\"name\":\"poc-flow-logs-afrxhcnr\",\"category\":\"infrastructure\",\"raw\":{\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2241] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2201 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"related_entity_id\":null,\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"category\":\"infrastructure\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"name\":\"qa-alb-h9nrpcij\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}],\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2260] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'RzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2221 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"]}],\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"related_entity_id\":null,\"name\":\"qa-flow-logs-h9nrpcij\",\"type\":\"object-storage\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\",\"Id\":\"AWSLogDeliveryWrite20150319\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2234] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'SjT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2194 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\"],\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"Sid\":\"AWSCloudTrailAclCheck\"},{\"Sid\":\"AWSCloudTrailWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409/AWSLogs/704479110758/*\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\"},\"related_entity_id\":null,\"name\":\"aws-reinvent-2024-pwncloud-cloudtrail-logs-37b4b409\",\"category\":\"infrastructure\",\"tags\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2328] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'UTT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2291 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"related_entity_id\":null,\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"tags\":null,\"raw\":{\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}}},{\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\"},\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2579] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'VTT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2542 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}}},\"asset\":{\"type\":\"object-storage\",\"related_entity_id\":null,\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sub_category\":\"storage\",\"tags\":null,\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"]},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2523] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'WDT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2486 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"agent\":{\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}}},\"asset\":{\"related_entity_id\":null,\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2599] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'WTT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2562 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"type\":\"object-storage\",\"raw\":{\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null},\"related_entity_id\":null,\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2575] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'WjT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2538 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"asset\":{\"tags\":null,\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\",\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"related_entity_id\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}}},{\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"version\":\"2012-10-17\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2694] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'WzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2657 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"related_entity_id\":null,\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2285] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'XDT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2248 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"}}],\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"category\":\"infrastructure\",\"type\":\"object-storage\",\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false}},\"related_entity_id\":null,\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sub_category\":\"storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2844] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'XzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2807 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"agent\":{\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}}},\"asset\":{\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"category\":\"infrastructure\",\"raw\":{\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null},\"sub_type\":\"s3-bucket\",\"tags\":null,\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"related_entity_id\":null,\"sub_category\":\"storage\",\"type\":\"object-storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2642] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'YzT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2605 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-12-10T15:29:17.714+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-12-10T14:29:06.484Z\",\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"]},{\"id\":\"AWSConfigBucketExistenceCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\"}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"entities\":{\"metadata\":{\"arn:aws:s3:::tin-config-test\":{\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}}}}},\"asset\":{\"id\":[\"arn:aws:s3:::tin-config-test\"],\"category\":\"infrastructure\",\"sub_type\":\"s3-bucket\",\"raw\":{\"Region\":\"us-east-1\",\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketExistenceCheck\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null},\"related_entity_id\":null,\"name\":\"tin-config-test\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"ip-192-168-2-18.eu-central-1.compute.internal\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"28f6b329-4f5d-4799-b372-436263f1ed33\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2527] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ZDT5sJMB85hrXsGIbrCc'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2494 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} diff --git a/logs/cloudbeat-events-data-20241119.ndjson b/logs/cloudbeat-events-data-20241119.ndjson new file mode 100644 index 0000000000..3d34335162 --- /dev/null +++ b/logs/cloudbeat-events-data-20241119.ndjson @@ -0,0 +1,1635 @@ +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.776+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"entity.metadata\":{\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\"},{\"Resource\":\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:*\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-2\",\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::paulo-cloudtrail-logs-cdr-demo-us-east-2\"],\"name\":\"paulo-cloudtrail-logs-cdr-demo-us-east-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1879] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'KUjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1842 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.778+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552556\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552556\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1952] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'KkjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1915 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.778+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}}},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"],\"name\":\"aws-cloudtrail-logs-704479110758-61552557\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-off-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-61552557\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1952] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'K0jdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1915 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.778+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"raw\":{\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Deny\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}}},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Deny\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"name\":\"aws-cloudtrail-logs-704479110758-c331f8df\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Deny\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-file-validation-on-pass\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Deny\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-c331f8df\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1940] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'LEjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1903 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.778+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access\"],\"name\":\"aws-cloudtrail-logs-704479110758-public-access\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1973] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'LUjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1936 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.778+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"],\"condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AmazonBedrockLogsWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"bedrock.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"entity.metadata\":{\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:bedrock:us-west-2:704479110758:*\"},\"StringEquals\":{\"aws:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"bedrock.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\",\"Sid\":\"AmazonBedrockLogsWrite\"}]},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"},\"id\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\"],\"name\":\"aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1583] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'LkjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=bedrock.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1549 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.778+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"asset\":{\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-cdr-demo\"},{\"Resource\":\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-west-2\",\"name\":\"tin-cdr-demo\"},\"id\":[\"arn:aws:s3:::tin-cdr-demo\"],\"name\":\"tin-cdr-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::tin-cdr-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-226df120-4e11-488c-b804-c1663c79bc87\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-cdr-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-west-2:704479110758:trail/tin-cdr-demo-cloudtrail-logs\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-04f3ede6-e2be-4c53-9d4d-5d7517c51309\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::tin-cdr-demo\"],\"entity.metadata\":{\"arn:aws:s3:::tin-cdr-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1831] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'MkjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1794 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.778+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra\"},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"Resource\":\"arn:aws:s3:::tf-state-bucket-test-infra/*\",\"Action\":[\"s3:GetObject\",\"s3:PutObject\"]}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-3\",\"name\":\"tf-state-bucket-test-infra\"},\"id\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"name\":\"tf-state-bucket-test-infra\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"]},{\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\"},\"resource\":[\"arn:aws:s3:::tf-state-bucket-test-infra/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::tf-state-bucket-test-infra\"],\"entity.metadata\":{\"arn:aws:s3:::tf-state-bucket-test-infra\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1385] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'NkjdRJMBjsBihvDH6gDG'. Preview of field's value: '{AWS=arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1319 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1/*\"],\"Action\":[\"s3:PutObject*\",\"s3:Abort*\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:eventdatastore/*\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-lake-query-results-704479110758-us-east-1\"],\"name\":\"aws-cloudtrail-lake-query-results-704479110758-us-east-1\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1807] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'OUjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1770 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"],\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-37761c06\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/ari-test-rule-3-3\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-37761c06/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1898] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'OkjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1861 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\"}}},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/cspm-test\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-8feae5f8\"],\"name\":\"aws-cloudtrail-logs-704479110758-8feae5f8\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1874] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'O0jdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1837 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-af58fdb6\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"}}},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-14d15554-4281-48db-a775-75e7039ff9e4\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-79cb0db8-bd29-454d-9ad5-543ca15a4abd\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/test-romulo-create-trail\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-af58fdb6\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1993] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'PEjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1956 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"name\":\"aws-cloudtrail-logs-704479110758-d741de63\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1584] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'PUjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1547 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}}},{\"version\":\"2012-10-17\",\"id\":\"AllowUserAccess\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"}}],\"related.entity\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"entity.metadata\":{\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319-0d708c50-ae2e-4257-bd4d-fc03e6e443e8\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-f7af3239-6a7c-46bc-a7cc-70eb9e0a5583\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/eyal-cdr\"}},\"Effect\":\"Allow\"},{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\"},\"Resource\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2/*\"],\"Sid\":\"AllowUserAccess\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\"],\"name\":\"eyal-cdr-aws-cloudtrail-logs-704479110758-92c17ff2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2134] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'QEjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2097 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\"},\"entity.metadata\":{\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"Effect\":\"Allow\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true,\"BlockPublicAcls\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\",\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\"},\"id\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"name\":\"tin-aws-cloudtrail-logs-704479110758-e23da26c\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:us-east-1:704479110758:trail/tin-cloudtrail-testing\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1937] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'REjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1900 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::tin-config-test\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\"},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::tin-config-test\"],\"entity.metadata\":{\"arn:aws:s3:::tin-config-test\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"name\":\"tin-config-test\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\",\"Sid\":\"AWSConfigBucketPermissionsCheck\",\"Action\":\"s3:GetBucketAcl\"},{\"Sid\":\"AWSConfigBucketExistenceCheck\",\"Action\":\"s3:ListBucket\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"704479110758\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::tin-config-test/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:s3:::tin-config-test\"],\"name\":\"tin-config-test\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1852] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'RUjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1819 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"related.entity\":[\"arn:aws:s3:::amir-cf\"],\"entity.metadata\":{\"arn:aws:s3:::amir-cf\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"amir-cf\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"arn:aws:s3:::amir-cf/*\",\"Sid\":\"Statement1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":false,\"BlockPublicPolicy\":false,\"IgnorePublicAcls\":false,\"RestrictPublicBuckets\":false},\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::amir-cf\"],\"name\":\"amir-cf\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Statement1\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"*\"},\"action\":[\"s3:GetObject\"],\"resource\":[\"arn:aws:s3:::amir-cf/*\"]}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1019] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'RkjdRJMBjsBihvDH6gDG'. Preview of field's value: '{AWS=*}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1009 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\"},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\",\"Sid\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\"},{\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"name\":\"aws-cloudtrail-logs-704479110758-5cddbc52\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319-d1a6eac2-7afa-4975-a663-14386a128eb6\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\"}}},{\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/rmf-cdr-validation\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319-18176a46-4c68-4aaa-8294-90186a7fba3d\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5cddbc52\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1975] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'R0jdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1938 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\",\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813-trail\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-5f293082\"],\"name\":\"aws-cloudtrail-logs-704479110758-5f293082\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1907] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'SEjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1870 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"name\":\"aws-cloudtrail-logs-704479110758-87d482e0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\"}},\"version\":\"2012-10-17\"},{\"condition\":{\"StringEquals\":{\"aws:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/orestis-qa-813\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0/AWSLogs/704479110758/*\"]}],\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-87d482e0\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1889] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'SUjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1852 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[{\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"version\":\"2012-10-17\"},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"raw\":{\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\",\"Sid\":\"AWSCloudTrailAclCheck20150319\"},{\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/test-aws-s3-public-access-failed\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2/AWSLogs/704479110758/*\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"sse_algorithm\":\"AES256\"},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-public-access-2\"],\"name\":\"aws-cloudtrail-logs-704479110758-public-access-2\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1985] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'SkjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1948 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"related.entity\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":{\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true,\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"aws-cloudtrail-logs-opa-demo\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"},{\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\"},{\"Sid\":\"AWSCloudTrailAclCheck20150319\",\"Action\":\"s3:GetBucketAcl\",\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"},{\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\",\"Sid\":\"AWSCloudTrailWrite20150319\",\"Action\":\"s3:PutObject\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"name\":\"aws-cloudtrail-logs-opa-demo\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"}},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"},{\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\"}},\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailAclCheck20150319\",\"effect\":\"Allow\"},{\"id\":\"AWSCloudTrailWrite20150319\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudtrail:eu-west-1:704479110758:trail/opa-demo\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:2210] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'S0jdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=cloudtrail.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:2173 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"related.entity\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"entity.metadata\":{\"arn:aws:s3:::buildsecurity-tfstate\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"raw\":{\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObjectVersion\",\"s3:GetObject\",\"s3:GetBucketVersioning\",\"s3:GetBucketLocation\",\"s3:PutObject\",\"s3:PutObjectAcl\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]},\"Resource\":[\"arn:aws:s3:::buildsecurity-tfstate/*\",\"arn:aws:s3:::buildsecurity-tfstate\"],\"Sid\":\"1\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":true},\"public_access_block_configuration\":{\"IgnorePublicAcls\":true,\"RestrictPublicBuckets\":false,\"BlockPublicAcls\":true,\"BlockPublicPolicy\":true},\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"buildsecurity-tfstate\"},\"id\":[\"arn:aws:s3:::buildsecurity-tfstate\"],\"name\":\"buildsecurity-tfstate\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"effect\":\"Allow\",\"principal\":{\"AWS\":[\"arn:aws:iam::704479110758:user/terraform-deployment\",\"AIDA476ILCEFBVRUJXNFV\"]},\"version\":\"2012-10-17\",\"id\":\"1\"}]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1314] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'TUjdRJMBjsBihvDH6gDG'. Preview of field's value: '{AWS=[arn:aws:iam::704479110758:user/terraform-deployment, AIDA476ILCEFBVRUJXNFV]}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1228 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketPermissionsCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:ListBucket\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketExistenceCheck\"},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigBucketDelivery\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"config.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}}],\"related.entity\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"entity.metadata\":{\"arn:aws:s3:::config-bucket-704479110758\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"id\":[\"arn:aws:s3:::config-bucket-704479110758\"],\"name\":\"config-bucket-704479110758\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"config-bucket-704479110758\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketPermissionsCheck\"},{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758\",\"Sid\":\"AWSConfigBucketExistenceCheck\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"config.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::config-bucket-704479110758/AWSLogs/704479110758/Config/*\",\"Sid\":\"AWSConfigBucketDelivery\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1696] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'T0jdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=config.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1663 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:s3:::dev-alb-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"tags\":null,\"raw\":{\"Region\":\"eu-west-1\",\"name\":\"dev-alb-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-alb-5td21grs\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::dev-alb-5td21grs\"],\"name\":\"dev-alb-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1592] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'U0jdRJMBjsBihvDH6gDG'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1553 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\"},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:s3:::dev-flow-logs-5td21grs\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"dev-flow-logs-5td21grs\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::dev-flow-logs-5td21grs\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::dev-flow-logs-5td21grs\"],\"name\":\"dev-flow-logs-5td21grs\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1559] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'VkjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1519 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"]},{\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:s3:::devops-alb-m04ivw2j\":{\"type\":\"object-storage\",\"category\":\"infrastructure\"}},\"asset\":{\"id\":[\"arn:aws:s3:::devops-alb-m04ivw2j\"],\"name\":\"devops-alb-m04ivw2j\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-alb-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-alb-m04ivw2j\"}],\"Version\":\"2012-10-17\"}}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1613] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'WUjdRJMBjsBihvDH6gDG'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1574 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"entity.metadata\":{\"arn:aws:s3:::devops-flow-logs-m04ivw2j\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"devops-flow-logs-m04ivw2j\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"MfaDelete\":false,\"Enabled\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"name\":\"devops-flow-logs-m04ivw2j\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j/AWSLogs/704479110758/*\"]},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\"}],\"related.entity\":[\"arn:aws:s3:::devops-flow-logs-m04ivw2j\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1577] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'XEjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1537 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\"},\"entity.metadata\":{\"arn:aws:s3:::poc-alb-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-alb-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-alb-afrxhcnr\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"name\":\"poc-alb-afrxhcnr\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"]},{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:s3:::poc-alb-afrxhcnr\"]}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1592] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'ZEjdRJMBjsBihvDH6gDG'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1553 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\"]},{\"resource\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"related.entity\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"entity.metadata\":{\"arn:aws:s3:::poc-flow-logs-afrxhcnr\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"poc-flow-logs-afrxhcnr\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\"},{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::poc-flow-logs-afrxhcnr\",\"Sid\":\"AWSLogDeliveryAclCheck\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false}},\"id\":[\"arn:aws:s3:::poc-flow-logs-afrxhcnr\"],\"name\":\"poc-flow-logs-afrxhcnr\",\"category\":\"infrastructure\",\"sub_category\":\"storage\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1559] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'Z0jdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1519 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"resource_policies\":[{\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"resource\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"entity.metadata\":{\"arn:aws:s3:::qa-alb-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"id\":[\"arn:aws:s3:::qa-alb-h9nrpcij\"],\"name\":\"qa-alb-h9nrpcij\",\"category\":\"infrastructure\",\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null,\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-alb-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::156460612806:root\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij/alb/AWSLogs/704479110758/*\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}}},{\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-alb-h9nrpcij\",\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1585] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'a0jdRJMBjsBihvDH6gDG'. Preview of field's value: '{AWS=arn:aws:iam::156460612806:root}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1546 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T15:40:14.779+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T14:40:04.171Z\",\"resource_policies\":[{\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\"],\"condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryWrite\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:PutObject\"]},{\"version\":\"2012-10-17\",\"id\":\"AWSLogDeliveryAclCheck\",\"effect\":\"Allow\",\"principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"action\":[\"s3:GetBucketAcl\"],\"resource\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"88d2933a-e729-49b3-af8f-261c6e11fb22\"},\"related.entity\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"entity.metadata\":{\"arn:aws:s3:::qa-flow-logs-h9nrpcij\":{\"category\":\"infrastructure\",\"type\":\"object-storage\"}},\"asset\":{\"sub_category\":\"storage\",\"type\":\"object-storage\",\"sub_type\":\"s3-bucket\",\"tags\":null,\"raw\":{\"account_public_access_block_configuration\":null,\"Region\":\"eu-west-1\",\"name\":\"qa-flow-logs-h9nrpcij\",\"sse_algorithm\":\"AES256\",\"bucket_policy\":{\"Id\":\"AWSLogDeliveryWrite20150319\",\"Statement\":[{\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij/AWSLogs/704479110758/*\",\"Sid\":\"AWSLogDeliveryWrite\",\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"}},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::qa-flow-logs-h9nrpcij\",\"Sid\":\"AWSLogDeliveryAclCheck\",\"Action\":\"s3:GetBucketAcl\"}],\"Version\":\"2012-10-17\"},\"bucket_versioning\":{\"Enabled\":false,\"MfaDelete\":false},\"public_access_block_configuration\":null},\"id\":[\"arn:aws:s3:::qa-flow-logs-h9nrpcij\"],\"name\":\"qa-flow-logs-h9nrpcij\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS S3\"}}}\n' (status=400): {\"type\":\"document_parsing_exception\",\"reason\":\"[1:1553] failed to parse field [asset.raw.bucket_policy.Statement.Principal] of type [keyword] in document with id 'bkjdRJMBjsBihvDH6gDG'. Preview of field's value: '{Service=delivery.logs.amazonaws.com}'\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"Expected text at 1:1513 but found START_OBJECT\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"resource_policies\":[],\"related.entity\":[\"d2a9814e-e8c5-4d48-aea7-1b91be56dc19\"],\"entity.metadata\":{\"d2a9814e-e8c5-4d48-aea7-1b91be56dc19\":{\"category\":\"infrastructure\",\"type\":\"event-source\"}},\"asset\":{\"type\":\"event-source\",\"sub_type\":\"lambda-event-source-mapping\",\"tags\":null,\"raw\":{\"event_source_mapping_configuration\":{\"FunctionResponseTypes\":[],\"LastModified\":\"2024-10-23T22:05:54.603Z\",\"MaximumBatchingWindowInSeconds\":0,\"MaximumRecordAgeInSeconds\":null,\"FunctionArn\":\"arn:aws:lambda:us-west-2:704479110758:function:serverlessrepo-tin-cdr-de-ApplicationElasticServer-XER9vPFvfLbx\",\"KMSKeyArn\":null,\"ParallelizationFactor\":null,\"StateTransitionReason\":\"USER_INITIATED\",\"Topics\":null,\"DestinationConfig\":null,\"EventSourceMappingArn\":\"arn:aws:lambda:us-west-2:704479110758:event-source-mapping:d2a9814e-e8c5-4d48-aea7-1b91be56dc19\",\"FilterCriteria\":null,\"DocumentDBEventSourceConfig\":null,\"LastProcessingResult\":null,\"ScalingConfig\":null,\"SourceAccessConfigurations\":null,\"State\":\"Enabled\",\"UUID\":\"d2a9814e-e8c5-4d48-aea7-1b91be56dc19\",\"AmazonManagedKafkaEventSourceConfig\":null,\"SelfManagedKafkaEventSourceConfig\":null,\"BatchSize\":10,\"BisectBatchOnFunctionError\":null,\"EventSourceArn\":\"arn:aws:sqs:us-west-2:704479110758:tin-cdr-audit-event-notification-queue\",\"FilterCriteriaError\":null,\"MaximumRetryAttempts\":null,\"SelfManagedEventSource\":null,\"TumblingWindowInSeconds\":null,\"Queues\":null,\"StartingPosition\":\"\",\"StartingPositionTimestamp\":null}},\"id\":[\"d2a9814e-e8c5-4d48-aea7-1b91be56dc19\"],\"name\":\"d2a9814e-e8c5-4d48-aea7-1b91be56dc19\",\"category\":\"infrastructure\",\"sub_category\":\"integration\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Lambda\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Lambda\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"62eb2f04-70a2-4c70-9945-1485029621a6\"],\"entity.metadata\":{\"62eb2f04-70a2-4c70-9945-1485029621a6\":{\"category\":\"infrastructure\",\"type\":\"event-source\"}},\"asset\":{\"name\":\"62eb2f04-70a2-4c70-9945-1485029621a6\",\"category\":\"infrastructure\",\"sub_category\":\"integration\",\"type\":\"event-source\",\"sub_type\":\"lambda-event-source-mapping\",\"tags\":null,\"raw\":{\"event_source_mapping_configuration\":{\"SelfManagedKafkaEventSourceConfig\":null,\"UUID\":\"62eb2f04-70a2-4c70-9945-1485029621a6\",\"DestinationConfig\":null,\"FunctionResponseTypes\":[],\"MaximumBatchingWindowInSeconds\":0,\"SelfManagedEventSource\":null,\"SourceAccessConfigurations\":null,\"StartingPosition\":\"\",\"StateTransitionReason\":\"USER_INITIATED\",\"EventSourceArn\":\"arn:aws:sqs:us-west-2:704479110758:elastic-serverless-forwarder-continuing-queue-0a0f93b1b57d\",\"FilterCriteria\":null,\"FilterCriteriaError\":null,\"ParallelizationFactor\":null,\"BisectBatchOnFunctionError\":null,\"KMSKeyArn\":null,\"ScalingConfig\":null,\"Topics\":null,\"AmazonManagedKafkaEventSourceConfig\":null,\"LastModified\":\"2024-10-23T22:05:54.426Z\",\"TumblingWindowInSeconds\":null,\"EventSourceMappingArn\":\"arn:aws:lambda:us-west-2:704479110758:event-source-mapping:62eb2f04-70a2-4c70-9945-1485029621a6\",\"LastProcessingResult\":null,\"MaximumRetryAttempts\":null,\"Queues\":null,\"DocumentDBEventSourceConfig\":null,\"MaximumRecordAgeInSeconds\":null,\"BatchSize\":10,\"FunctionArn\":\"arn:aws:lambda:us-west-2:704479110758:function:serverlessrepo-tin-cdr-de-ApplicationElasticServer-XER9vPFvfLbx\",\"State\":\"Enabled\",\"StartingPositionTimestamp\":null}},\"id\":[\"62eb2f04-70a2-4c70-9945-1485029621a6\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"asset\":{\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-73d2e309\"}],\"InternetGatewayId\":\"igw-a25733d9\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:internet-gateway/igw-a25733d9\",\"igw-a25733d9\"],\"name\":\"igw-a25733d9\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:internet-gateway/igw-a25733d9\",\"igw-a25733d9\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:internet-gateway/igw-a25733d9\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:internet-gateway/igw-057ab66e\",\"igw-057ab66e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:internet-gateway/igw-057ab66e\":{\"type\":\"gateway\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"internet_gateway\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-ed6da487\"}],\"InternetGatewayId\":\"igw-057ab66e\"}},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:internet-gateway/igw-057ab66e\",\"igw-057ab66e\"],\"name\":\"igw-057ab66e\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-central-1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-0655e251b572f3c6c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:internet-gateway/igw-06d59e6f7cfe96284\",\"igw-06d59e6f7cfe96284\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:internet-gateway/igw-06d59e6f7cfe96284\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"buildsec-igw\",\"Key\":\"Name\"}],\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0655e251b572f3c6c\"}],\"InternetGatewayId\":\"igw-06d59e6f7cfe96284\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:internet-gateway/igw-06d59e6f7cfe96284\",\"igw-06d59e6f7cfe96284\"],\"name\":\"igw-06d59e6f7cfe96284\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:internet-gateway/igw-072fef0136a91a4c8\",\"igw-072fef0136a91a4c8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:internet-gateway/igw-072fef0136a91a4c8\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-058b21b3bf0f435b0\"}],\"InternetGatewayId\":\"igw-072fef0136a91a4c8\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\",\"Value\":\"owned\"},{\"Key\":\"KubernetesCluster\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Key\":\"Name\",\"Value\":\"kops-csp-demo-1.k8s.local\"}]}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:internet-gateway/igw-072fef0136a91a4c8\",\"igw-072fef0136a91a4c8\"],\"name\":\"igw-072fef0136a91a4c8\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:internet-gateway/igw-b2fc12da\",\"igw-b2fc12da\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:internet-gateway/igw-b2fc12da\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"name\":\"igw-b2fc12da\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-7d397e15\"}],\"InternetGatewayId\":\"igw-b2fc12da\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:internet-gateway/igw-b2fc12da\",\"igw-b2fc12da\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:internet-gateway/igw-08105497280e473a1\",\"igw-08105497280e473a1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:internet-gateway/igw-08105497280e473a1\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0e4b5c650a5bc0bdd\"}],\"InternetGatewayId\":\"igw-08105497280e473a1\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"buildsec-igw\"}]}},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:internet-gateway/igw-08105497280e473a1\",\"igw-08105497280e473a1\"],\"name\":\"igw-08105497280e473a1\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0e4b5c650a5bc0bdd\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:internet-gateway/igw-402e7829\",\"igw-402e7829\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:internet-gateway/igw-402e7829\":{\"type\":\"gateway\",\"category\":\"infrastructure\"}},\"asset\":{\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"VpcId\":\"vpc-cf796aa6\",\"State\":\"available\"}],\"InternetGatewayId\":\"igw-402e7829\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:internet-gateway/igw-402e7829\",\"igw-402e7829\"],\"name\":\"igw-402e7829\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-01b5e039bb92fbf7e\",\"igw-01b5e039bb92fbf7e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-01b5e039bb92fbf7e\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"raw\":{\"internet_gateway\":{\"InternetGatewayId\":\"igw-01b5e039bb92fbf7e\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"amir-env-vpc\"}],\"Attachments\":[{\"VpcId\":\"vpc-06635215f51bfd343\",\"State\":\"available\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-01b5e039bb92fbf7e\",\"igw-01b5e039bb92fbf7e\"],\"name\":\"igw-01b5e039bb92fbf7e\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-06635215f51bfd343\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-02a018e295a52afde\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-02a018e295a52afde\",\"igw-02a018e295a52afde\"],\"name\":\"igw-02a018e295a52afde\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-WWZ-vpc\"}],\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0e838e42ce3e6d30c\"}],\"InternetGatewayId\":\"igw-02a018e295a52afde\",\"OwnerId\":\"704479110758\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-02a018e295a52afde\",\"igw-02a018e295a52afde\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-036fd26ed5a871a7f\",\"igw-036fd26ed5a871a7f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-036fd26ed5a871a7f\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"InternetGatewayId\":\"igw-036fd26ed5a871a7f\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"benchmark-rules-vpc\",\"Key\":\"Name\"}],\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-00103fb710b9960ab\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-036fd26ed5a871a7f\",\"igw-036fd26ed5a871a7f\"],\"name\":\"igw-036fd26ed5a871a7f\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-06b023d1fc8665055\"}],\"InternetGatewayId\":\"igw-052ff90cd153c3860\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"dg-cis-vpc\",\"Key\":\"Name\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-052ff90cd153c3860\",\"igw-052ff90cd153c3860\"],\"name\":\"igw-052ff90cd153c3860\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-052ff90cd153c3860\",\"igw-052ff90cd153c3860\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-052ff90cd153c3860\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-077e9203dc3521cd3\",\"igw-077e9203dc3521cd3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-077e9203dc3521cd3\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-096d5aaf84103883c\"}],\"InternetGatewayId\":\"igw-077e9203dc3521cd3\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"long-running-project-vpc\",\"Key\":\"Name\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-077e9203dc3521cd3\",\"igw-077e9203dc3521cd3\"],\"name\":\"igw-077e9203dc3521cd3\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-07e7aeb0b01fa68ed\",\"igw-07e7aeb0b01fa68ed\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-07e7aeb0b01fa68ed\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0d0d507f15a7baefb\"}],\"InternetGatewayId\":\"igw-07e7aeb0b01fa68ed\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-vpc\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-07e7aeb0b01fa68ed\",\"igw-07e7aeb0b01fa68ed\"],\"name\":\"igw-07e7aeb0b01fa68ed\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0861384f0343fa48f\",\"igw-0861384f0343fa48f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0861384f0343fa48f\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-02190da3c759732a9\"}],\"InternetGatewayId\":\"igw-0861384f0343fa48f\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0861384f0343fa48f\",\"igw-0861384f0343fa48f\"],\"name\":\"igw-0861384f0343fa48f\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.084+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0880ff77c4ca73d1d\",\"igw-0880ff77c4ca73d1d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0880ff77c4ca73d1d\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-05eeaaeb72e2eb28b\"}],\"InternetGatewayId\":\"igw-0880ff77c4ca73d1d\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-5jA-vpc\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0880ff77c4ca73d1d\",\"igw-0880ff77c4ca73d1d\"],\"name\":\"igw-0880ff77c4ca73d1d\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-08b3bef7ec626ca6e\",\"igw-08b3bef7ec626ca6e\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-08b3bef7ec626ca6e\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"tags\":null,\"raw\":{\"internet_gateway\":{\"InternetGatewayId\":\"igw-08b3bef7ec626ca6e\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-AhU-vpc\"}],\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-05dd3a849e821fafc\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-08b3bef7ec626ca6e\",\"igw-08b3bef7ec626ca6e\"],\"name\":\"igw-08b3bef7ec626ca6e\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-08cc251f5fc461fde\",\"igw-08cc251f5fc461fde\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-08cc251f5fc461fde\":{\"type\":\"gateway\",\"category\":\"infrastructure\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0de5d19ac894b58c9\"}],\"InternetGatewayId\":\"igw-08cc251f5fc461fde\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-Gfp-vpc\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-08cc251f5fc461fde\",\"igw-08cc251f5fc461fde\"],\"name\":\"igw-08cc251f5fc461fde\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-091becfe22188e118\",\"igw-091becfe22188e118\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-091becfe22188e118\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-04ece708af6c9b689\"}],\"InternetGatewayId\":\"igw-091becfe22188e118\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-pEN-vpc\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-091becfe22188e118\",\"igw-091becfe22188e118\"],\"name\":\"igw-091becfe22188e118\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0b8c98a247dff8171\",\"igw-0b8c98a247dff8171\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0b8c98a247dff8171\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"name\":\"igw-0b8c98a247dff8171\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-08d87433815da7907\"}],\"InternetGatewayId\":\"igw-0b8c98a247dff8171\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kuba-logs-vpc\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0b8c98a247dff8171\",\"igw-0b8c98a247dff8171\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0d143b6ceb27ef576\",\"igw-0d143b6ceb27ef576\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0d143b6ceb27ef576\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0d143b6ceb27ef576\",\"igw-0d143b6ceb27ef576\"],\"name\":\"igw-0d143b6ceb27ef576\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0a74788000c2f0013\"}],\"InternetGatewayId\":\"igw-0d143b6ceb27ef576\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"cloudbeat-tf-nsZ-vpc\",\"Key\":\"Name\"}]}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0d26082b83ab057c2\",\"igw-0d26082b83ab057c2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0d26082b83ab057c2\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"raw\":{\"internet_gateway\":{\"InternetGatewayId\":\"igw-0d26082b83ab057c2\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-vpc\"}],\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0096efe3aab3734db\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0d26082b83ab057c2\",\"igw-0d26082b83ab057c2\"],\"name\":\"igw-0d26082b83ab057c2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0d94808cba03ccc53\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-061fc9c22f73c7d3e\"}],\"InternetGatewayId\":\"igw-0d94808cba03ccc53\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"amir-env-vpc\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0d94808cba03ccc53\",\"igw-0d94808cba03ccc53\"],\"name\":\"igw-0d94808cba03ccc53\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-061fc9c22f73c7d3e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0d94808cba03ccc53\",\"igw-0d94808cba03ccc53\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0e3814630d03a1e2c\",\"igw-0e3814630d03a1e2c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0e3814630d03a1e2c\":{\"type\":\"gateway\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"InternetGatewayId\":\"igw-0e3814630d03a1e2c\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-vpc\"}],\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0bf78569aaae50b84\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0e3814630d03a1e2c\",\"igw-0e3814630d03a1e2c\"],\"name\":\"igw-0e3814630d03a1e2c\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0b5ada4550b941390\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0fd0014fbc089e4da\",\"igw-0fd0014fbc089e4da\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0fd0014fbc089e4da\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"name\":\"igw-0fd0014fbc089e4da\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0b5ada4550b941390\"}],\"InternetGatewayId\":\"igw-0fd0014fbc089e4da\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"maxcold-test-vpc\",\"Key\":\"Name\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-0fd0014fbc089e4da\",\"igw-0fd0014fbc089e4da\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"asset\":{\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-6cb55a15\"}],\"InternetGatewayId\":\"igw-f840589f\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-f840589f\",\"igw-f840589f\"],\"name\":\"igw-f840589f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-f840589f\",\"igw-f840589f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:internet-gateway/igw-f840589f\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-e6e43c8f\"}],\"InternetGatewayId\":\"igw-5447983d\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:eu-north-1:704479110758:internet-gateway/igw-5447983d\",\"igw-5447983d\"],\"name\":\"igw-5447983d\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-north-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-e6e43c8f\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-north-1:704479110758:internet-gateway/igw-5447983d\",\"igw-5447983d\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-north-1:704479110758:internet-gateway/igw-5447983d\":{\"type\":\"gateway\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"network\":{\"vpc_ids\":[\"vpc-8bb1fde3\"]},\"resource_policies\":[],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:ca-central-1:704479110758:internet-gateway/igw-d9a85db1\",\"igw-d9a85db1\"],\"entity.metadata\":{\"arn:aws:ec2:ca-central-1:704479110758:internet-gateway/igw-d9a85db1\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-8bb1fde3\"}],\"InternetGatewayId\":\"igw-d9a85db1\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:ca-central-1:704479110758:internet-gateway/igw-d9a85db1\",\"igw-d9a85db1\"],\"name\":\"igw-d9a85db1\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"region\":\"ca-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:internet-gateway/igw-bd5638d5\",\"igw-bd5638d5\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:internet-gateway/igw-bd5638d5\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0fa96564\"}],\"InternetGatewayId\":\"igw-bd5638d5\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:internet-gateway/igw-bd5638d5\",\"igw-bd5638d5\"],\"name\":\"igw-bd5638d5\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:internet-gateway/igw-0460fb4005fe1d08b\",\"igw-0460fb4005fe1d08b\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:internet-gateway/igw-0460fb4005fe1d08b\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0d34957e50abb854b\"}],\"InternetGatewayId\":\"igw-0460fb4005fe1d08b\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc\"}]}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:internet-gateway/igw-0460fb4005fe1d08b\",\"igw-0460fb4005fe1d08b\"],\"name\":\"igw-0460fb4005fe1d08b\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:internet-gateway/igw-04a2b1ac76f0e4387\",\"igw-04a2b1ac76f0e4387\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:internet-gateway/igw-04a2b1ac76f0e4387\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0400c449f7d20cd09\"}],\"InternetGatewayId\":\"igw-04a2b1ac76f0e4387\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc\"}]}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:internet-gateway/igw-04a2b1ac76f0e4387\",\"igw-04a2b1ac76f0e4387\"],\"name\":\"igw-04a2b1ac76f0e4387\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"asset\":{\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Tags\":[],\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-eb7e6883\"}],\"InternetGatewayId\":\"igw-287ada40\",\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:internet-gateway/igw-287ada40\",\"igw-287ada40\"],\"name\":\"igw-287ada40\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-eb7e6883\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:internet-gateway/igw-287ada40\",\"igw-287ada40\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:internet-gateway/igw-287ada40\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:internet-gateway/igw-8420cfe3\",\"igw-8420cfe3\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:internet-gateway/igw-8420cfe3\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-f6816890\"}],\"InternetGatewayId\":\"igw-8420cfe3\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:internet-gateway/igw-8420cfe3\",\"igw-8420cfe3\"],\"name\":\"igw-8420cfe3\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-0180a1dc90512f144\"}],\"InternetGatewayId\":\"igw-02e68eb5fcd07457d\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"aws-reinvent-2024-pwncloud-igw-f934c03f\"}]}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:internet-gateway/igw-02e68eb5fcd07457d\",\"igw-02e68eb5fcd07457d\"],\"name\":\"igw-02e68eb5fcd07457d\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0180a1dc90512f144\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:internet-gateway/igw-02e68eb5fcd07457d\",\"igw-02e68eb5fcd07457d\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:internet-gateway/igw-02e68eb5fcd07457d\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:internet-gateway/igw-c29b56bb\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"name\":\"igw-c29b56bb\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-36a1394e\"}],\"InternetGatewayId\":\"igw-c29b56bb\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:internet-gateway/igw-c29b56bb\",\"igw-c29b56bb\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:internet-gateway/igw-c29b56bb\",\"igw-c29b56bb\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-1:704479110758:internet-gateway/igw-c24a76a6\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-e4a9b483\"}],\"InternetGatewayId\":\"igw-c24a76a6\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:ap-southeast-1:704479110758:internet-gateway/igw-c24a76a6\",\"igw-c24a76a6\"],\"name\":\"igw-c24a76a6\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-e4a9b483\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-1:704479110758:internet-gateway/igw-c24a76a6\",\"igw-c24a76a6\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"network\":{\"vpc_ids\":[\"vpc-f7181690\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:sa-east-1:704479110758:internet-gateway/igw-3d074059\",\"igw-3d074059\"],\"entity.metadata\":{\"arn:aws:ec2:sa-east-1:704479110758:internet-gateway/igw-3d074059\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"raw\":{\"internet_gateway\":{\"Tags\":[],\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-f7181690\"}],\"InternetGatewayId\":\"igw-3d074059\",\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:sa-east-1:704479110758:internet-gateway/igw-3d074059\",\"igw-3d074059\"],\"name\":\"igw-3d074059\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"sa-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:internet-gateway/igw-6eca4b07\",\"igw-6eca4b07\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:internet-gateway/igw-6eca4b07\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"name\":\"igw-6eca4b07\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-04076d6d\"}],\"InternetGatewayId\":\"igw-6eca4b07\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:internet-gateway/igw-6eca4b07\",\"igw-6eca4b07\"]},\"cloud\":{\"region\":\"ap-northeast-3\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"cloud\":{\"region\":\"ap-northeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-75343a12\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-1:704479110758:internet-gateway/igw-835045e7\",\"igw-835045e7\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-1:704479110758:internet-gateway/igw-835045e7\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Tags\":[],\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-75343a12\"}],\"InternetGatewayId\":\"igw-835045e7\",\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:ap-northeast-1:704479110758:internet-gateway/igw-835045e7\",\"igw-835045e7\"],\"name\":\"igw-835045e7\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"asset\":{\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:internet-gateway/igw-d9d857b1\",\"igw-d9d857b1\"],\"name\":\"igw-d9d857b1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null,\"raw\":{\"internet_gateway\":{\"Tags\":[],\"Attachments\":[{\"VpcId\":\"vpc-3e76af55\",\"State\":\"available\"}],\"InternetGatewayId\":\"igw-d9d857b1\",\"OwnerId\":\"704479110758\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-3e76af55\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:internet-gateway/igw-d9d857b1\",\"igw-d9d857b1\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:internet-gateway/igw-d9d857b1\":{\"type\":\"gateway\",\"category\":\"infrastructure\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"asset\":{\"raw\":{\"internet_gateway\":{\"Attachments\":[{\"State\":\"available\",\"VpcId\":\"vpc-bbfefedc\"}],\"InternetGatewayId\":\"igw-f0e2f394\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"id\":[\"arn:aws:ec2:ap-southeast-2:704479110758:internet-gateway/igw-f0e2f394\",\"igw-f0e2f394\"],\"name\":\"igw-f0e2f394\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"internet-gateway\",\"tags\":null},\"cloud\":{\"region\":\"ap-southeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-bbfefedc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-2:704479110758:internet-gateway/igw-f0e2f394\",\"igw-f0e2f394\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-2:704479110758:internet-gateway/igw-f0e2f394\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:ec2/i-05ea11ffc6f045d4d\",\"i-05ea11ffc6f045d4d\"],\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:ec2/i-05ea11ffc6f045d4d\",\"i-05ea11ffc6f045d4d\"],\"name\":\"orestis-onweek-node-0\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"orestis-onweek-node-0\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:18.084503\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},\"raw\":{\"Ipv6Address\":null,\"NetworkInterfaces\":[{\"Groups\":[{\"GroupId\":\"sg-0aa4d66fe76125c24\",\"GroupName\":\"ofloros-onweek\"}],\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"Status\":\"in-use\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-18-199-254-49.eu-central-1.compute.amazonaws.com\",\"PublicIp\":\"18.199.254.49\"},\"Attachment\":{\"AttachTime\":\"2024-05-02T14:52:25Z\",\"AttachmentId\":\"eni-attach-0c6f10ab743287d31\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"InterfaceType\":\"interface\",\"PrivateIpAddress\":\"172.31.38.208\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-4b27c837\",\"VpcId\":\"vpc-ed6da487\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"MacAddress\":\"06:49:56:f7:59:2b\",\"NetworkInterfaceId\":\"eni-0b9c1d581fb1985e7\",\"PrivateDnsName\":\"ip-172-31-38-208.eu-central-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-18-199-254-49.eu-central-1.compute.amazonaws.com\",\"PublicIp\":\"18.199.254.49\",\"CarrierIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-38-208.eu-central-1.compute.internal\",\"PrivateIpAddress\":\"172.31.38.208\"}]}],\"RootDeviceType\":\"ebs\",\"SecurityGroups\":[{\"GroupId\":\"sg-0aa4d66fe76125c24\",\"GroupName\":\"ofloros-onweek\"}],\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"InstanceId\":\"i-05ea11ffc6f045d4d\",\"ProductCodes\":[],\"RootDeviceName\":\"/dev/sda1\",\"BlockDeviceMappings\":[{\"Ebs\":{\"Status\":\"attached\",\"VolumeId\":\"vol-015782648f51f7f82\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-05-02T14:52:26Z\",\"DeleteOnTermination\":true},\"DeviceName\":\"/dev/sda1\"}],\"KernelId\":null,\"Placement\":{\"GroupId\":null,\"HostId\":null,\"SpreadDomain\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-central-1b\",\"GroupName\":\"\",\"HostResourceGroupArn\":null},\"VirtualizationType\":\"hvm\",\"EnclaveOptions\":{\"Enabled\":false},\"Licenses\":null,\"Platform\":\"\",\"SpotInstanceRequestId\":null,\"SriovNetSupport\":null,\"BootMode\":\"uefi\",\"RamdiskId\":null,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"SubnetId\":\"subnet-4b27c837\",\"PlatformDetails\":\"Linux/UNIX\",\"PrivateDnsName\":\"ip-172-31-38-208.eu-central-1.compute.internal\",\"PrivateIpAddress\":\"172.31.38.208\",\"SourceDestCheck\":true,\"UsageOperation\":\"RunInstances\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ClientToken\":\"e7a596dd-6c61-46b1-843a-2918f90cb861\",\"HibernationOptions\":{\"Configured\":false},\"KeyName\":\"ofloros-frankfurt\",\"StateTransitionReason\":\"User initiated (2024-05-17 02:24:20 GMT)\",\"Region\":\"eu-central-1\",\"ElasticGpuAssociations\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"OutpostArn\":null,\"UsageOperationUpdateTime\":\"2024-05-02T14:52:25Z\",\"Hypervisor\":\"xen\",\"PublicIpAddress\":\"18.199.254.49\",\"Tags\":[{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:18.084503\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"Name\",\"Value\":\"orestis-onweek-node-0\"},{\"Value\":\"Resource does not meet policy: stop@2024/11/20\",\"Key\":\"custodian_stop\"}],\"TpmSupport\":null,\"Architecture\":\"arm64\",\"LaunchTime\":\"2024-05-16T10:50:50Z\",\"IamInstanceProfile\":null,\"InstanceLifecycle\":\"\",\"MetadataOptions\":{\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2},\"RootVolume\":null,\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"CapacityReservationId\":null,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"CurrentInstanceBootMode\":\"uefi\",\"EbsOptimized\":true,\"ElasticInferenceAcceleratorAssociations\":null,\"EnaSupport\":true,\"Monitoring\":{\"State\":\"disabled\"},\"VpcId\":\"vpc-ed6da487\",\"ImageId\":\"ami-099b7bab1b9843525\",\"InstanceType\":\"c6g.large\",\"AmiLaunchIndex\":0,\"PublicDnsName\":\"ec2-18-199-254-49.eu-central-1.compute.amazonaws.com\"}},\"network\":{\"public_dns_name\":\"ec2-18-199-254-49.eu-central-1.compute.amazonaws.com\",\"public_ip_address\":\"18.199.254.49\",\"subnet_ids\":[\"subnet-4b27c837\"],\"network_id\":\"vpc-ed6da487\",\"private_dns_name\":\"ip-172-31-38-208.eu-central-1.compute.internal\",\"private_ip_address\":\"172.31.38.208\"},\"host\":{\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"arm64\",\"imageId\":\"ami-099b7bab1b9843525\",\"instance_type\":\"c6g.large\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:ec2/i-05ea11ffc6f045d4d\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"cloud\":{\"machine\":{\"machine_type\":\"c6g.large\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-central-1b\",\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"name\":\"orestis-onweek-node-0\",\"id\":\"i-05ea11ffc6f045d4d\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-045d733c9ddcd3ff3\",\"i-045d733c9ddcd3ff3\"],\"cloud\":{\"availability_zone\":\"eu-west-2b\",\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"instance\":{\"id\":\"i-045d733c9ddcd3ff3\",\"name\":\"ido-wiz-debug\"},\"machine\":{\"machine_type\":\"t2.micro\"},\"service\":{\"name\":\"AWS EC2\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-045d733c9ddcd3ff3\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"raw\":{\"Architecture\":\"x86_64\",\"Licenses\":null,\"SriovNetSupport\":null,\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"StateTransitionReason\":\"User initiated (2024-08-29 02:46:26 GMT)\",\"TpmSupport\":null,\"ClientToken\":\"4f48fad1-7c44-467f-9557-05510599a2a8\",\"InstanceType\":\"t2.micro\",\"OutpostArn\":null,\"Platform\":\"\",\"PrivateDnsName\":\"ip-172-31-38-92.eu-west-2.compute.internal\",\"PublicIpAddress\":null,\"Region\":\"eu-west-2\",\"CapacityReservationSpecification\":{\"CapacityReservationTarget\":null,\"CapacityReservationPreference\":\"open\"},\"ImageId\":\"ami-0c0493bbac867d427\",\"PrivateIpAddress\":\"172.31.38.92\",\"SubnetId\":\"subnet-1758805b\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"ido-wiz-debug\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.027742\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Value\":\"Resource does not meet policy: terminate@2024/12/04\",\"Key\":\"custodian_delete\"},{\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Key\":\"stopped-by\"}],\"VpcId\":\"vpc-7d397e15\",\"EbsOptimized\":false,\"IamInstanceProfile\":null,\"AmiLaunchIndex\":0,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":1},\"ElasticGpuAssociations\":null,\"KernelId\":null,\"HibernationOptions\":{\"Configured\":false},\"LaunchTime\":\"2024-08-27T06:39:56Z\",\"PlatformDetails\":\"Linux/UNIX\",\"RamdiskId\":null,\"CapacityReservationId\":null,\"InstanceId\":\"i-045d733c9ddcd3ff3\",\"Monitoring\":{\"State\":\"disabled\"},\"Placement\":{\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-west-2b\",\"GroupId\":null,\"PartitionNumber\":null},\"CurrentInstanceBootMode\":\"legacy-bios\",\"Hypervisor\":\"xen\",\"RootVolume\":null,\"RootDeviceName\":\"/dev/xvda\",\"SourceDestCheck\":true,\"UsageOperation\":\"RunInstances\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"Status\":\"attached\",\"VolumeId\":\"vol-089914220eb49e3b3\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-08-27T06:39:57Z\",\"DeleteOnTermination\":true}}],\"ElasticInferenceAcceleratorAssociations\":null,\"InstanceLifecycle\":\"\",\"KeyName\":\"ido-eu-west-2\",\"EnclaveOptions\":{\"Enabled\":false},\"Ipv6Address\":null,\"VirtualizationType\":\"hvm\",\"ProductCodes\":[],\"PublicDnsName\":\"\",\"RootDeviceType\":\"ebs\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"BootMode\":\"uefi-preferred\",\"MetadataOptions\":{\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"SpotInstanceRequestId\":null,\"EnaSupport\":true,\"NetworkInterfaces\":[{\"MacAddress\":\"0a:c6:d3:4b:3f:81\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-38-92.eu-west-2.compute.internal\",\"SubnetId\":\"subnet-1758805b\",\"Groups\":[{\"GroupId\":\"sg-072b44dd270e0de3d\",\"GroupName\":\"launch-wizard-3\"}],\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"ConnectionTrackingConfiguration\":null,\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.31.38.92\",\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-0a0a99239302615f6\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.38.92\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-38-92.eu-west-2.compute.internal\"}],\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Association\":null,\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-08-27T06:39:56Z\",\"AttachmentId\":\"eni-attach-0894858b2accaf0bd\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"Description\":\"\",\"VpcId\":\"vpc-7d397e15\"}],\"SecurityGroups\":[{\"GroupId\":\"sg-072b44dd270e0de3d\",\"GroupName\":\"launch-wizard-3\"}],\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"UsageOperationUpdateTime\":\"2024-08-27T06:39:56Z\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-045d733c9ddcd3ff3\",\"i-045d733c9ddcd3ff3\"],\"name\":\"ido-wiz-debug\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:25.027742\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"ido-wiz-debug\"}},\"host\":{\"imageId\":\"ami-0c0493bbac867d427\",\"instance_type\":\"t2.micro\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\"},\"network\":{\"network_id\":\"vpc-7d397e15\",\"private_dns_name\":\"ip-172-31-38-92.eu-west-2.compute.internal\",\"private_ip_address\":\"172.31.38.92\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-1758805b\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.339Z\",\"iam\":{\"id\":\"AIPA2IBR2EZTG7ZNMF6O2\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/nodes.kops-csp-demo-1.k8s.local\"},\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-0884cd35ebb13a77a\",\"i-0884cd35ebb13a77a\"],\"cloud\":{\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-2b\",\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0884cd35ebb13a77a\",\"name\":\"nodes-eu-west-2b.kops-csp-demo-1.k8s.local\"},\"machine\":{\"machine_type\":\"t3.medium\"}},\"host\":{\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0f7379fbe4fcc0400\",\"instance_type\":\"t3.medium\",\"platform\":\"\"},\"network\":{\"network_id\":\"vpc-058b21b3bf0f435b0\",\"private_dns_name\":\"ip-172-20-93-237.eu-west-2.compute.internal\",\"private_ip_address\":\"172.20.93.237\",\"public_dns_name\":\"ec2-18-133-26-251.eu-west-2.compute.amazonaws.com\",\"public_ip_address\":\"18.133.26.251\",\"subnet_ids\":[\"subnet-0981d6560ece89ecb\"]},\"resource_policies\":[],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-0884cd35ebb13a77a\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"raw\":{\"CurrentInstanceBootMode\":\"legacy-bios\",\"ElasticGpuAssociations\":null,\"EnaSupport\":true,\"EnclaveOptions\":{\"Enabled\":false},\"Monitoring\":{\"State\":\"disabled\"},\"Platform\":\"\",\"SourceDestCheck\":true,\"Tags\":[{\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node\",\"Value\":\"\"},{\"Key\":\"kops.k8s.io/instancegroup\",\"Value\":\"nodes-eu-west-2b\"},{\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role\",\"Value\":\"node\"},{\"Key\":\"Name\",\"Value\":\"nodes-eu-west-2b.kops-csp-demo-1.k8s.local\"},{\"Value\":\"nodes-eu-west-2b\",\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup\"},{\"Value\":\"1\",\"Key\":\"k8s.io/role/node\"},{\"Key\":\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\",\"Value\":\"owned\"},{\"Value\":\"kops-csp-demo-1.k8s.local\",\"Key\":\"KubernetesCluster\"},{\"Key\":\"aws:ec2launchtemplate:version\",\"Value\":\"1\"},{\"Key\":\"aws:ec2launchtemplate:id\",\"Value\":\"lt-0a8f25e53a4f89aa4\"},{\"Key\":\"aws:autoscaling:groupName\",\"Value\":\"nodes-eu-west-2b.kops-csp-demo-1.k8s.local\"}],\"UsageOperationUpdateTime\":\"2024-11-19T02:48:00Z\",\"HibernationOptions\":{\"Configured\":false},\"InstanceType\":\"t3.medium\",\"Ipv6Address\":null,\"RootDeviceType\":\"ebs\",\"SriovNetSupport\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T02:48:01Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-01f8ed1753b7087df\"}}],\"SubnetId\":\"subnet-0981d6560ece89ecb\",\"TpmSupport\":null,\"InstanceLifecycle\":\"\",\"LaunchTime\":\"2024-11-19T02:48:00Z\",\"NetworkInterfaces\":[{\"SubnetId\":\"subnet-0981d6560ece89ecb\",\"Association\":{\"PublicDnsName\":\"ec2-18-133-26-251.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"18.133.26.251\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T02:48:00Z\",\"AttachmentId\":\"eni-attach-04e2e59ab3fe6a9e3\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\"}],\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-022064825d1643ca8\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.20.93.237\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-20-93-237.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.93.237\",\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-133-26-251.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"18.133.26.251\",\"CarrierIp\":null},\"Primary\":true},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-67-227.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.67.227\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-65-79.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.65.79\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-91-239.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.91.239\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-77-127.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.77.127\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-64-122.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.64.122\"}],\"Status\":\"in-use\",\"MacAddress\":\"0a:0b:00:03:1f:2b\",\"PrivateDnsName\":\"ip-172-20-93-237.eu-west-2.compute.internal\"},{\"Association\":null,\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T02:55:18Z\",\"AttachmentId\":\"eni-attach-032cc243e3af579b4\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"EnaSrdSpecification\":null},\"PrivateDnsName\":\"ip-172-20-78-42.eu-west-2.compute.internal\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"MacAddress\":\"0a:1b:40:06:73:5d\",\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"Groups\":[{\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\"}],\"InterfaceType\":\"interface\",\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"172.20.78.42\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"SubnetId\":\"subnet-0981d6560ece89ecb\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"aws-K8S-i-0884cd35ebb13a77a\",\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-07583ca7fc8f41d75\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-78-42.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.78.42\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-74-86.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.74.86\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-93-230.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.93.230\",\"Association\":null},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-85-242.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.85.242\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-92-83.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.92.83\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-65-153.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.65.153\"}]}],\"ProductCodes\":[],\"RootDeviceName\":\"/dev/sda1\",\"SecurityGroups\":[{\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\"}],\"StateTransitionReason\":\"\",\"Architecture\":\"x86_64\",\"ClientToken\":\"74264d09-4755-7819-ebaf-eb9fc2551b2f\",\"KeyName\":\"kubernetes.kops-csp-demo-1.k8s.local-f8:d5:df:b6:6d:df:67:2a:21:68:99:99:4d:7d:54:55\",\"PublicDnsName\":\"ec2-18-133-26-251.eu-west-2.compute.amazonaws.com\",\"SpotInstanceRequestId\":null,\"UsageOperation\":\"RunInstances\",\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"Hypervisor\":\"xen\",\"State\":{\"Code\":16,\"Name\":\"running\"},\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":2},\"KernelId\":null,\"BootMode\":\"\",\"InstanceId\":\"i-0884cd35ebb13a77a\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Placement\":{\"PartitionNumber\":null,\"AvailabilityZone\":\"eu-west-2b\",\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"GroupId\":null,\"HostId\":null},\"RootVolume\":null,\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"PlatformDetails\":\"Linux/UNIX\",\"VirtualizationType\":\"hvm\",\"AmiLaunchIndex\":0,\"IamInstanceProfile\":{\"Id\":\"AIPA2IBR2EZTG7ZNMF6O2\",\"Arn\":\"arn:aws:iam::704479110758:instance-profile/nodes.kops-csp-demo-1.k8s.local\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"PublicIpAddress\":\"18.133.26.251\",\"ImageId\":\"ami-0f7379fbe4fcc0400\",\"OutpostArn\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ElasticInferenceAcceleratorAssociations\":null,\"Licenses\":null,\"PrivateIpAddress\":\"172.20.93.237\",\"EbsOptimized\":false,\"PrivateDnsName\":\"ip-172-20-93-237.eu-west-2.compute.internal\",\"RamdiskId\":null,\"Region\":\"eu-west-2\",\"CapacityReservationId\":null,\"StateReason\":null},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-0884cd35ebb13a77a\",\"i-0884cd35ebb13a77a\"],\"name\":\"nodes-eu-west-2b.kops-csp-demo-1.k8s.local\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node\":\"\",\"k8s.io/role/node\":\"1\",\"kops.k8s.io/instancegroup\":\"nodes-eu-west-2b\",\"KubernetesCluster\":\"kops-csp-demo-1.k8s.local\",\"aws:ec2launchtemplate:id\":\"lt-0a8f25e53a4f89aa4\",\"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role\":\"node\",\"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup\":\"nodes-eu-west-2b\",\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\":\"owned\",\"Name\":\"nodes-eu-west-2b.kops-csp-demo-1.k8s.local\",\"aws:autoscaling:groupName\":\"nodes-eu-west-2b.kops-csp-demo-1.k8s.local\",\"aws:ec2launchtemplate:version\":\"1\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"machine\":{\"machine_type\":\"t3.medium\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-2a\",\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"instance\":{\"id\":\"i-0d259bbd0f15a22de\",\"name\":\"master-eu-west-2a.masters.kops-csp-demo-1.k8s.local\"}},\"host\":{\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0f7379fbe4fcc0400\",\"instance_type\":\"t3.medium\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-0d259bbd0f15a22de\",\"i-0d259bbd0f15a22de\"],\"asset\":{\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"aws:ec2launchtemplate:id\":\"lt-02dc852167a1dd65e\",\"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup\":\"master-eu-west-2a\",\"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role\":\"master\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master\":\"\",\"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki\":\"\",\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\":\"owned\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane\":\"\",\"k8s.io/role/master\":\"1\",\"KubernetesCluster\":\"kops-csp-demo-1.k8s.local\",\"Name\":\"master-eu-west-2a.masters.kops-csp-demo-1.k8s.local\",\"aws:autoscaling:groupName\":\"master-eu-west-2a.masters.kops-csp-demo-1.k8s.local\",\"aws:ec2launchtemplate:version\":\"1\",\"k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers\":\"\",\"kops.k8s.io/instancegroup\":\"master-eu-west-2a\"},\"raw\":{\"ElasticGpuAssociations\":null,\"EnclaveOptions\":{\"Enabled\":false},\"PublicDnsName\":\"ec2-13-40-178-88.eu-west-2.compute.amazonaws.com\",\"PublicIpAddress\":\"13.40.178.88\",\"StateTransitionReason\":\"\",\"UsageOperation\":\"RunInstances\",\"Placement\":{\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-west-2a\",\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null,\"PartitionNumber\":null},\"Platform\":\"\",\"PrivateIpAddress\":\"172.20.63.57\",\"State\":{\"Code\":16,\"Name\":\"running\"},\"SubnetId\":\"subnet-0b301a436d259a430\",\"PlatformDetails\":\"Linux/UNIX\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"ProductCodes\":[],\"CurrentInstanceBootMode\":\"legacy-bios\",\"EbsOptimized\":false,\"InstanceId\":\"i-0d259bbd0f15a22de\",\"KernelId\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"RootDeviceName\":\"/dev/sda1\",\"RootVolume\":null,\"BootMode\":\"\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":2},\"EnaSupport\":true,\"InstanceType\":\"t3.medium\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":3,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"CapacityReservationId\":null,\"Hypervisor\":\"xen\",\"ElasticInferenceAcceleratorAssociations\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-01d2bb676d927f227\",\"GroupName\":\"masters.kops-csp-demo-1.k8s.local\"}],\"SourceDestCheck\":true,\"Tags\":[{\"Value\":\"lt-02dc852167a1dd65e\",\"Key\":\"aws:ec2launchtemplate:id\"},{\"Value\":\"1\",\"Key\":\"aws:ec2launchtemplate:version\"},{\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role\",\"Value\":\"master\"},{\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master\",\"Value\":\"\"},{\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki\",\"Value\":\"\"},{\"Value\":\"\",\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers\"},{\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup\",\"Value\":\"master-eu-west-2a\"},{\"Key\":\"KubernetesCluster\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Key\":\"k8s.io/role/master\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\",\"Value\":\"owned\"},{\"Key\":\"aws:autoscaling:groupName\",\"Value\":\"master-eu-west-2a.masters.kops-csp-demo-1.k8s.local\"},{\"Key\":\"kops.k8s.io/instancegroup\",\"Value\":\"master-eu-west-2a\"},{\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane\",\"Value\":\"\"},{\"Key\":\"Name\",\"Value\":\"master-eu-west-2a.masters.kops-csp-demo-1.k8s.local\"}],\"HibernationOptions\":{\"Configured\":false},\"ImageId\":\"ami-0f7379fbe4fcc0400\",\"Ipv6Address\":null,\"KeyName\":\"kubernetes.kops-csp-demo-1.k8s.local-f8:d5:df:b6:6d:df:67:2a:21:68:99:99:4d:7d:54:55\",\"UsageOperationUpdateTime\":\"2024-11-19T02:48:14Z\",\"OutpostArn\":null,\"Region\":\"eu-west-2\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"VolumeId\":\"vol-08e2b10b2fef63189\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T02:48:15Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\"}},{\"DeviceName\":\"/dev/xvdu\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T02:51:38Z\",\"DeleteOnTermination\":false,\"Status\":\"attached\",\"VolumeId\":\"vol-00934f989103f8025\",\"VolumeOwnerId\":null}},{\"DeviceName\":\"/dev/xvdv\",\"Ebs\":{\"VolumeId\":\"vol-077478c35dbd30089\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T02:51:38Z\",\"DeleteOnTermination\":false,\"Status\":\"attached\"}}],\"ClientToken\":\"f4b64d09-482c-f592-32f4-572a59aa4072\",\"RootDeviceType\":\"ebs\",\"VirtualizationType\":\"hvm\",\"Architecture\":\"x86_64\",\"StateReason\":null,\"AmiLaunchIndex\":0,\"InstanceLifecycle\":\"\",\"PrivateDnsName\":\"ip-172-20-63-57.eu-west-2.compute.internal\",\"TpmSupport\":null,\"LaunchTime\":\"2024-11-19T02:48:14Z\",\"Licenses\":null,\"RamdiskId\":null,\"SriovNetSupport\":null,\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/masters.kops-csp-demo-1.k8s.local\",\"Id\":\"AIPA2IBR2EZTA4K6J7Q2U\"},\"SpotInstanceRequestId\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"Monitoring\":{\"State\":\"disabled\"},\"NetworkInterfaces\":[{\"MacAddress\":\"06:48:c1:04:dc:49\",\"NetworkInterfaceId\":\"eni-0182617c03d70dca1\",\"PrivateIpAddress\":\"172.20.63.57\",\"Ipv4Prefixes\":null,\"Status\":\"in-use\",\"SubnetId\":\"subnet-0b301a436d259a430\",\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T02:48:14Z\",\"AttachmentId\":\"eni-attach-0903b09037b891763\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"Groups\":[{\"GroupId\":\"sg-01d2bb676d927f227\",\"GroupName\":\"masters.kops-csp-demo-1.k8s.local\"}],\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-13-40-178-88.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"13.40.178.88\"},\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-172-20-63-57.eu-west-2.compute.internal\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-63-57.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.63.57\",\"Association\":{\"PublicIp\":\"13.40.178.88\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-13-40-178-88.eu-west-2.compute.amazonaws.com\"}},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-36-116.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.36.116\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-56-37.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.56.37\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-51-230.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.51.230\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-63-168.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.63.168\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-47-218.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.47.218\"}],\"SourceDestCheck\":true},{\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T02:53:08Z\",\"AttachmentId\":\"eni-attach-0eab0a8c1c99e67c9\",\"DeleteOnTermination\":true,\"DeviceIndex\":1},\"Description\":\"aws-K8S-i-0d259bbd0f15a22de\",\"Ipv6Prefixes\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-41-142.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.41.142\"},{\"PrivateIpAddress\":\"172.20.40.70\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-40-70.eu-west-2.compute.internal\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-34-174.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.34.174\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-44-169.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.44.169\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-50-41.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.50.41\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-34-202.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.34.202\"}],\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"Association\":null,\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"MacAddress\":\"06:d6:14:d9:ce:6f\",\"PrivateIpAddress\":\"172.20.41.142\",\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-01d2bb676d927f227\",\"GroupName\":\"masters.kops-csp-demo-1.k8s.local\"}],\"NetworkInterfaceId\":\"eni-09b6853f92583d159\",\"PrivateDnsName\":\"ip-172-20-41-142.eu-west-2.compute.internal\",\"SubnetId\":\"subnet-0b301a436d259a430\"}],\"VpcId\":\"vpc-058b21b3bf0f435b0\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-0d259bbd0f15a22de\",\"i-0d259bbd0f15a22de\"],\"name\":\"master-eu-west-2a.masters.kops-csp-demo-1.k8s.local\",\"category\":\"infrastructure\",\"sub_category\":\"compute\"},\"network\":{\"private_dns_name\":\"ip-172-20-63-57.eu-west-2.compute.internal\",\"private_ip_address\":\"172.20.63.57\",\"public_dns_name\":\"ec2-13-40-178-88.eu-west-2.compute.amazonaws.com\",\"public_ip_address\":\"13.40.178.88\",\"subnet_ids\":[\"subnet-0b301a436d259a430\"],\"network_id\":\"vpc-058b21b3bf0f435b0\"},\"iam\":{\"id\":\"AIPA2IBR2EZTA4K6J7Q2U\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/masters.kops-csp-demo-1.k8s.local\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-0d259bbd0f15a22de\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"network\":{\"public_ip_address\":\"18.170.52.160\",\"subnet_ids\":[\"subnet-0b301a436d259a430\"],\"network_id\":\"vpc-058b21b3bf0f435b0\",\"private_dns_name\":\"ip-172-20-48-26.eu-west-2.compute.internal\",\"private_ip_address\":\"172.20.48.26\",\"public_dns_name\":\"ec2-18-170-52-160.eu-west-2.compute.amazonaws.com\"},\"iam\":{\"id\":\"AIPA2IBR2EZTG7ZNMF6O2\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/nodes.kops-csp-demo-1.k8s.local\"},\"resource_policies\":[],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"host\":{\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0f7379fbe4fcc0400\",\"instance_type\":\"t3.medium\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-0d892c25b0d403994\",\"i-0d892c25b0d403994\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-0d892c25b0d403994\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"aws:ec2launchtemplate:version\":\"1\",\"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup\":\"nodes-eu-west-2a\",\"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role\":\"node\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node\":\"\",\"kops.k8s.io/instancegroup\":\"nodes-eu-west-2a\",\"Name\":\"nodes-eu-west-2a.kops-csp-demo-1.k8s.local\",\"aws:ec2launchtemplate:id\":\"lt-0b925b3816c5d093b\",\"k8s.io/role/node\":\"1\",\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\":\"owned\",\"KubernetesCluster\":\"kops-csp-demo-1.k8s.local\",\"aws:autoscaling:groupName\":\"nodes-eu-west-2a.kops-csp-demo-1.k8s.local\"},\"raw\":{\"PrivateIpAddress\":\"172.20.48.26\",\"SecurityGroups\":[{\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\"}],\"ClientToken\":\"ee664d09-4350-2278-b7e0-d466808c5869\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"ElasticGpuAssociations\":null,\"Platform\":\"\",\"ElasticInferenceAcceleratorAssociations\":null,\"InstanceType\":\"t3.medium\",\"StateReason\":null,\"BootMode\":\"\",\"Region\":\"eu-west-2\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":2},\"NetworkInterfaces\":[{\"InterfaceType\":\"interface\",\"NetworkInterfaceId\":\"eni-0d78bda7dc610d3d5\",\"Status\":\"in-use\",\"SubnetId\":\"subnet-0b301a436d259a430\",\"Association\":{\"PublicIp\":\"18.170.52.160\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-170-52-160.eu-west-2.compute.amazonaws.com\"},\"Description\":\"\",\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-172-20-48-26.eu-west-2.compute.internal\",\"SourceDestCheck\":true,\"Attachment\":{\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T02:46:54Z\",\"AttachmentId\":\"eni-attach-05c5adbaf03044910\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0},\"Ipv6Addresses\":[],\"MacAddress\":\"06:a5:27:e2:7c:33\",\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-20-48-26.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.48.26\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-170-52-160.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"18.170.52.160\"},\"Primary\":true},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-55-165.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.55.165\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-42-150.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.42.150\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-42-160.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.42.160\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-40-115.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.40.115\"},{\"PrivateIpAddress\":\"172.20.46.147\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-46-147.eu-west-2.compute.internal\"}],\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\",\"GroupId\":\"sg-05d0d758dfd7b292f\"}],\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.20.48.26\",\"VpcId\":\"vpc-058b21b3bf0f435b0\"},{\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"aws-K8S-i-0d892c25b0d403994\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-08b6cccf1cbd56e16\",\"SourceDestCheck\":true,\"Ipv6Prefixes\":null,\"MacAddress\":\"06:84:27:a6:2f:d1\",\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"Status\":\"in-use\",\"SubnetId\":\"subnet-0b301a436d259a430\",\"Association\":null,\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T02:55:13Z\",\"AttachmentId\":\"eni-attach-0563cd0f0413a2686\"},\"Groups\":[{\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\"}],\"PrivateDnsName\":\"ip-172-20-48-45.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.48.45\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.20.48.45\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-48-45.eu-west-2.compute.internal\"},{\"PrivateDnsName\":\"ip-172-20-56-210.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.56.210\",\"Association\":null,\"Primary\":false},{\"PrivateDnsName\":\"ip-172-20-57-221.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.57.221\",\"Association\":null,\"Primary\":false},{\"PrivateIpAddress\":\"172.20.48.141\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-48-141.eu-west-2.compute.internal\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-56-30.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.56.30\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-45-139.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.45.139\"}]}],\"PublicDnsName\":\"ec2-18-170-52-160.eu-west-2.compute.amazonaws.com\",\"StateTransitionReason\":\"\",\"PrivateDnsName\":\"ip-172-20-48-26.eu-west-2.compute.internal\",\"RootDeviceName\":\"/dev/sda1\",\"RootDeviceType\":\"ebs\",\"PlatformDetails\":\"Linux/UNIX\",\"UsageOperation\":\"RunInstances\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"VolumeId\":\"vol-0bf3ca349c7f8f2ac\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T02:46:55Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\"}}],\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"EnaSupport\":true,\"OutpostArn\":null,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"nodes-eu-west-2a.kops-csp-demo-1.k8s.local\"},{\"Key\":\"aws:ec2launchtemplate:id\",\"Value\":\"lt-0b925b3816c5d093b\"},{\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role\",\"Value\":\"node\"},{\"Value\":\"\",\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node\"},{\"Value\":\"nodes-eu-west-2a\",\"Key\":\"kops.k8s.io/instancegroup\"},{\"Key\":\"k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup\",\"Value\":\"nodes-eu-west-2a\"},{\"Key\":\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\",\"Value\":\"owned\"},{\"Key\":\"k8s.io/role/node\",\"Value\":\"1\"},{\"Key\":\"KubernetesCluster\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Key\":\"aws:ec2launchtemplate:version\",\"Value\":\"1\"},{\"Key\":\"aws:autoscaling:groupName\",\"Value\":\"nodes-eu-west-2a.kops-csp-demo-1.k8s.local\"}],\"VirtualizationType\":\"hvm\",\"HibernationOptions\":{\"Configured\":false},\"Placement\":{\"AvailabilityZone\":\"eu-west-2a\",\"HostResourceGroupArn\":null,\"Tenancy\":\"default\",\"PartitionNumber\":null,\"SpreadDomain\":null,\"Affinity\":null,\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null},\"SourceDestCheck\":true,\"SpotInstanceRequestId\":null,\"EnclaveOptions\":{\"Enabled\":false},\"LaunchTime\":\"2024-11-19T02:46:54Z\",\"AmiLaunchIndex\":0,\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/nodes.kops-csp-demo-1.k8s.local\",\"Id\":\"AIPA2IBR2EZTG7ZNMF6O2\"},\"SriovNetSupport\":null,\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"State\":{\"Name\":\"running\",\"Code\":16},\"InstanceId\":\"i-0d892c25b0d403994\",\"Licenses\":null,\"ProductCodes\":[],\"PublicIpAddress\":\"18.170.52.160\",\"TpmSupport\":null,\"EbsOptimized\":false,\"InstanceLifecycle\":\"\",\"Ipv6Address\":null,\"RamdiskId\":null,\"KernelId\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Monitoring\":{\"State\":\"disabled\"},\"Hypervisor\":\"xen\",\"ImageId\":\"ami-0f7379fbe4fcc0400\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"RootVolume\":null,\"SubnetId\":\"subnet-0b301a436d259a430\",\"UsageOperationUpdateTime\":\"2024-11-19T02:46:54Z\",\"Architecture\":\"x86_64\",\"CapacityReservationId\":null,\"KeyName\":\"kubernetes.kops-csp-demo-1.k8s.local-f8:d5:df:b6:6d:df:67:2a:21:68:99:99:4d:7d:54:55\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:ec2/i-0d892c25b0d403994\",\"i-0d892c25b0d403994\"],\"name\":\"nodes-eu-west-2a.kops-csp-demo-1.k8s.local\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0d892c25b0d403994\",\"name\":\"nodes-eu-west-2a.kops-csp-demo-1.k8s.local\"},\"machine\":{\"machine_type\":\"t3.medium\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-2a\",\"provider\":\"aws\",\"region\":\"eu-west-2\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0a2dc4a316cdefd0a\",\"i-0a2dc4a316cdefd0a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0a2dc4a316cdefd0a\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"tags\":{\"Name\":\"TrackLiveEnvironment\",\"division\":\"engineering\",\"org\":\"security\",\"project\":\"live-environment-trakcing\",\"team\":\"cloud_security\"},\"raw\":{\"State\":{\"Code\":16,\"Name\":\"running\"},\"RootVolume\":null,\"ProductCodes\":[],\"RootDeviceName\":\"/dev/sda1\",\"NetworkInterfaces\":[{\"MacAddress\":\"0a:c3:af:60:28:f3\",\"PrivateDnsName\":\"ip-172-31-34-76.eu-west-1.compute.internal\",\"VpcId\":\"vpc-6cb55a15\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-0f8133159b21673b7\",\"GroupName\":\"launch-wizard-41\"}],\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.31.34.76\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-252-164-68.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.252.164.68\"},\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2023-04-03T20:26:47Z\",\"AttachmentId\":\"eni-attach-03ec4650e19c2380f\",\"DeleteOnTermination\":true},\"PrivateIpAddresses\":[{\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-252-164-68.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.252.164.68\",\"CarrierIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-34-76.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.34.76\"}],\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Description\":\"\",\"InterfaceType\":\"interface\",\"SubnetId\":\"subnet-7a841e20\",\"NetworkInterfaceId\":\"eni-09cb336d1b70f0765\",\"OwnerId\":\"704479110758\"}],\"Platform\":\"\",\"UsageOperationUpdateTime\":\"2023-04-03T20:26:47Z\",\"Hypervisor\":\"xen\",\"Ipv6Address\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"VirtualizationType\":\"hvm\",\"AmiLaunchIndex\":0,\"EbsOptimized\":true,\"RootDeviceType\":\"ebs\",\"InstanceLifecycle\":\"\",\"PublicIpAddress\":\"3.252.164.68\",\"VpcId\":\"vpc-6cb55a15\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0e86c7c33cbc28df9\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2023-04-03T20:26:48Z\"}}],\"CapacityReservationId\":null,\"ElasticInferenceAcceleratorAssociations\":null,\"BootMode\":\"\",\"TpmSupport\":null,\"Region\":\"eu-west-1\",\"Architecture\":\"x86_64\",\"ClientToken\":\"fc421bf9-3fdf-4614-bac6-8c6cebcc873f\",\"SecurityGroups\":[{\"GroupId\":\"sg-0f8133159b21673b7\",\"GroupName\":\"launch-wizard-41\"}],\"RamdiskId\":null,\"SourceDestCheck\":true,\"EnaSupport\":true,\"InstanceId\":\"i-0a2dc4a316cdefd0a\",\"PublicDnsName\":\"ec2-3-252-164-68.eu-west-1.compute.amazonaws.com\",\"KernelId\":null,\"KeyName\":\"track-live-env\",\"StateTransitionReason\":\"\",\"PrivateDnsName\":\"ip-172-31-34-76.eu-west-1.compute.internal\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"Monitoring\":{\"State\":\"disabled\"},\"OutpostArn\":null,\"PrivateIpAddress\":\"172.31.34.76\",\"SpotInstanceRequestId\":null,\"HibernationOptions\":{\"Configured\":false},\"ImageId\":\"ami-00aa9d3df94c6c354\",\"Placement\":{\"GroupId\":null,\"HostId\":null,\"HostResourceGroupArn\":null,\"Tenancy\":\"default\",\"AvailabilityZone\":\"eu-west-1c\",\"GroupName\":\"\",\"PartitionNumber\":null,\"SpreadDomain\":null,\"Affinity\":null},\"StateReason\":null,\"LaunchTime\":\"2023-04-03T20:26:47Z\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":8,\"ThreadsPerCore\":2},\"CurrentInstanceBootMode\":\"legacy-bios\",\"IamInstanceProfile\":null,\"ElasticGpuAssociations\":null,\"InstanceType\":\"c5.4xlarge\",\"EnclaveOptions\":{\"Enabled\":false},\"SriovNetSupport\":null,\"SubnetId\":\"subnet-7a841e20\",\"Tags\":[{\"Key\":\"project\",\"Value\":\"live-environment-trakcing\"},{\"Key\":\"Name\",\"Value\":\"TrackLiveEnvironment\"},{\"Key\":\"team\",\"Value\":\"cloud_security\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"UsageOperation\":\"RunInstances\",\"Licenses\":null,\"MetadataOptions\":{\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1,\"HttpTokens\":\"optional\",\"InstanceMetadataTags\":\"disabled\"},\"PlatformDetails\":\"Linux/UNIX\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0a2dc4a316cdefd0a\",\"i-0a2dc4a316cdefd0a\"],\"name\":\"TrackLiveEnvironment\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"organization\":{},\"instance\":{\"id\":\"i-0a2dc4a316cdefd0a\",\"name\":\"TrackLiveEnvironment\"},\"machine\":{\"machine_type\":\"c5.4xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-00aa9d3df94c6c354\",\"instance_type\":\"c5.4xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"private_ip_address\":\"172.31.34.76\",\"public_dns_name\":\"ec2-3-252-164-68.eu-west-1.compute.amazonaws.com\",\"public_ip_address\":\"3.252.164.68\",\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-34-76.eu-west-1.compute.internal\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"network_id\":\"vpc-096d5aaf84103883c\",\"private_dns_name\":\"ip-10-0-1-162.eu-west-1.compute.internal\",\"private_ip_address\":\"10.0.1.162\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-013417b28485abce5\"]},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-07ef7e2fdfaa31310\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"aws:ec2:fleet-id\":\"fleet-2a2e8aaf-cd9f-c9bc-aeb0-2c8203e97ead\",\"eks:nodegroup-name\":\"long-running-project-1-2023112318052631330000000e\",\"project\":\"project-live-env\",\"team\":\"cloud-security-posture\",\"Name\":\"long-running-project-1\",\"aws:autoscaling:groupName\":\"eks-long-running-project-1-2023112318052631330000000e-dec5fead-d7f9-95f4-76f3-8b2cfab33a69\",\"aws:ec2launchtemplate:version\":\"1\",\"k8s.io/cluster-autoscaler/long-running-project\":\"owned\",\"kubernetes.io/cluster/long-running-project\":\"owned\",\"ec2_type\":\"kspm_eks\",\"org\":\"security\",\"aws:ec2launchtemplate:id\":\"lt-05ca840338dd5a018\",\"aws:eks:cluster-name\":\"long-running-project\",\"division\":\"engineering\",\"eks:cluster-name\":\"long-running-project\",\"k8s.io/cluster-autoscaler/enabled\":\"true\"},\"raw\":{\"Architecture\":\"x86_64\",\"ElasticInferenceAcceleratorAssociations\":null,\"PublicIpAddress\":null,\"RootDeviceType\":\"ebs\",\"ElasticGpuAssociations\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"VolumeId\":\"vol-06b9f323eba10fdce\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2023-11-23T18:06:00Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\"}}],\"Platform\":\"\",\"EbsOptimized\":false,\"KernelId\":null,\"Placement\":{\"SpreadDomain\":null,\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1a\",\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\"},\"EnaSupport\":true,\"ImageId\":\"ami-0bee92579240a1dfe\",\"MetadataOptions\":{\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\"},\"RootDeviceName\":\"/dev/xvda\",\"State\":{\"Code\":16,\"Name\":\"running\"},\"ClientToken\":\"fleet-2a2e8aaf-cd9f-c9bc-aeb0-2c8203e97ead-0\",\"Licenses\":null,\"ProductCodes\":[],\"SourceDestCheck\":true,\"SubnetId\":\"subnet-013417b28485abce5\",\"UsageOperationUpdateTime\":\"2023-11-23T18:05:59Z\",\"VpcId\":\"vpc-096d5aaf84103883c\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"Ipv6Address\":null,\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"UsageOperation\":\"RunInstances\",\"HibernationOptions\":{\"Configured\":false},\"SpotInstanceRequestId\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateDnsName\":\"ip-10-0-1-162.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.162\",\"PublicDnsName\":\"\",\"RamdiskId\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-0133ee02b1d6a0bd0\",\"GroupName\":\"long-running-project_120231123175751595700000004\"},{\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":\"long-running-project-node-20231123175752373900000007\"},{\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\"}],\"SriovNetSupport\":null,\"AmiLaunchIndex\":0,\"CapacityReservationId\":null,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":2},\"LaunchTime\":\"2023-11-23T18:05:59Z\",\"Monitoring\":{\"State\":\"enabled\"},\"PlatformDetails\":\"Linux/UNIX\",\"Tags\":[{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"k8s.io/cluster-autoscaler/long-running-project\",\"Value\":\"owned\"},{\"Key\":\"eks:nodegroup-name\",\"Value\":\"long-running-project-1-2023112318052631330000000e\"},{\"Value\":\"eks-long-running-project-1-2023112318052631330000000e-dec5fead-d7f9-95f4-76f3-8b2cfab33a69\",\"Key\":\"aws:autoscaling:groupName\"},{\"Key\":\"eks:cluster-name\",\"Value\":\"long-running-project\"},{\"Key\":\"aws:ec2:fleet-id\",\"Value\":\"fleet-2a2e8aaf-cd9f-c9bc-aeb0-2c8203e97ead\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"long-running-project\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"aws:ec2launchtemplate:id\",\"Value\":\"lt-05ca840338dd5a018\"},{\"Key\":\"kubernetes.io/cluster/long-running-project\",\"Value\":\"owned\"},{\"Key\":\"k8s.io/cluster-autoscaler/enabled\",\"Value\":\"true\"},{\"Key\":\"project\",\"Value\":\"project-live-env\"},{\"Key\":\"aws:ec2launchtemplate:version\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"long-running-project-1\"}],\"OutpostArn\":null,\"BootMode\":\"\",\"Hypervisor\":\"xen\",\"StateTransitionReason\":\"\",\"Region\":\"eu-west-1\",\"EnclaveOptions\":{\"Enabled\":false},\"InstanceType\":\"t3.small\",\"KeyName\":null,\"NetworkInterfaces\":[{\"InterfaceType\":\"interface\",\"MacAddress\":\"02:e7:1d:44:58:75\",\"Association\":null,\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2023-11-23T18:06:42Z\",\"AttachmentId\":\"eni-attach-00fedb992df796eb5\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"EnaSrdSpecification\":null},\"Groups\":[{\"GroupId\":\"sg-0133ee02b1d6a0bd0\",\"GroupName\":\"long-running-project_120231123175751595700000004\"},{\"GroupName\":\"long-running-project-node-20231123175752373900000007\",\"GroupId\":\"sg-081a33d48a4a9086f\"},{\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\"}],\"PrivateIpAddress\":\"10.0.1.198\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-198.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.198\",\"Association\":null},{\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-97.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.97\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-70.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.70\"},{\"PrivateDnsName\":\"ip-10-0-1-219.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.219\",\"Association\":null,\"Primary\":false}],\"SourceDestCheck\":true,\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-1-198.eu-west-1.compute.internal\",\"Status\":\"in-use\",\"SubnetId\":\"subnet-013417b28485abce5\",\"VpcId\":\"vpc-096d5aaf84103883c\",\"Description\":\"aws-K8S-i-07ef7e2fdfaa31310\",\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"NetworkInterfaceId\":\"eni-05aaeea558b2ef107\"},{\"Attachment\":{\"AttachmentId\":\"eni-attach-0fa153c36e05e1234\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2023-11-23T18:05:59Z\"},\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"NetworkInterfaceId\":\"eni-0a9a73e030de516cc\",\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"10.0.1.162\",\"Groups\":[{\"GroupId\":\"sg-0133ee02b1d6a0bd0\",\"GroupName\":\"long-running-project_120231123175751595700000004\"},{\"GroupName\":\"long-running-project-node-20231123175752373900000007\",\"GroupId\":\"sg-081a33d48a4a9086f\"},{\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\"}],\"Ipv4Prefixes\":null,\"MacAddress\":\"02:8c:04:38:23:27\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-013417b28485abce5\",\"VpcId\":\"vpc-096d5aaf84103883c\",\"Association\":null,\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-1-162.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-162.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.162\"},{\"PrivateIpAddress\":\"10.0.1.241\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-241.eu-west-1.compute.internal\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-67.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.67\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-230.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.230\"}],\"Status\":\"in-use\"}],\"RootVolume\":null,\"InstanceId\":\"i-07ef7e2fdfaa31310\",\"StateReason\":null,\"InstanceLifecycle\":\"\",\"TpmSupport\":null,\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/eks-dec5fead-d7f9-95f4-76f3-8b2cfab33a69\",\"Id\":\"AIPA2IBR2EZTHZX55HVZA\"},\"VirtualizationType\":\"hvm\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-07ef7e2fdfaa31310\",\"i-07ef7e2fdfaa31310\"],\"name\":\"long-running-project-1\",\"category\":\"infrastructure\"},\"cloud\":{\"machine\":{\"machine_type\":\"t3.small\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1a\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"name\":\"long-running-project-1\",\"id\":\"i-07ef7e2fdfaa31310\"}},\"ecs\":{\"version\":\"8.0.0\"},\"iam\":{\"arn\":\"arn:aws:iam::704479110758:instance-profile/eks-dec5fead-d7f9-95f4-76f3-8b2cfab33a69\",\"id\":\"AIPA2IBR2EZTHZX55HVZA\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-07ef7e2fdfaa31310\",\"i-07ef7e2fdfaa31310\"],\"host\":{\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0bee92579240a1dfe\",\"instance_type\":\"t3.small\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"name\":\"orz_qualys_test\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"orz_qualys_test\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},\"raw\":{\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"HibernationOptions\":{\"Configured\":false},\"LaunchTime\":\"2024-04-03T06:33:36Z\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"RamdiskId\":null,\"RootDeviceName\":\"/dev/xvda\",\"UsageOperation\":\"RunInstances\",\"UsageOperationUpdateTime\":\"2024-04-03T06:33:36Z\",\"ImageId\":\"ami-0f007bf1d5c770c6e\",\"BootMode\":\"uefi-preferred\",\"EbsOptimized\":false,\"ElasticInferenceAcceleratorAssociations\":null,\"EnclaveOptions\":{\"Enabled\":false},\"Monitoring\":{\"State\":\"disabled\"},\"SubnetId\":\"subnet-b50028fd\",\"AmiLaunchIndex\":0,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-04-03T06:33:36Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-025297407e23fe0b4\",\"VolumeOwnerId\":null}}],\"CapacityReservationId\":null,\"ClientToken\":\"082f3809-a241-4313-b218-0446dc599310\",\"Region\":\"eu-west-1\",\"Licenses\":null,\"NetworkInterfaces\":[{\"InterfaceType\":\"interface\",\"SourceDestCheck\":true,\"PrivateIpAddress\":\"172.31.21.28\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-21-28.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.21.28\"}],\"Status\":\"in-use\",\"SubnetId\":\"subnet-b50028fd\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-21-28.eu-west-1.compute.internal\",\"Ipv4Prefixes\":null,\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-0080ac16b8a9372b6\",\"GroupName\":\"launch-wizard-96\"}],\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"MacAddress\":\"06:01:f4:18:b7:6d\",\"Association\":null,\"Attachment\":{\"Status\":\"attached\",\"AttachTime\":\"2024-04-03T06:33:36Z\",\"AttachmentId\":\"eni-attach-0ab724cd81072ba59\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0},\"NetworkInterfaceId\":\"eni-0459394252f9b0558\",\"VpcId\":\"vpc-6cb55a15\"}],\"PlatformDetails\":\"Linux/UNIX\",\"PublicDnsName\":\"\",\"SourceDestCheck\":true,\"Architecture\":\"x86_64\",\"Ipv6Address\":null,\"Placement\":{\"HostId\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1b\",\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null},\"ProductCodes\":[],\"VirtualizationType\":\"hvm\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"SriovNetSupport\":null,\"CurrentInstanceBootMode\":\"legacy-bios\",\"PrivateIpAddress\":\"172.31.21.28\",\"RootVolume\":null,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":1},\"OutpostArn\":null,\"RootDeviceType\":\"ebs\",\"SecurityGroups\":[{\"GroupId\":\"sg-0080ac16b8a9372b6\",\"GroupName\":\"launch-wizard-96\"}],\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"EnaSupport\":true,\"Hypervisor\":\"xen\",\"InstanceType\":\"t2.micro\",\"ElasticGpuAssociations\":null,\"MetadataOptions\":{\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\"},\"StateTransitionReason\":\"User initiated (2024-04-06 02:20:48 GMT)\",\"VpcId\":\"vpc-6cb55a15\",\"InstanceId\":\"i-0e531b67000896609\",\"InstanceLifecycle\":\"\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"TpmSupport\":null,\"IamInstanceProfile\":null,\"KernelId\":null,\"PublicIpAddress\":null,\"SpotInstanceRequestId\":null,\"KeyName\":\"orz_eu_west_1\",\"Platform\":\"\",\"Tags\":[{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"},{\"Key\":\"Name\",\"Value\":\"orz_qualys_test\"}],\"PrivateDnsName\":\"ip-172-31-21-28.eu-west-1.compute.internal\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e531b67000896609\",\"i-0e531b67000896609\"]},\"host\":{\"imageId\":\"ami-0f007bf1d5c770c6e\",\"instance_type\":\"t2.micro\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\"},\"network\":{\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-21-28.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.21.28\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-b50028fd\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e531b67000896609\",\"i-0e531b67000896609\"],\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e531b67000896609\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"cloud\":{\"availability_zone\":\"eu-west-1b\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0e531b67000896609\",\"name\":\"orz_qualys_test\"},\"machine\":{\"machine_type\":\"t2.micro\"},\"service\":{\"name\":\"AWS EC2\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-05629eb9e58620424\",\"name\":\"elastic-agent-instance-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1b\",\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-0533f0c489f51cb7d\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"subnet_ids\":[\"subnet-b50028fd\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-30-36.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.30.36\",\"public_dns_name\":\"\"},\"iam\":{\"id\":\"AIPA2IBR2EZTGFDHP66IC\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-05629eb9e58620424\",\"i-05629eb9e58620424\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-05629eb9e58620424\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"name\":\"elastic-agent-instance-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Cloud-Security-Posture-Management/54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\",\"aws:cloudformation:stack-name\":\"Elastic-Cloud-Security-Posture-Management\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"elastic-agent-instance-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\",\"Task\":\"Cloud Security Posture Management Scanner\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\"},\"raw\":{\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"Ipv6Address\":null,\"Placement\":{\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"GroupId\":null,\"AvailabilityZone\":\"eu-west-1b\",\"GroupName\":\"\",\"HostId\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null},\"RootDeviceName\":\"/dev/xvda\",\"SriovNetSupport\":null,\"TpmSupport\":null,\"Monitoring\":{\"State\":\"disabled\"},\"Platform\":\"\",\"RamdiskId\":null,\"Region\":\"eu-west-1\",\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"UsageOperationUpdateTime\":\"2024-05-07T08:33:39Z\",\"CapacityReservationId\":null,\"PublicIpAddress\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-0daee1caa0a282c25\",\"GroupName\":\"elastic-agent-security-group-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\"}],\"Tags\":[{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Cloud-Security-Posture-Management/54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\"},{\"Key\":\"Task\",\"Value\":\"Cloud Security Posture Management Scanner\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Value\":\"Resource does not meet policy: terminate@2024/12/04\",\"Key\":\"custodian_delete\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Cloud-Security-Posture-Management\"}],\"InstanceId\":\"i-05629eb9e58620424\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ElasticInferenceAcceleratorAssociations\":null,\"Hypervisor\":\"xen\",\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\",\"Id\":\"AIPA2IBR2EZTGFDHP66IC\"},\"KernelId\":null,\"ProductCodes\":[],\"Architecture\":\"arm64\",\"EbsOptimized\":false,\"EnaSupport\":true,\"PrivateIpAddress\":\"172.31.30.36\",\"ElasticGpuAssociations\":null,\"LaunchTime\":\"2024-05-07T08:33:39Z\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SourceDestCheck\":true,\"StateTransitionReason\":\"User initiated (2024-05-09 02:20:31 GMT)\",\"VirtualizationType\":\"hvm\",\"AmiLaunchIndex\":0,\"MetadataOptions\":{\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\"},\"OutpostArn\":null,\"RootDeviceType\":\"ebs\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"SubnetId\":\"subnet-b50028fd\",\"RootVolume\":null,\"ImageId\":\"ami-0533f0c489f51cb7d\",\"InstanceType\":\"m6g.xlarge\",\"BootMode\":\"uefi\",\"ClientToken\":\"53967225-7571-3d6c-d90d-c4436883c48b\",\"EnclaveOptions\":{\"Enabled\":false},\"PlatformDetails\":\"Linux/UNIX\",\"PrivateDnsName\":\"ip-172-31-30-36.eu-west-1.compute.internal\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-051116d6696fc5723\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-05-07T08:33:40Z\"}}],\"KeyName\":null,\"Licenses\":null,\"SpotInstanceRequestId\":null,\"HibernationOptions\":{\"Configured\":false},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PublicDnsName\":\"\",\"VpcId\":\"vpc-6cb55a15\",\"CurrentInstanceBootMode\":\"uefi\",\"InstanceLifecycle\":\"\",\"NetworkInterfaces\":[{\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-30-36.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.30.36\"}],\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-0daee1caa0a282c25\",\"GroupName\":\"elastic-agent-security-group-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\"}],\"MacAddress\":\"06:01:e5:6f:7a:89\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-30-36.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.30.36\",\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-0fbf0aa0d5789d9d8\",\"VpcId\":\"vpc-6cb55a15\",\"Association\":null,\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"SourceDestCheck\":true,\"Attachment\":{\"AttachTime\":\"2024-05-07T08:33:39Z\",\"AttachmentId\":\"eni-attach-0d61b95bf57a82ec7\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"Description\":\"\",\"Status\":\"in-use\",\"SubnetId\":\"subnet-b50028fd\"}],\"UsageOperation\":\"RunInstances\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-05629eb9e58620424\",\"i-05629eb9e58620424\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-024825541d5f05370\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"evgb-AgentPlay\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\"},\"raw\":{\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"Region\":\"eu-west-1\",\"EbsOptimized\":false,\"Ipv6Address\":null,\"RootDeviceType\":\"ebs\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-d4cf96b2\",\"ElasticInferenceAcceleratorAssociations\":null,\"Licenses\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateIpAddress\":\"172.31.0.236\",\"ClientToken\":\"27822a59-ca6d-4d5e-b343-14b9ea533ccf\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"LaunchTime\":\"2024-04-04T16:03:03Z\",\"RamdiskId\":null,\"UsageOperationUpdateTime\":\"2024-03-12T11:04:18Z\",\"Architecture\":\"x86_64\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"EnclaveOptions\":{\"Enabled\":false},\"Hypervisor\":\"xen\",\"CapacityReservationId\":null,\"OutpostArn\":null,\"Platform\":\"\",\"ImageId\":\"ami-0fc3317b37c1269d3\",\"PlatformDetails\":\"Linux/UNIX\",\"PrivateDnsName\":\"ip-172-31-0-236.eu-west-1.compute.internal\",\"InstanceType\":\"t2.medium\",\"Monitoring\":{\"State\":\"disabled\"},\"SpotInstanceRequestId\":null,\"RootVolume\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-0c9dfc1823afc5e9a\",\"GroupName\":\"launch-wizard-94\"}],\"StateTransitionReason\":\"User initiated (2024-04-05 02:20:33 GMT)\",\"VirtualizationType\":\"hvm\",\"ProductCodes\":[],\"PublicDnsName\":\"\",\"SriovNetSupport\":null,\"Tags\":[{\"Value\":\"Resource does not meet policy: stop@2024/11/20\",\"Key\":\"custodian_stop\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"Name\",\"Value\":\"evgb-AgentPlay\"},{\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Key\":\"stopped-by\"}],\"AmiLaunchIndex\":0,\"InstanceLifecycle\":\"\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"TpmSupport\":null,\"State\":{\"Name\":\"stopped\",\"Code\":80},\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"BootMode\":\"uefi-preferred\",\"EnaSupport\":true,\"IamInstanceProfile\":null,\"KeyName\":\"evgb-sshkey\",\"ElasticGpuAssociations\":null,\"InstanceId\":\"i-024825541d5f05370\",\"NetworkInterfaces\":[{\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-d4cf96b2\",\"VpcId\":\"vpc-6cb55a15\",\"Association\":null,\"Description\":\"\",\"Ipv6Addresses\":[],\"Groups\":[{\"GroupName\":\"launch-wizard-94\",\"GroupId\":\"sg-0c9dfc1823afc5e9a\"}],\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-0-236.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.0.236\"}],\"PrivateIpAddress\":\"172.31.0.236\",\"Status\":\"in-use\",\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-03-12T11:04:18Z\",\"AttachmentId\":\"eni-attach-0a3a081b5720c839e\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"InterfaceType\":\"interface\",\"NetworkInterfaceId\":\"eni-0e282d70e1a06e40c\",\"MacAddress\":\"02:10:2f:fb:0d:8b\",\"PrivateDnsName\":\"ip-172-31-0-236.eu-west-1.compute.internal\",\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null}],\"PublicIpAddress\":null,\"RootDeviceName\":\"/dev/xvda\",\"VpcId\":\"vpc-6cb55a15\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-06b4d1211df28817c\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-03-12T11:04:18Z\"}}],\"HibernationOptions\":{\"Configured\":false},\"Placement\":{\"AvailabilityZone\":\"eu-west-1a\",\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"Affinity\":null,\"GroupId\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\"},\"KernelId\":null,\"UsageOperation\":\"RunInstances\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-024825541d5f05370\",\"i-024825541d5f05370\"],\"name\":\"evgb-AgentPlay\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-024825541d5f05370\",\"name\":\"evgb-AgentPlay\"},\"machine\":{\"machine_type\":\"t2.medium\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1a\"},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-0fc3317b37c1269d3\",\"instance_type\":\"t2.medium\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-0-236.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.0.236\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-d4cf96b2\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-024825541d5f05370\",\"i-024825541d5f05370\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"instance\":{\"id\":\"i-0ff4fad15fd457aca\",\"name\":\"orestis-onweek-server\"},\"machine\":{\"machine_type\":\"c6g.medium\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1a\",\"provider\":\"aws\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"orestis-onweek-server\"},\"raw\":{\"Tags\":[{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Value\":\"orestis-onweek-server\",\"Key\":\"Name\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"}],\"Platform\":\"\",\"EnaSupport\":true,\"InstanceType\":\"c6g.medium\",\"LaunchTime\":\"2024-05-16T10:50:03Z\",\"PlatformDetails\":\"Linux/UNIX\",\"TpmSupport\":null,\"VirtualizationType\":\"hvm\",\"Architecture\":\"arm64\",\"EbsOptimized\":true,\"ElasticGpuAssociations\":null,\"ImageId\":\"ami-094025d68c6601508\",\"MetadataOptions\":{\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\"},\"Monitoring\":{\"State\":\"disabled\"},\"UsageOperationUpdateTime\":\"2024-05-02T14:53:49Z\",\"BootMode\":\"uefi\",\"ElasticInferenceAcceleratorAssociations\":null,\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"RootDeviceName\":\"/dev/xvda\",\"SriovNetSupport\":null,\"VpcId\":\"vpc-6cb55a15\",\"Region\":\"eu-west-1\",\"Ipv6Address\":null,\"Placement\":{\"Affinity\":null,\"GroupId\":null,\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"AvailabilityZone\":\"eu-west-1a\",\"GroupName\":\"\",\"Tenancy\":\"default\"},\"RootDeviceType\":\"ebs\",\"SpotInstanceRequestId\":null,\"SubnetId\":\"subnet-d4cf96b2\",\"UsageOperation\":\"RunInstances\",\"CapacityReservationId\":null,\"KeyName\":\"ofloros-key\",\"ProductCodes\":[],\"CapacityReservationSpecification\":{\"CapacityReservationTarget\":null,\"CapacityReservationPreference\":\"open\"},\"IamInstanceProfile\":null,\"KernelId\":null,\"RootVolume\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-05-02T14:53:50Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0eb39e4d06922484b\",\"VolumeOwnerId\":null}}],\"Hypervisor\":\"xen\",\"SecurityGroups\":[{\"GroupId\":\"sg-0c3d5a1a87fe80dcb\",\"GroupName\":\"orestis-onweek\"}],\"StateTransitionReason\":\"User initiated (2024-05-17 02:24:26 GMT)\",\"ClientToken\":\"ecaa3910-644e-417b-b862-260cca9b515e\",\"EnclaveOptions\":{\"Enabled\":false},\"SourceDestCheck\":true,\"HibernationOptions\":{\"Configured\":false},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"OutpostArn\":null,\"AmiLaunchIndex\":0,\"InstanceLifecycle\":\"\",\"PrivateDnsName\":\"ip-172-31-10-159.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.10.159\",\"PublicIpAddress\":null,\"RamdiskId\":null,\"CurrentInstanceBootMode\":\"uefi\",\"Licenses\":null,\"NetworkInterfaces\":[{\"Description\":\"\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-0a3441a9ab67480fd\",\"VpcId\":\"vpc-6cb55a15\",\"Association\":null,\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-0c3d5a1a87fe80dcb\",\"GroupName\":\"orestis-onweek\"}],\"PrivateDnsName\":\"ip-172-31-10-159.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-05-02T14:53:49Z\",\"AttachmentId\":\"eni-attach-0e7f10a3289cbe4fd\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"InterfaceType\":\"interface\",\"PrivateIpAddress\":\"172.31.10.159\",\"MacAddress\":\"02:49:c4:57:8a:b7\",\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-10-159.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.10.159\",\"Association\":null}],\"SubnetId\":\"subnet-d4cf96b2\"}],\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":1},\"InstanceId\":\"i-0ff4fad15fd457aca\",\"PublicDnsName\":\"\",\"State\":{\"Name\":\"stopped\",\"Code\":80}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0ff4fad15fd457aca\",\"i-0ff4fad15fd457aca\"],\"name\":\"orestis-onweek-server\",\"category\":\"infrastructure\"},\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-094025d68c6601508\",\"instance_type\":\"c6g.medium\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"private_ip_address\":\"172.31.10.159\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-d4cf96b2\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-10-159.eu-west-1.compute.internal\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0ff4fad15fd457aca\",\"i-0ff4fad15fd457aca\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0ff4fad15fd457aca\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-01b2e7e7d0402b64f\",\"i-01b2e7e7d0402b64f\"],\"name\":\"long-running-project-1\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"ec2_type\":\"kspm_eks\",\"project\":\"project-live-env\",\"team\":\"cloud-security-posture\",\"aws:eks:cluster-name\":\"long-running-project\",\"eks:cluster-name\":\"long-running-project\",\"k8s.io/cluster-autoscaler/enabled\":\"true\",\"k8s.io/cluster-autoscaler/long-running-project\":\"owned\",\"Name\":\"long-running-project-1\",\"aws:autoscaling:groupName\":\"eks-long-running-project-1-2023112318052631330000000e-dec5fead-d7f9-95f4-76f3-8b2cfab33a69\",\"aws:ec2:fleet-id\":\"fleet-a08ea00d-4595-413c-2c12-ae08b8c13134\",\"aws:ec2launchtemplate:id\":\"lt-05ca840338dd5a018\",\"eks:nodegroup-name\":\"long-running-project-1-2023112318052631330000000e\",\"kubernetes.io/cluster/long-running-project\":\"owned\",\"org\":\"security\",\"aws:ec2launchtemplate:version\":\"1\",\"division\":\"engineering\"},\"raw\":{\"AmiLaunchIndex\":0,\"ClientToken\":\"fleet-a08ea00d-4595-413c-2c12-ae08b8c13134-0\",\"ImageId\":\"ami-0bee92579240a1dfe\",\"PublicDnsName\":\"\",\"Hypervisor\":\"xen\",\"KeyName\":null,\"Monitoring\":{\"State\":\"enabled\"},\"SpotInstanceRequestId\":null,\"UsageOperation\":\"RunInstances\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"SriovNetSupport\":null,\"CurrentInstanceBootMode\":\"legacy-bios\",\"ElasticInferenceAcceleratorAssociations\":null,\"LaunchTime\":\"2023-11-23T18:05:59Z\",\"TpmSupport\":null,\"VirtualizationType\":\"hvm\",\"Architecture\":\"x86_64\",\"PrivateIpAddress\":\"10.0.3.53\",\"ProductCodes\":[],\"CapacityReservationId\":null,\"CpuOptions\":{\"CoreCount\":1,\"ThreadsPerCore\":2,\"AmdSevSnp\":\"\"},\"RootDeviceType\":\"ebs\",\"RootVolume\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-029ff69357710048d\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2023-11-23T18:06:00Z\"}}],\"BootMode\":\"\",\"HibernationOptions\":{\"Configured\":false},\"Ipv6Address\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"IamInstanceProfile\":{\"Id\":\"AIPA2IBR2EZTHZX55HVZA\",\"Arn\":\"arn:aws:iam::704479110758:instance-profile/eks-dec5fead-d7f9-95f4-76f3-8b2cfab33a69\"},\"KernelId\":null,\"NetworkInterfaces\":[{\"Status\":\"in-use\",\"Association\":null,\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-10-0-3-53.eu-west-1.compute.internal\",\"Groups\":[{\"GroupId\":\"sg-0133ee02b1d6a0bd0\",\"GroupName\":\"long-running-project_120231123175751595700000004\"},{\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":\"long-running-project-node-20231123175752373900000007\"},{\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\"}],\"InterfaceType\":\"interface\",\"PrivateIpAddress\":\"10.0.3.53\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-10-0-3-53.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.53\",\"Association\":null,\"Primary\":true},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-33.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.33\"},{\"PrivateIpAddress\":\"10.0.3.136\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-136.eu-west-1.compute.internal\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-74.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.74\"}],\"VpcId\":\"vpc-096d5aaf84103883c\",\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:a3:29:62:47:b5\",\"NetworkInterfaceId\":\"eni-059aff8a4deda93b7\",\"Attachment\":{\"AttachmentId\":\"eni-attach-04e8b024776872d48\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2023-11-23T18:05:59Z\"},\"Ipv4Prefixes\":null,\"SourceDestCheck\":true,\"SubnetId\":\"subnet-0f5599e2c5f7309f8\"}],\"OutpostArn\":null,\"PublicIpAddress\":null,\"UsageOperationUpdateTime\":\"2023-11-23T18:05:59Z\",\"VpcId\":\"vpc-096d5aaf84103883c\",\"EnclaveOptions\":{\"Enabled\":false},\"InstanceId\":\"i-01b2e7e7d0402b64f\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"long-running-project-1\"},{\"Value\":\"long-running-project\",\"Key\":\"eks:cluster-name\"},{\"Key\":\"k8s.io/cluster-autoscaler/enabled\",\"Value\":\"true\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"k8s.io/cluster-autoscaler/long-running-project\",\"Value\":\"owned\"},{\"Key\":\"eks:nodegroup-name\",\"Value\":\"long-running-project-1-2023112318052631330000000e\"},{\"Key\":\"aws:ec2launchtemplate:id\",\"Value\":\"lt-05ca840338dd5a018\"},{\"Key\":\"kubernetes.io/cluster/long-running-project\",\"Value\":\"owned\"},{\"Key\":\"aws:autoscaling:groupName\",\"Value\":\"eks-long-running-project-1-2023112318052631330000000e-dec5fead-d7f9-95f4-76f3-8b2cfab33a69\"},{\"Key\":\"aws:ec2launchtemplate:version\",\"Value\":\"1\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"long-running-project\"},{\"Key\":\"project\",\"Value\":\"project-live-env\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Value\":\"engineering\",\"Key\":\"division\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"aws:ec2:fleet-id\",\"Value\":\"fleet-a08ea00d-4595-413c-2c12-ae08b8c13134\"}],\"EbsOptimized\":false,\"EnaSupport\":true,\"InstanceType\":\"t3.small\",\"RamdiskId\":null,\"RootDeviceName\":\"/dev/xvda\",\"StateTransitionReason\":\"\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-0f5599e2c5f7309f8\",\"Region\":\"eu-west-1\",\"PlatformDetails\":\"Linux/UNIX\",\"ElasticGpuAssociations\":null,\"InstanceLifecycle\":\"\",\"Placement\":{\"Affinity\":null,\"GroupId\":null,\"GroupName\":\"\",\"SpreadDomain\":null,\"AvailabilityZone\":\"eu-west-1c\",\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\"},\"Platform\":\"\",\"PrivateDnsName\":\"ip-10-0-3-53.eu-west-1.compute.internal\",\"Licenses\":null,\"PrivateDnsNameOptions\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"SecurityGroups\":[{\"GroupId\":\"sg-0133ee02b1d6a0bd0\",\"GroupName\":\"long-running-project_120231123175751595700000004\"},{\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":\"long-running-project-node-20231123175752373900000007\"},{\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\"}],\"State\":{\"Code\":16,\"Name\":\"running\"},\"StateReason\":null}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-01b2e7e7d0402b64f\",\"name\":\"long-running-project-1\"},\"machine\":{\"machine_type\":\"t3.small\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-01b2e7e7d0402b64f\",\"i-01b2e7e7d0402b64f\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-0bee92579240a1dfe\",\"instance_type\":\"t3.small\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"private_dns_name\":\"ip-10-0-3-53.eu-west-1.compute.internal\",\"private_ip_address\":\"10.0.3.53\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-0f5599e2c5f7309f8\"],\"network_id\":\"vpc-096d5aaf84103883c\"},\"iam\":{\"id\":\"AIPA2IBR2EZTHZX55HVZA\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/eks-dec5fead-d7f9-95f4-76f3-8b2cfab33a69\"},\"resource_policies\":[],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-01b2e7e7d0402b64f\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-036d87e237e8179bb\",\"i-036d87e237e8179bb\"],\"network\":{\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-37-188.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.37.188\",\"public_dns_name\":\"ec2-3-250-48-170.eu-west-1.compute.amazonaws.com\",\"public_ip_address\":\"3.250.48.170\",\"subnet_ids\":[\"subnet-7a841e20\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-036d87e237e8179bb\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"tags\":{\"division\":\"engineering\",\"ec2_type\":\"kspm\",\"id\":\"e7fe3f8e\",\"org\":\"security\",\"project\":\"project-live-env\",\"provisioner\":\"terraform\",\"team\":\"cloud-security-posture\",\"Name\":\"long-running-project-HOV\"},\"raw\":{\"PrivateIpAddress\":\"172.31.37.188\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"InstanceId\":\"i-036d87e237e8179bb\",\"Placement\":{\"GroupId\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1c\",\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null},\"TpmSupport\":null,\"PrivateDnsNameOptions\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"Tags\":[{\"Key\":\"project\",\"Value\":\"project-live-env\"},{\"Key\":\"id\",\"Value\":\"e7fe3f8e\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Key\":\"Name\",\"Value\":\"long-running-project-HOV\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"}],\"Architecture\":\"x86_64\",\"Hypervisor\":\"xen\",\"KeyName\":\"cloudbeat-generated-e7fe3f8e\",\"Platform\":\"\",\"SriovNetSupport\":null,\"UsageOperation\":\"RunInstances\",\"BootMode\":\"\",\"KernelId\":null,\"LaunchTime\":\"2023-11-23T17:57:43Z\",\"Licenses\":null,\"SpotInstanceRequestId\":null,\"CapacityReservationId\":null,\"EnclaveOptions\":{\"Enabled\":false},\"InstanceType\":\"c5.4xlarge\",\"RootDeviceName\":\"/dev/sda1\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ImageId\":\"ami-0a5b3305c37e58e04\",\"State\":{\"Name\":\"running\",\"Code\":16},\"RootVolume\":null,\"Ipv6Address\":null,\"OutpostArn\":null,\"Region\":\"eu-west-1\",\"ElasticInferenceAcceleratorAssociations\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"RamdiskId\":null,\"RootDeviceType\":\"ebs\",\"PrivateDnsName\":\"ip-172-31-37-188.eu-west-1.compute.internal\",\"SecurityGroups\":[{\"GroupId\":\"sg-03c9611c5f2246742\",\"GroupName\":\"terraform-20231123175739667200000001\"}],\"AmiLaunchIndex\":0,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2023-11-23T17:57:44Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0034e85595bd036a2\",\"VolumeOwnerId\":null}}],\"InstanceLifecycle\":\"\",\"StateTransitionReason\":\"\",\"EbsOptimized\":false,\"EnaSupport\":true,\"PlatformDetails\":\"Linux/UNIX\",\"MetadataOptions\":{\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1,\"HttpTokens\":\"optional\"},\"ProductCodes\":[],\"SubnetId\":\"subnet-7a841e20\",\"ClientToken\":\"05B41327-FDA1-4924-8E1F-2BE882708A0A\",\"HibernationOptions\":{\"Configured\":false},\"StateReason\":null,\"UsageOperationUpdateTime\":\"2023-11-23T17:57:43Z\",\"VpcId\":\"vpc-6cb55a15\",\"IamInstanceProfile\":{\"Id\":\"AIPA2IBR2EZTKYFMHPJPM\",\"Arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\"},\"Monitoring\":{\"State\":\"disabled\"},\"NetworkInterfaces\":[{\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:16:1c:53:da:5d\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-37-188.eu-west-1.compute.internal\",\"SubnetId\":\"subnet-7a841e20\",\"VpcId\":\"vpc-6cb55a15\",\"Groups\":[{\"GroupId\":\"sg-03c9611c5f2246742\",\"GroupName\":\"terraform-20231123175739667200000001\"}],\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-250-48-170.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.250.48.170\"},\"Description\":\"\",\"NetworkInterfaceId\":\"eni-05fe4579d2d8609eb\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2023-11-23T17:57:43Z\",\"AttachmentId\":\"eni-attach-03747323a5e145718\"},\"PrivateIpAddress\":\"172.31.37.188\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-37-188.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.37.188\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-250-48-170.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.250.48.170\"},\"Primary\":true}]}],\"SourceDestCheck\":true,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":8,\"ThreadsPerCore\":2},\"PublicDnsName\":\"ec2-3-250-48-170.eu-west-1.compute.amazonaws.com\",\"PublicIpAddress\":\"3.250.48.170\",\"VirtualizationType\":\"hvm\",\"ElasticGpuAssociations\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-036d87e237e8179bb\",\"i-036d87e237e8179bb\"],\"name\":\"long-running-project-HOV\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"},\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-036d87e237e8179bb\",\"name\":\"long-running-project-HOV\"},\"machine\":{\"machine_type\":\"c5.4xlarge\"},\"service\":{\"name\":\"AWS EC2\"}},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-0a5b3305c37e58e04\",\"instance_type\":\"c5.4xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"iam\":{\"id\":\"AIPA2IBR2EZTKYFMHPJPM\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"iam\":{\"id\":\"AIPA2IBR2EZTKYFMHPJPM\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-019d7a07c9f19f536\",\"i-019d7a07c9f19f536\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-019d7a07c9f19f536\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-0a5b3305c37e58e04\",\"instance_type\":\"c5.4xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"private_ip_address\":\"172.31.36.59\",\"public_dns_name\":\"ec2-3-250-14-183.eu-west-1.compute.amazonaws.com\",\"public_ip_address\":\"3.250.14.183\",\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-36-59.eu-west-1.compute.internal\"},\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"provisioner\":\"terraform\",\"team\":\"cloud-security-posture\",\"Name\":\"long-running-project-HOV\",\"division\":\"engineering\",\"ec2_type\":\"cspm\",\"id\":\"e36fb526\",\"org\":\"security\",\"project\":\"project-live-env\"},\"raw\":{\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"Status\":\"attached\",\"VolumeId\":\"vol-00c479757c396a5fd\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2023-11-23T17:57:44Z\",\"DeleteOnTermination\":true}}],\"ElasticInferenceAcceleratorAssociations\":null,\"PlatformDetails\":\"Linux/UNIX\",\"SecurityGroups\":[{\"GroupId\":\"sg-0721071cec3e78eb9\",\"GroupName\":\"terraform-20231123175739667900000002\"}],\"SpotInstanceRequestId\":null,\"EnclaveOptions\":{\"Enabled\":false},\"InstanceId\":\"i-019d7a07c9f19f536\",\"Monitoring\":{\"State\":\"disabled\"},\"ElasticGpuAssociations\":null,\"Tags\":[{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"project\",\"Value\":\"project-live-env\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"Name\",\"Value\":\"long-running-project-HOV\"},{\"Key\":\"id\",\"Value\":\"e36fb526\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"ec2_type\",\"Value\":\"cspm\"}],\"VpcId\":\"vpc-6cb55a15\",\"InstanceLifecycle\":\"\",\"ImageId\":\"ami-0a5b3305c37e58e04\",\"KernelId\":null,\"StateTransitionReason\":\"\",\"RamdiskId\":null,\"CpuOptions\":{\"ThreadsPerCore\":2,\"AmdSevSnp\":\"\",\"CoreCount\":8},\"LaunchTime\":\"2023-11-23T17:57:43Z\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"RootDeviceType\":\"ebs\",\"SourceDestCheck\":true,\"UsageOperationUpdateTime\":\"2023-11-23T17:57:43Z\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"EnaSupport\":true,\"ProductCodes\":[],\"EbsOptimized\":false,\"HibernationOptions\":{\"Configured\":false},\"Architecture\":\"x86_64\",\"CapacityReservationId\":null,\"ClientToken\":\"DFD31AD7-01B5-45A2-AE06-D51660BD7706\",\"PrivateDnsName\":\"ip-172-31-36-59.eu-west-1.compute.internal\",\"RootVolume\":null,\"BootMode\":\"\",\"InstanceType\":\"c5.4xlarge\",\"OutpostArn\":null,\"Region\":\"eu-west-1\",\"AmiLaunchIndex\":0,\"Placement\":{\"AvailabilityZone\":\"eu-west-1c\",\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"GroupId\":null,\"HostId\":null,\"PartitionNumber\":null,\"SpreadDomain\":null},\"TpmSupport\":null,\"NetworkInterfaces\":[{\"NetworkInterfaceId\":\"eni-08921648b0ef5fcdb\",\"PrivateIpAddresses\":[{\"Association\":{\"PublicDnsName\":\"ec2-3-250-14-183.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.250.14.183\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-36-59.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.36.59\"}],\"Status\":\"in-use\",\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-0721071cec3e78eb9\",\"GroupName\":\"terraform-20231123175739667900000002\"}],\"Ipv4Prefixes\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-36-59.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"VpcId\":\"vpc-6cb55a15\",\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2023-11-23T17:57:43Z\",\"AttachmentId\":\"eni-attach-07683f57bd30d824d\",\"DeleteOnTermination\":true},\"SubnetId\":\"subnet-7a841e20\",\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:9b:c7:1f:6a:75\",\"PrivateIpAddress\":\"172.31.36.59\",\"Association\":{\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-250-14-183.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.250.14.183\",\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Ipv6Addresses\":[]}],\"PublicDnsName\":\"ec2-3-250-14-183.eu-west-1.compute.amazonaws.com\",\"PublicIpAddress\":\"3.250.14.183\",\"StateReason\":null,\"UsageOperation\":\"RunInstances\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"Ipv6Address\":null,\"KeyName\":\"cloudbeat-generated-e36fb526\",\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\",\"Id\":\"AIPA2IBR2EZTKYFMHPJPM\"},\"SubnetId\":\"subnet-7a841e20\",\"VirtualizationType\":\"hvm\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"MetadataOptions\":{\"HttpTokens\":\"optional\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1},\"Platform\":\"\",\"RootDeviceName\":\"/dev/sda1\",\"SriovNetSupport\":null,\"State\":{\"Name\":\"running\",\"Code\":16},\"Hypervisor\":\"xen\",\"Licenses\":null,\"PrivateIpAddress\":\"172.31.36.59\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-019d7a07c9f19f536\",\"i-019d7a07c9f19f536\"],\"name\":\"long-running-project-HOV\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"instance\":{\"id\":\"i-019d7a07c9f19f536\",\"name\":\"long-running-project-HOV\"},\"machine\":{\"machine_type\":\"c5.4xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\",\"region\":\"eu-west-1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"tags\":{\"org\":\"security\",\"project\":\"test-environments\",\"provisioner\":\"terraform\",\"team\":\"cloud-security-posture\",\"Name\":\"test-env-ci-tf-7T8\",\"division\":\"engineering\",\"ec2_type\":\"kspm\",\"id\":\"36526661\"},\"raw\":{\"Platform\":\"\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":8,\"ThreadsPerCore\":2},\"HibernationOptions\":{\"Configured\":false},\"ElasticGpuAssociations\":null,\"KeyName\":\"cloudbeat-generated-36526661\",\"UsageOperationUpdateTime\":\"2023-12-24T14:37:57Z\",\"RootVolume\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2023-12-24T14:37:58Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-025f29b544ad8d729\"}}],\"CurrentInstanceBootMode\":\"legacy-bios\",\"SecurityGroups\":[{\"GroupId\":\"sg-035b5fb965d5898ca\",\"GroupName\":\"terraform-20231224143753222900000001\"}],\"Tags\":[{\"Value\":\"36526661\",\"Key\":\"id\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-7T8\"}],\"StateReason\":null,\"EnclaveOptions\":{\"Enabled\":false},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"InstanceLifecycle\":\"\",\"SourceDestCheck\":true,\"StateTransitionReason\":\"\",\"SubnetId\":\"subnet-7a841e20\",\"EbsOptimized\":false,\"RamdiskId\":null,\"MetadataOptions\":{\"HttpTokens\":\"optional\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1},\"PrivateIpAddress\":\"172.31.33.118\",\"RootDeviceName\":\"/dev/sda1\",\"TpmSupport\":null,\"VpcId\":\"vpc-6cb55a15\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"InstanceType\":\"c5.4xlarge\",\"PlatformDetails\":\"Linux/UNIX\",\"PublicDnsName\":\"ec2-54-194-151-202.eu-west-1.compute.amazonaws.com\",\"ElasticInferenceAcceleratorAssociations\":null,\"IamInstanceProfile\":{\"Id\":\"AIPA2IBR2EZTKYFMHPJPM\",\"Arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\"},\"Architecture\":\"x86_64\",\"ClientToken\":\"34594F9A-CFC9-4758-B914-F1A342DC8B50\",\"UsageOperation\":\"RunInstances\",\"SriovNetSupport\":null,\"State\":{\"Code\":16,\"Name\":\"running\"},\"EnaSupport\":true,\"ProductCodes\":[],\"PublicIpAddress\":\"54.194.151.202\",\"BootMode\":\"\",\"CapacityReservationId\":null,\"OutpostArn\":null,\"AmiLaunchIndex\":0,\"KernelId\":null,\"Licenses\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateDnsName\":\"ip-172-31-33-118.eu-west-1.compute.internal\",\"InstanceId\":\"i-0d5476420687cb48f\",\"Placement\":{\"AvailabilityZone\":\"eu-west-1c\",\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"Affinity\":null,\"HostId\":null,\"Tenancy\":\"default\"},\"Monitoring\":{\"State\":\"disabled\"},\"VirtualizationType\":\"hvm\",\"Region\":\"eu-west-1\",\"ImageId\":\"ami-0a5b3305c37e58e04\",\"LaunchTime\":\"2023-12-24T14:37:57Z\",\"NetworkInterfaces\":[{\"PrivateIpAddress\":\"172.31.33.118\",\"PrivateIpAddresses\":[{\"Association\":{\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-194-151-202.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.194.151.202\",\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-33-118.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.33.118\"}],\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:72:e2:a8:83:79\",\"OwnerId\":\"704479110758\",\"Association\":{\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-194-151-202.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.194.151.202\",\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2023-12-24T14:37:57Z\",\"AttachmentId\":\"eni-attach-0e8c7af791140b646\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null},\"Description\":\"\",\"NetworkInterfaceId\":\"eni-0f427030258c5d4e4\",\"Groups\":[{\"GroupId\":\"sg-035b5fb965d5898ca\",\"GroupName\":\"terraform-20231224143753222900000001\"}],\"Ipv6Addresses\":[],\"PrivateDnsName\":\"ip-172-31-33-118.eu-west-1.compute.internal\",\"Status\":\"in-use\",\"VpcId\":\"vpc-6cb55a15\",\"Ipv4Prefixes\":null,\"SourceDestCheck\":true,\"SubnetId\":\"subnet-7a841e20\"}],\"RootDeviceType\":\"ebs\",\"SpotInstanceRequestId\":null,\"Hypervisor\":\"xen\",\"Ipv6Address\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0d5476420687cb48f\",\"i-0d5476420687cb48f\"],\"name\":\"test-env-ci-tf-7T8\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"},\"host\":{\"instance_type\":\"c5.4xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0a5b3305c37e58e04\"},\"network\":{\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-33-118.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.33.118\",\"public_dns_name\":\"ec2-54-194-151-202.eu-west-1.compute.amazonaws.com\",\"public_ip_address\":\"54.194.151.202\"},\"iam\":{\"id\":\"AIPA2IBR2EZTKYFMHPJPM\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0d5476420687cb48f\",\"i-0d5476420687cb48f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0d5476420687cb48f\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"instance\":{\"id\":\"i-0d5476420687cb48f\",\"name\":\"test-env-ci-tf-7T8\"},\"machine\":{\"machine_type\":\"c5.4xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e3fa032d327a0529\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"tags\":{\"Task\":\"Vulnerability Management Scanner\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"org\":\"security\",\"project\":\"project-live-env\",\"team\":\"cloud-security-posture\",\"Name\":\"elastic-agent-instance-c82a6f30-289f-11ef-bea0-0650f5ad54ed\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Long-Lived-Env-CNVM-8-14/c82a6f30-289f-11ef-bea0-0650f5ad54ed\",\"aws:cloudformation:stack-name\":\"Long-Lived-Env-CNVM-8-14\",\"division\":\"engineering\"},\"raw\":{\"SourceDestCheck\":true,\"ElasticGpuAssociations\":null,\"MetadataOptions\":{\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\"},\"OutpostArn\":null,\"CapacityReservationId\":null,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"EnclaveOptions\":{\"Enabled\":false},\"Licenses\":null,\"PlatformDetails\":\"Linux/UNIX\",\"SpotInstanceRequestId\":null,\"BootMode\":\"uefi\",\"LaunchTime\":\"2024-06-18T07:38:04Z\",\"RootDeviceName\":\"/dev/xvda\",\"SriovNetSupport\":null,\"SubnetId\":\"subnet-7a841e20\",\"Ipv6Address\":null,\"RamdiskId\":null,\"VpcId\":\"vpc-6cb55a15\",\"EnaSupport\":true,\"KeyName\":null,\"Monitoring\":{\"State\":\"disabled\"},\"InstanceLifecycle\":\"\",\"Placement\":{\"SpreadDomain\":null,\"Tenancy\":\"default\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null,\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1c\"},\"PublicIpAddress\":\"54.247.216.208\",\"UsageOperationUpdateTime\":\"2024-06-12T09:40:51Z\",\"AmiLaunchIndex\":0,\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-c82a6f30-289f-11ef-bea0-0650f5ad54ed\",\"Id\":\"AIPA2IBR2EZTIQEMN6TW4\"},\"PrivateDnsName\":\"ip-172-31-32-13.eu-west-1.compute.internal\",\"ImageId\":\"ami-06eb6653d5921bb77\",\"NetworkInterfaces\":[{\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.31.32.13\",\"SubnetId\":\"subnet-7a841e20\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-247-216-208.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.247.216.208\"},\"Attachment\":{\"Status\":\"attached\",\"AttachTime\":\"2024-06-12T09:40:51Z\",\"AttachmentId\":\"eni-attach-07b1fe8cd5d1bf984\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0},\"OwnerId\":\"704479110758\",\"Ipv4Prefixes\":null,\"MacAddress\":\"0a:0d:10:3e:55:f7\",\"Groups\":[{\"GroupId\":\"sg-03a24bd4d64b64828\",\"GroupName\":\"elastic-agent-security-group-c82a6f30-289f-11ef-bea0-0650f5ad54ed\"}],\"Ipv6Addresses\":[],\"Status\":\"in-use\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"PrivateDnsName\":\"ip-172-31-32-13.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-247-216-208.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.247.216.208\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-32-13.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.32.13\"}],\"SourceDestCheck\":true,\"VpcId\":\"vpc-6cb55a15\",\"InterfaceType\":\"interface\",\"NetworkInterfaceId\":\"eni-073fec66ce83b9610\"}],\"PrivateIpAddress\":\"172.31.32.13\",\"SecurityGroups\":[{\"GroupId\":\"sg-03a24bd4d64b64828\",\"GroupName\":\"elastic-agent-security-group-c82a6f30-289f-11ef-bea0-0650f5ad54ed\"}],\"VirtualizationType\":\"hvm\",\"Architecture\":\"arm64\",\"Hypervisor\":\"xen\",\"KernelId\":null,\"ClientToken\":\"d41e1908-57cb-b023-f3fd-b3a702847b6d\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"StateReason\":null,\"StateTransitionReason\":\"\",\"TpmSupport\":null,\"UsageOperation\":\"RunInstances\",\"RootVolume\":null,\"HibernationOptions\":{\"Configured\":false},\"Platform\":\"\",\"ProductCodes\":[],\"PublicDnsName\":\"ec2-54-247-216-208.eu-west-1.compute.amazonaws.com\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"CurrentInstanceBootMode\":\"uefi\",\"InstanceId\":\"i-0e3fa032d327a0529\",\"EbsOptimized\":false,\"ElasticInferenceAcceleratorAssociations\":null,\"InstanceType\":\"m6g.xlarge\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"RootDeviceType\":\"ebs\",\"State\":{\"Code\":16,\"Name\":\"running\"},\"Tags\":[{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-c82a6f30-289f-11ef-bea0-0650f5ad54ed\"},{\"Key\":\"project\",\"Value\":\"project-live-env\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"Task\",\"Value\":\"Vulnerability Management Scanner\"},{\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Long-Lived-Env-CNVM-8-14/c82a6f30-289f-11ef-bea0-0650f5ad54ed\",\"Key\":\"aws:cloudformation:stack-id\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Long-Lived-Env-CNVM-8-14\"}],\"BlockDeviceMappings\":[{\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-06-12T09:40:52Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-05642e8c55b6a1eae\",\"VolumeOwnerId\":null},\"DeviceName\":\"/dev/xvda\"}],\"Region\":\"eu-west-1\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e3fa032d327a0529\",\"i-0e3fa032d327a0529\"],\"name\":\"elastic-agent-instance-c82a6f30-289f-11ef-bea0-0650f5ad54ed\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"},\"network\":{\"public_dns_name\":\"ec2-54-247-216-208.eu-west-1.compute.amazonaws.com\",\"public_ip_address\":\"54.247.216.208\",\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-32-13.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.32.13\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e3fa032d327a0529\",\"i-0e3fa032d327a0529\"],\"iam\":{\"id\":\"AIPA2IBR2EZTIQEMN6TW4\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-c82a6f30-289f-11ef-bea0-0650f5ad54ed\"},\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0e3fa032d327a0529\",\"name\":\"elastic-agent-instance-c82a6f30-289f-11ef-bea0-0650f5ad54ed\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"}},\"host\":{\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"arm64\",\"imageId\":\"ami-06eb6653d5921bb77\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"network\":{\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-36-225.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.36.225\",\"public_dns_name\":\"\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0af0c8abade777902\",\"i-0af0c8abade777902\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0af0c8abade777902\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0af0c8abade777902\",\"i-0af0c8abade777902\"],\"name\":\"elastic-agent-instance-96b9bd60-328c-11ef-8748-06cab9c0c0cb\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"elastic-agent-instance-96b9bd60-328c-11ef-8748-06cab9c0c0cb\",\"Task\":\"Vulnerability Management Scanner\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Vulnerability-Management-Test/96b9bd60-328c-11ef-8748-06cab9c0c0cb\",\"aws:cloudformation:stack-name\":\"Elastic-Vulnerability-Management-Test\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},\"raw\":{\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ElasticInferenceAcceleratorAssociations\":null,\"Platform\":\"\",\"HibernationOptions\":{\"Configured\":false},\"SpotInstanceRequestId\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-06-25T00:48:39Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0e0ccb223e2b3be0a\"}}],\"ElasticGpuAssociations\":null,\"PlatformDetails\":\"Linux/UNIX\",\"KernelId\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"RootDeviceType\":\"ebs\",\"EnaSupport\":true,\"TpmSupport\":null,\"VirtualizationType\":\"hvm\",\"InstanceId\":\"i-0af0c8abade777902\",\"LaunchTime\":\"2024-06-25T00:48:39Z\",\"Monitoring\":{\"State\":\"disabled\"},\"PublicDnsName\":\"\",\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"AmiLaunchIndex\":0,\"CapacityReservationId\":null,\"EnclaveOptions\":{\"Enabled\":false},\"UsageOperation\":\"RunInstances\",\"SecurityGroups\":[{\"GroupId\":\"sg-05881beea67daa384\",\"GroupName\":\"elastic-agent-security-group-96b9bd60-328c-11ef-8748-06cab9c0c0cb\"}],\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"Placement\":{\"AvailabilityZone\":\"eu-west-1c\",\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"Affinity\":null,\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\"},\"PrivateIpAddress\":\"172.31.36.225\",\"Ipv6Address\":null,\"BootMode\":\"uefi\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"SriovNetSupport\":null,\"ClientToken\":\"b539fbea-b187-a6c5-c2a6-effa41b929b5\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"PublicIpAddress\":null,\"SourceDestCheck\":true,\"StateTransitionReason\":\"User initiated (2024-06-26 02:46:52 GMT)\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-96b9bd60-328c-11ef-8748-06cab9c0c0cb\"},{\"Key\":\"Task\",\"Value\":\"Vulnerability Management Scanner\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Value\":\"Resource does not meet policy: terminate@2024/12/04\",\"Key\":\"custodian_delete\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Vulnerability-Management-Test\"},{\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Vulnerability-Management-Test/96b9bd60-328c-11ef-8748-06cab9c0c0cb\",\"Key\":\"aws:cloudformation:stack-id\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"}],\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-96b9bd60-328c-11ef-8748-06cab9c0c0cb\",\"Id\":\"AIPA2IBR2EZTGJ6QQ2D2B\"},\"KeyName\":null,\"OutpostArn\":null,\"RootDeviceName\":\"/dev/xvda\",\"State\":{\"Name\":\"stopped\",\"Code\":80},\"SubnetId\":\"subnet-7a841e20\",\"UsageOperationUpdateTime\":\"2024-06-25T00:48:39Z\",\"Region\":\"eu-west-1\",\"CurrentInstanceBootMode\":\"uefi\",\"InstanceLifecycle\":\"\",\"ProductCodes\":[],\"Licenses\":null,\"PrivateDnsName\":\"ip-172-31-36-225.eu-west-1.compute.internal\",\"InstanceType\":\"m6g.xlarge\",\"NetworkInterfaces\":[{\"MacAddress\":\"0a:e2:0b:b9:fb:cf\",\"Description\":\"\",\"Attachment\":{\"AttachTime\":\"2024-06-25T00:48:39Z\",\"AttachmentId\":\"eni-attach-0f15f7727a69ab243\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"ConnectionTrackingConfiguration\":null,\"SubnetId\":\"subnet-7a841e20\",\"Association\":null,\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-01fb4fc95b35e36e3\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-36-225.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.36.225\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-36-225.eu-west-1.compute.internal\"}],\"SourceDestCheck\":true,\"Groups\":[{\"GroupId\":\"sg-05881beea67daa384\",\"GroupName\":\"elastic-agent-security-group-96b9bd60-328c-11ef-8748-06cab9c0c0cb\"}],\"VpcId\":\"vpc-6cb55a15\",\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.31.36.225\",\"Status\":\"in-use\",\"InterfaceType\":\"interface\"}],\"RamdiskId\":null,\"VpcId\":\"vpc-6cb55a15\",\"Architecture\":\"arm64\",\"EbsOptimized\":false,\"ImageId\":\"ami-0dad5a05964f42641\",\"Hypervisor\":\"xen\",\"RootVolume\":null}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"instance\":{\"id\":\"i-0af0c8abade777902\",\"name\":\"elastic-agent-instance-96b9bd60-328c-11ef-8748-06cab9c0c0cb\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"}},\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-0dad5a05964f42641\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"iam\":{\"id\":\"AIPA2IBR2EZTGJ6QQ2D2B\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-96b9bd60-328c-11ef-8748-06cab9c0c0cb\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0b6c2778e229d94ac\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"raw\":{\"Architecture\":\"x86_64\",\"InstanceId\":\"i-0b6c2778e229d94ac\",\"VirtualizationType\":\"hvm\",\"ElasticInferenceAcceleratorAssociations\":null,\"ImageId\":\"ami-0a2202cf4c36161a1\",\"LaunchTime\":\"2024-10-07T12:55:26Z\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"PublicDnsName\":\"\",\"SourceDestCheck\":true,\"UsageOperation\":\"RunInstances\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"VolumeId\":\"vol-054254531b9a8ea1c\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-08-19T11:12:19Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\"}}],\"ClientToken\":\"9d3e95e5-0e4a-45dd-89d9-38685b15b3c9\",\"Hypervisor\":\"xen\",\"NetworkInterfaces\":[{\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-44-8.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.44.8\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"SubnetId\":\"subnet-7a841e20\",\"Association\":null,\"NetworkInterfaceId\":\"eni-05f7267e0e66860f2\",\"Groups\":[{\"GroupName\":\"launch-wizard-121\",\"GroupId\":\"sg-042e11fb278c04b0d\"}],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-44-8.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.44.8\",\"Association\":null}],\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:28:ba:b0:8a:a3\",\"VpcId\":\"vpc-6cb55a15\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Addresses\":[],\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-08-19T11:12:18Z\",\"AttachmentId\":\"eni-attach-005e3c4bfb2984333\"},\"Description\":\"\"}],\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"VpcId\":\"vpc-6cb55a15\",\"Region\":\"eu-west-1\",\"OutpostArn\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-042e11fb278c04b0d\",\"GroupName\":\"launch-wizard-121\"}],\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":1},\"EnclaveOptions\":{\"Enabled\":false},\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"PrivateIpAddress\":\"172.31.44.8\",\"AmiLaunchIndex\":0,\"EnaSupport\":true,\"Placement\":{\"Affinity\":null,\"GroupId\":null,\"GroupName\":\"\",\"AvailabilityZone\":\"eu-west-1c\",\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\"},\"ElasticGpuAssociations\":null,\"CurrentInstanceBootMode\":\"legacy-bios\",\"SpotInstanceRequestId\":null,\"Tags\":[{\"Value\":\"ido-wiz-2\",\"Key\":\"Name\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Value\":\"2024-11-19 02:46:25.340517\",\"Key\":\"stopped-at\"}],\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"SriovNetSupport\":null,\"CapacityReservationId\":null,\"EbsOptimized\":false,\"InstanceType\":\"t2.micro\",\"KernelId\":null,\"RootDeviceType\":\"ebs\",\"Ipv6Address\":null,\"KeyName\":\"ido-ec2\",\"RootVolume\":null,\"StateTransitionReason\":\"User initiated (2024-10-08 02:46:17 GMT)\",\"InstanceLifecycle\":\"\",\"BootMode\":\"uefi-preferred\",\"IamInstanceProfile\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Platform\":\"\",\"ProductCodes\":[],\"RamdiskId\":null,\"TpmSupport\":null,\"HibernationOptions\":{\"Configured\":false},\"Licenses\":null,\"SubnetId\":\"subnet-7a841e20\",\"Monitoring\":{\"State\":\"disabled\"},\"PlatformDetails\":\"Linux/UNIX\",\"PrivateDnsName\":\"ip-172-31-44-8.eu-west-1.compute.internal\",\"PublicIpAddress\":null,\"RootDeviceName\":\"/dev/xvda\",\"UsageOperationUpdateTime\":\"2024-08-19T11:12:18Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0b6c2778e229d94ac\",\"i-0b6c2778e229d94ac\"],\"name\":\"ido-wiz-2\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"ido-wiz-2\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"}},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0b6c2778e229d94ac\",\"name\":\"ido-wiz-2\"},\"machine\":{\"machine_type\":\"t2.micro\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0b6c2778e229d94ac\",\"i-0b6c2778e229d94ac\"],\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-0a2202cf4c36161a1\",\"instance_type\":\"t2.micro\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"private_dns_name\":\"ip-172-31-44-8.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.44.8\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-0a77aa794e2e89e95\"],\"network_id\":\"vpc-08d87433815da7907\",\"private_dns_name\":\"ip-10-0-1-233.eu-west-1.compute.internal\",\"private_ip_address\":\"10.0.1.233\"},\"resource_policies\":[],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-00ed4d0e65b8cbdfd\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-00ed4d0e65b8cbdfd\",\"i-00ed4d0e65b8cbdfd\"],\"asset\":{\"sub_type\":\"ec2-instance\",\"tags\":{\"deployment\":\"kuba-logs\",\"ec2_type\":\"kspm_eks\",\"eks:cluster-name\":\"kuba-logs\",\"eks:nodegroup-name\":\"kuba-logs-1-2024111913004541080000000e\",\"kubernetes.io/cluster/kuba-logs\":\"owned\",\"org\":\"security\",\"owner\":\"kubasobon\",\"aws:autoscaling:groupName\":\"eks-kuba-logs-1-2024111913004541080000000e-38c9a241-6b28-620b-8533-9d3b60ce6be7\",\"aws:ec2launchtemplate:id\":\"lt-05455d85c537ef06a\",\"aws:eks:cluster-name\":\"kuba-logs\",\"division\":\"engineering\",\"k8s.io/cluster-autoscaler/kuba-logs\":\"owned\",\"project\":\"kubasobon\",\"team\":\"cloud-security-posture\",\"Name\":\"kuba-logs-1\",\"aws:ec2launchtemplate:version\":\"1\",\"k8s.io/cluster-autoscaler/enabled\":\"true\",\"aws:ec2:fleet-id\":\"fleet-02178387-370e-4636-2cb8-a708f8a80960\"},\"raw\":{\"BootMode\":\"\",\"EnaSupport\":true,\"EnclaveOptions\":{\"Enabled\":false},\"Ipv6Address\":null,\"StateReason\":null,\"SubnetId\":\"subnet-0a77aa794e2e89e95\",\"AmiLaunchIndex\":0,\"Architecture\":\"x86_64\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"ElasticGpuAssociations\":null,\"PrivateDnsName\":\"ip-10-0-1-233.eu-west-1.compute.internal\",\"SpotInstanceRequestId\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":2},\"SecurityGroups\":[{\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":\"kuba-logs-node-20241119125157867500000006\"},{\"GroupName\":\"kuba-logs_120241119125157866600000005\",\"GroupId\":\"sg-045d46bcaaf8b30a2\"},{\"GroupId\":\"sg-066a56ecc9a45761c\",\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\"}],\"ProductCodes\":[],\"StateTransitionReason\":\"\",\"PlatformDetails\":\"Linux/UNIX\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"UsageOperationUpdateTime\":\"2024-11-19T13:01:32Z\",\"EbsOptimized\":false,\"PublicIpAddress\":null,\"UsageOperation\":\"RunInstances\",\"TpmSupport\":null,\"ImageId\":\"ami-0afb828e6222e77e4\",\"Placement\":{\"Affinity\":null,\"GroupId\":null,\"GroupName\":\"\",\"Tenancy\":\"default\",\"AvailabilityZone\":\"eu-west-1a\",\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null},\"SriovNetSupport\":null,\"InstanceId\":\"i-00ed4d0e65b8cbdfd\",\"PrivateIpAddress\":\"10.0.1.233\",\"InstanceType\":\"t3.small\",\"Tags\":[{\"Key\":\"aws:ec2launchtemplate:version\",\"Value\":\"1\"},{\"Value\":\"owned\",\"Key\":\"k8s.io/cluster-autoscaler/kuba-logs\"},{\"Key\":\"aws:ec2:fleet-id\",\"Value\":\"fleet-02178387-370e-4636-2cb8-a708f8a80960\"},{\"Key\":\"project\",\"Value\":\"kubasobon\"},{\"Key\":\"eks:cluster-name\",\"Value\":\"kuba-logs\"},{\"Key\":\"k8s.io/cluster-autoscaler/enabled\",\"Value\":\"true\"},{\"Key\":\"kubernetes.io/cluster/kuba-logs\",\"Value\":\"owned\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Value\":\"kuba-logs-1\",\"Key\":\"Name\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"aws:autoscaling:groupName\",\"Value\":\"eks-kuba-logs-1-2024111913004541080000000e-38c9a241-6b28-620b-8533-9d3b60ce6be7\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"eks:nodegroup-name\",\"Value\":\"kuba-logs-1-2024111913004541080000000e\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"deployment\",\"Value\":\"kuba-logs\"},{\"Key\":\"aws:ec2launchtemplate:id\",\"Value\":\"lt-05455d85c537ef06a\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"kuba-logs\"}],\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/eks-38c9a241-6b28-620b-8533-9d3b60ce6be7\",\"Id\":\"AIPA2IBR2EZTMRXRQPVNM\"},\"InstanceLifecycle\":\"\",\"RootDeviceName\":\"/dev/xvda\",\"RootDeviceType\":\"ebs\",\"VirtualizationType\":\"hvm\",\"Region\":\"eu-west-1\",\"Licenses\":null,\"State\":{\"Code\":16,\"Name\":\"running\"},\"OutpostArn\":null,\"CapacityReservationId\":null,\"LaunchTime\":\"2024-11-19T13:01:32Z\",\"HibernationOptions\":{\"Configured\":false},\"Hypervisor\":\"xen\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"Monitoring\":{\"State\":\"enabled\"},\"NetworkInterfaces\":[{\"ConnectionTrackingConfiguration\":null,\"MacAddress\":\"02:17:bb:dc:4f:93\",\"NetworkInterfaceId\":\"eni-06a751ed42279f224\",\"PrivateDnsName\":\"ip-10-0-1-233.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.233\",\"VpcId\":\"vpc-08d87433815da7907\",\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T13:01:32Z\",\"AttachmentId\":\"eni-attach-001635fd3f7c3a52e\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"Groups\":[{\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":\"kuba-logs-node-20241119125157867500000006\"},{\"GroupId\":\"sg-045d46bcaaf8b30a2\",\"GroupName\":\"kuba-logs_120241119125157866600000005\"},{\"GroupId\":\"sg-066a56ecc9a45761c\",\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\"}],\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"Association\":null,\"SubnetId\":\"subnet-0a77aa794e2e89e95\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-233.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.233\"},{\"PrivateDnsName\":\"ip-10-0-1-80.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.80\",\"Association\":null,\"Primary\":false},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-165.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.165\"},{\"PrivateDnsName\":\"ip-10-0-1-120.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.120\",\"Association\":null,\"Primary\":false}],\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Description\":\"\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"OwnerId\":\"704479110758\"},{\"Groups\":[{\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":\"kuba-logs-node-20241119125157867500000006\"},{\"GroupId\":\"sg-045d46bcaaf8b30a2\",\"GroupName\":\"kuba-logs_120241119125157866600000005\"},{\"GroupId\":\"sg-066a56ecc9a45761c\",\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\"}],\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-1-24.eu-west-1.compute.internal\",\"Description\":\"aws-K8S-i-00ed4d0e65b8cbdfd\",\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-24.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.24\"},{\"PrivateDnsName\":\"ip-10-0-1-113.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.113\",\"Association\":null,\"Primary\":false},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-84.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.84\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-219.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.219\",\"Association\":null}],\"Status\":\"in-use\",\"ConnectionTrackingConfiguration\":null,\"NetworkInterfaceId\":\"eni-09ef0299d5bc5a16d\",\"SourceDestCheck\":true,\"VpcId\":\"vpc-08d87433815da7907\",\"SubnetId\":\"subnet-0a77aa794e2e89e95\",\"Association\":null,\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T13:02:17Z\",\"AttachmentId\":\"eni-attach-0151e7ad51457d995\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"EnaSrdSpecification\":null},\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"MacAddress\":\"02:83:db:6b:8f:ed\",\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"10.0.1.24\"}],\"RootVolume\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T13:01:33Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-09ce63a703b943858\",\"VolumeOwnerId\":null}}],\"ElasticInferenceAcceleratorAssociations\":null,\"PublicDnsName\":\"\",\"Platform\":\"\",\"VpcId\":\"vpc-08d87433815da7907\",\"KeyName\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"RamdiskId\":null,\"SourceDestCheck\":true,\"ClientToken\":\"fleet-02178387-370e-4636-2cb8-a708f8a80960-0\",\"KernelId\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-00ed4d0e65b8cbdfd\",\"i-00ed4d0e65b8cbdfd\"],\"name\":\"kuba-logs-1\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\"},\"cloud\":{\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1a\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"name\":\"kuba-logs-1\",\"id\":\"i-00ed4d0e65b8cbdfd\"},\"machine\":{\"machine_type\":\"t3.small\"}},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-0afb828e6222e77e4\",\"instance_type\":\"t3.small\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"iam\":{\"id\":\"AIPA2IBR2EZTMRXRQPVNM\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/eks-38c9a241-6b28-620b-8533-9d3b60ce6be7\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0cee6c8e97dc3c2af\",\"i-0cee6c8e97dc3c2af\"],\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"ricky-test7-july26\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\"},\"raw\":{\"Monitoring\":{\"State\":\"disabled\"},\"SecurityGroups\":[{\"GroupName\":\"launch-wizard-119\",\"GroupId\":\"sg-0453b067a0757ec2d\"}],\"EbsOptimized\":false,\"HibernationOptions\":{\"Configured\":false},\"Hypervisor\":\"xen\",\"Licenses\":null,\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"PrivateIpAddress\":\"172.31.2.25\",\"ProductCodes\":[],\"PublicIpAddress\":null,\"RootDeviceName\":\"/dev/xvda\",\"ClientToken\":\"57c06c47-75a1-44b9-be45-ea962613995e\",\"InstanceId\":\"i-0cee6c8e97dc3c2af\",\"InstanceType\":\"t2.micro\",\"Region\":\"eu-west-1\",\"MetadataOptions\":{\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\"},\"PrivateDnsName\":\"ip-172-31-2-25.eu-west-1.compute.internal\",\"SriovNetSupport\":null,\"InstanceLifecycle\":\"\",\"Placement\":{\"HostId\":null,\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1a\",\"GroupId\":null,\"GroupName\":\"\",\"PartitionNumber\":null,\"Tenancy\":\"default\"},\"Platform\":\"\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"StateTransitionReason\":\"User initiated (2024-07-30 02:46:52 GMT)\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-07-27T01:03:48Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0c209ca3f64f37373\",\"VolumeOwnerId\":null}}],\"Ipv6Address\":null,\"PlatformDetails\":\"Linux/UNIX\",\"CapacityReservationId\":null,\"EnclaveOptions\":{\"Enabled\":false},\"TpmSupport\":null,\"UsageOperationUpdateTime\":\"2024-07-27T01:03:48Z\",\"IamInstanceProfile\":null,\"NetworkInterfaces\":[{\"Groups\":[{\"GroupId\":\"sg-0453b067a0757ec2d\",\"GroupName\":\"launch-wizard-119\"}],\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.31.2.25\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-d4cf96b2\",\"VpcId\":\"vpc-6cb55a15\",\"Association\":null,\"ConnectionTrackingConfiguration\":null,\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-2-25.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.2.25\"}],\"Status\":\"in-use\",\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-0fa5374495b457c22\",\"Attachment\":{\"AttachTime\":\"2024-07-27T01:03:48Z\",\"AttachmentId\":\"eni-attach-04d71eb771bd3a10e\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"Description\":\"\",\"MacAddress\":\"02:ab:b4:01:e2:47\",\"PrivateDnsName\":\"ip-172-31-2-25.eu-west-1.compute.internal\"}],\"RootDeviceType\":\"ebs\",\"UsageOperation\":\"RunInstances\",\"ElasticGpuAssociations\":null,\"KernelId\":null,\"PublicDnsName\":\"\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"ImageId\":\"ami-05842291b9a0bd79f\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"ElasticInferenceAcceleratorAssociations\":null,\"SubnetId\":\"subnet-d4cf96b2\",\"RamdiskId\":null,\"SpotInstanceRequestId\":null,\"VpcId\":\"vpc-6cb55a15\",\"OutpostArn\":null,\"StateReason\":{\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\",\"Code\":\"Client.UserInitiatedShutdown\"},\"Tags\":[{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"Name\",\"Value\":\"ricky-test7-july26\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"}],\"VirtualizationType\":\"hvm\",\"BootMode\":\"uefi-preferred\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"EnaSupport\":true,\"LaunchTime\":\"2024-07-29T06:49:21Z\",\"RootVolume\":null,\"AmiLaunchIndex\":0,\"CpuOptions\":{\"ThreadsPerCore\":1,\"AmdSevSnp\":\"\",\"CoreCount\":1},\"Architecture\":\"x86_64\",\"KeyName\":\"ricky-QA\",\"SourceDestCheck\":true},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0cee6c8e97dc3c2af\",\"i-0cee6c8e97dc3c2af\"],\"name\":\"ricky-test7-july26\",\"category\":\"infrastructure\"},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-05842291b9a0bd79f\",\"instance_type\":\"t2.micro\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-2-25.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.2.25\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-d4cf96b2\"]},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0cee6c8e97dc3c2af\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"cloud\":{\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1a\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0cee6c8e97dc3c2af\",\"name\":\"ricky-test7-july26\"},\"machine\":{\"machine_type\":\"t2.micro\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-05e62676300221669\",\"i-05e62676300221669\"],\"cloud\":{\"availability_zone\":\"eu-west-1a\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"instance\":{\"id\":\"i-05e62676300221669\",\"name\":\"benchmark-rules-1\"},\"machine\":{\"machine_type\":\"t3.small\"},\"service\":{\"name\":\"AWS EC2\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"host\":{\"imageId\":\"ami-0a8b3614bc9c55c19\",\"instance_type\":\"t3.small\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\"},\"iam\":{\"id\":\"AIPA2IBR2EZTKNCYHOXWX\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/eks-04c7e4dc-c488-202d-1593-31a4cbe00ed6\"},\"resource_policies\":[],\"network\":{\"network_id\":\"vpc-00103fb710b9960ab\",\"private_dns_name\":\"ip-10-0-1-154.eu-west-1.compute.internal\",\"private_ip_address\":\"10.0.1.154\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-0ed154aa70918550b\"]},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-05e62676300221669\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"tags\":{\"Name\":\"benchmark-rules-1\",\"aws:autoscaling:groupName\":\"eks-benchmark-rules-1-2024053013385068780000000e-04c7e4dc-c488-202d-1593-31a4cbe00ed6\",\"aws:eks:cluster-name\":\"benchmark-rules\",\"ec2_type\":\"kspm_eks\",\"k8s.io/cluster-autoscaler/benchmark-rules\":\"owned\",\"aws:ec2launchtemplate:version\":\"1\",\"division\":\"engineering\",\"eks:cluster-name\":\"benchmark-rules\",\"k8s.io/cluster-autoscaler/enabled\":\"true\",\"kubernetes.io/cluster/benchmark-rules\":\"owned\",\"owner\":\"seanrathier\",\"aws:ec2:fleet-id\":\"fleet-a02e002d-6d17-c1b6-2c98-2e805d5384ab\",\"aws:ec2launchtemplate:id\":\"lt-0ae79ee39e2cd5943\",\"deployment\":\"benchmark-rules\",\"org\":\"security\",\"team\":\"cloud-security-posture\",\"eks:nodegroup-name\":\"benchmark-rules-1-2024053013385068780000000e\",\"project\":\"seanrathier\"},\"raw\":{\"ElasticInferenceAcceleratorAssociations\":null,\"PublicDnsName\":\"\",\"UsageOperationUpdateTime\":\"2024-08-26T17:05:12Z\",\"InstanceId\":\"i-05e62676300221669\",\"StateReason\":null,\"Tags\":[{\"Key\":\"aws:ec2launchtemplate:id\",\"Value\":\"lt-0ae79ee39e2cd5943\"},{\"Key\":\"eks:nodegroup-name\",\"Value\":\"benchmark-rules-1-2024053013385068780000000e\"},{\"Key\":\"k8s.io/cluster-autoscaler/benchmark-rules\",\"Value\":\"owned\"},{\"Value\":\"benchmark-rules\",\"Key\":\"deployment\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"k8s.io/cluster-autoscaler/enabled\",\"Value\":\"true\"},{\"Key\":\"aws:ec2launchtemplate:version\",\"Value\":\"1\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"eks:cluster-name\",\"Value\":\"benchmark-rules\"},{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/benchmark-rules\"},{\"Value\":\"eks-benchmark-rules-1-2024053013385068780000000e-04c7e4dc-c488-202d-1593-31a4cbe00ed6\",\"Key\":\"aws:autoscaling:groupName\"},{\"Key\":\"Name\",\"Value\":\"benchmark-rules-1\"},{\"Key\":\"aws:ec2:fleet-id\",\"Value\":\"fleet-a02e002d-6d17-c1b6-2c98-2e805d5384ab\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"benchmark-rules\"},{\"Key\":\"project\",\"Value\":\"seanrathier\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"owner\",\"Value\":\"seanrathier\"}],\"UsageOperation\":\"RunInstances\",\"EbsOptimized\":false,\"Hypervisor\":\"xen\",\"Platform\":\"\",\"PrivateIpAddress\":\"10.0.1.154\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":2},\"SpotInstanceRequestId\":null,\"CapacityReservationId\":null,\"ClientToken\":\"fleet-a02e002d-6d17-c1b6-2c98-2e805d5384ab-0\",\"KernelId\":null,\"LaunchTime\":\"2024-08-26T17:05:12Z\",\"ImageId\":\"ami-0a8b3614bc9c55c19\",\"PublicIpAddress\":null,\"VpcId\":\"vpc-00103fb710b9960ab\",\"AmiLaunchIndex\":0,\"CurrentInstanceBootMode\":\"legacy-bios\",\"Ipv6Address\":null,\"SriovNetSupport\":null,\"PrivateDnsName\":\"ip-10-0-1-154.eu-west-1.compute.internal\",\"Region\":\"eu-west-1\",\"VirtualizationType\":\"hvm\",\"EnaSupport\":true,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"NetworkInterfaces\":[{\"Ipv6Addresses\":[],\"PrivateDnsName\":\"ip-10-0-1-121.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-121.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.121\"},{\"PrivateIpAddress\":\"10.0.1.53\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-53.eu-west-1.compute.internal\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-57.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.57\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-201.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.201\",\"Association\":null}],\"SubnetId\":\"subnet-0ed154aa70918550b\",\"InterfaceType\":\"interface\",\"Groups\":[{\"GroupId\":\"sg-0054cc356c3f84c21\",\"GroupName\":\"benchmark-rules_120240530133039418700000004\"},{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":\"benchmark-rules-node-20240530133041754900000006\"},{\"GroupId\":\"sg-06db863f6566691fb\",\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\"}],\"Ipv6Prefixes\":null,\"MacAddress\":\"02:99:07:1b:f3:57\",\"OwnerId\":\"704479110758\",\"Association\":null,\"NetworkInterfaceId\":\"eni-0f9fdf5009f6082c7\",\"PrivateIpAddress\":\"10.0.1.121\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"aws-K8S-i-05e62676300221669\",\"Ipv4Prefixes\":null,\"Attachment\":{\"AttachTime\":\"2024-08-26T17:06:57Z\",\"AttachmentId\":\"eni-attach-090839e2a88b640a6\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"}},{\"InterfaceType\":\"interface\",\"PrivateIpAddress\":\"10.0.1.154\",\"Status\":\"in-use\",\"SubnetId\":\"subnet-0ed154aa70918550b\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"Attachment\":{\"AttachmentId\":\"eni-attach-09a025fc313fe30c9\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-08-26T17:05:12Z\"},\"Ipv6Addresses\":[],\"MacAddress\":\"02:bf:4c:14:6f:ff\",\"NetworkInterfaceId\":\"eni-00ab93e4e009536d9\",\"PrivateDnsName\":\"ip-10-0-1-154.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-154.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.154\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-93.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.93\"},{\"PrivateIpAddress\":\"10.0.1.173\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-173.eu-west-1.compute.internal\"},{\"PrivateIpAddress\":\"10.0.1.239\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-239.eu-west-1.compute.internal\"}],\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-0054cc356c3f84c21\",\"GroupName\":\"benchmark-rules_120240530133039418700000004\"},{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":\"benchmark-rules-node-20240530133041754900000006\"},{\"GroupId\":\"sg-06db863f6566691fb\",\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\"}],\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"Association\":null,\"Description\":\"\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true}],\"Placement\":{\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1a\",\"GroupId\":null,\"HostId\":null},\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/eks-04c7e4dc-c488-202d-1593-31a4cbe00ed6\",\"Id\":\"AIPA2IBR2EZTKNCYHOXWX\"},\"OutpostArn\":null,\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"RootDeviceType\":\"ebs\",\"StateTransitionReason\":\"\",\"TpmSupport\":null,\"HibernationOptions\":{\"Configured\":false},\"Monitoring\":{\"State\":\"enabled\"},\"PlatformDetails\":\"Linux/UNIX\",\"RootDeviceName\":\"/dev/xvda\",\"SourceDestCheck\":true,\"Architecture\":\"x86_64\",\"ElasticGpuAssociations\":null,\"InstanceType\":\"t3.small\",\"RamdiskId\":null,\"SubnetId\":\"subnet-0ed154aa70918550b\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-035d32d30a403b1fd\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-08-26T17:05:12Z\"}}],\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"KeyName\":null,\"State\":{\"Code\":16,\"Name\":\"running\"},\"EnclaveOptions\":{\"Enabled\":false},\"ProductCodes\":[],\"SecurityGroups\":[{\"GroupId\":\"sg-0054cc356c3f84c21\",\"GroupName\":\"benchmark-rules_120240530133039418700000004\"},{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":\"benchmark-rules-node-20240530133041754900000006\"},{\"GroupId\":\"sg-06db863f6566691fb\",\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\"}],\"RootVolume\":null,\"BootMode\":\"\",\"InstanceLifecycle\":\"\",\"Licenses\":null,\"MetadataOptions\":{\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-05e62676300221669\",\"i-05e62676300221669\"],\"name\":\"benchmark-rules-1\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"iam\":{\"id\":\"AIPA2IBR2EZTEZNZ35GS7\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-25f51ed0-5a41-11ef-86b7-061640a59457\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0b842923561575f11\",\"i-0b842923561575f11\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0b842923561575f11\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"asset\":{\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"elastic-agent-instance-25f51ed0-5a41-11ef-86b7-061640a59457\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Task\":\"Cloud Security Posture Management Scanner\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Cloud-Security-Posture-Management-orz8143/25f51ed0-5a41-11ef-86b7-061640a59457\",\"aws:cloudformation:stack-name\":\"Elastic-Cloud-Security-Posture-Management-orz8143\"},\"raw\":{\"SourceDestCheck\":true,\"StateTransitionReason\":\"User initiated (2024-08-16 02:46:48 GMT)\",\"SubnetId\":\"subnet-b50028fd\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"SriovNetSupport\":null,\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"EbsOptimized\":false,\"Monitoring\":{\"State\":\"disabled\"},\"LaunchTime\":\"2024-08-14T13:29:24Z\",\"SecurityGroups\":[{\"GroupId\":\"sg-0b3e465206111809c\",\"GroupName\":\"elastic-agent-security-group-25f51ed0-5a41-11ef-86b7-061640a59457\"}],\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-25f51ed0-5a41-11ef-86b7-061640a59457\",\"Id\":\"AIPA2IBR2EZTEZNZ35GS7\"},\"PublicDnsName\":\"\",\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"CurrentInstanceBootMode\":\"uefi\",\"ElasticGpuAssociations\":null,\"NetworkInterfaces\":[{\"Association\":null,\"Groups\":[{\"GroupName\":\"elastic-agent-security-group-25f51ed0-5a41-11ef-86b7-061640a59457\",\"GroupId\":\"sg-0b3e465206111809c\"}],\"NetworkInterfaceId\":\"eni-0940d0d06498e3205\",\"SourceDestCheck\":true,\"VpcId\":\"vpc-6cb55a15\",\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-20-187.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-20-187.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.20.187\"}],\"PrivateIpAddress\":\"172.31.20.187\",\"Status\":\"in-use\",\"SubnetId\":\"subnet-b50028fd\",\"Description\":\"\",\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"MacAddress\":\"06:3f:da:89:c1:15\",\"OwnerId\":\"704479110758\",\"Attachment\":{\"AttachTime\":\"2024-08-14T13:29:24Z\",\"AttachmentId\":\"eni-attach-0f9af12a7a2503985\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"Ipv6Prefixes\":null}],\"RootDeviceName\":\"/dev/xvda\",\"Tags\":[{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-25f51ed0-5a41-11ef-86b7-061640a59457\"},{\"Key\":\"Task\",\"Value\":\"Cloud Security Posture Management Scanner\"},{\"Value\":\"Elastic-Cloud-Security-Posture-Management-orz8143\",\"Key\":\"aws:cloudformation:stack-name\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Cloud-Security-Posture-Management-orz8143/25f51ed0-5a41-11ef-86b7-061640a59457\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"}],\"UsageOperationUpdateTime\":\"2024-08-14T13:29:24Z\",\"AmiLaunchIndex\":0,\"EnclaveOptions\":{\"Enabled\":false},\"PlatformDetails\":\"Linux/UNIX\",\"EnaSupport\":true,\"Ipv6Address\":null,\"Hypervisor\":\"xen\",\"Licenses\":null,\"Architecture\":\"arm64\",\"MetadataOptions\":{\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\"},\"PublicIpAddress\":null,\"RootDeviceType\":\"ebs\",\"OutpostArn\":null,\"PrivateIpAddress\":\"172.31.20.187\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VirtualizationType\":\"hvm\",\"VpcId\":\"vpc-6cb55a15\",\"RootVolume\":null,\"InstanceLifecycle\":\"\",\"Placement\":{\"PartitionNumber\":null,\"Affinity\":null,\"GroupId\":null,\"GroupName\":\"\",\"SpreadDomain\":null,\"Tenancy\":\"default\",\"AvailabilityZone\":\"eu-west-1b\",\"HostId\":null,\"HostResourceGroupArn\":null},\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"KernelId\":null,\"UsageOperation\":\"RunInstances\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AttachTime\":\"2024-08-14T13:29:25Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-008e90586e6301ca7\",\"VolumeOwnerId\":null,\"AssociatedResource\":null}}],\"BootMode\":\"uefi\",\"ProductCodes\":[],\"RamdiskId\":null,\"InstanceId\":\"i-0b842923561575f11\",\"KeyName\":null,\"Region\":\"eu-west-1\",\"InstanceType\":\"m6g.xlarge\",\"TpmSupport\":null,\"ImageId\":\"ami-07834ac50d625e75a\",\"PrivateDnsName\":\"ip-172-31-20-187.eu-west-1.compute.internal\",\"SpotInstanceRequestId\":null,\"ClientToken\":\"0e3943fa-bd07-f3aa-bd05-f395eedd37e7\",\"ElasticInferenceAcceleratorAssociations\":null,\"Platform\":\"\",\"CapacityReservationId\":null,\"HibernationOptions\":{\"Configured\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0b842923561575f11\",\"i-0b842923561575f11\"],\"name\":\"elastic-agent-instance-25f51ed0-5a41-11ef-86b7-061640a59457\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\"},\"cloud\":{\"instance\":{\"id\":\"i-0b842923561575f11\",\"name\":\"elastic-agent-instance-25f51ed0-5a41-11ef-86b7-061640a59457\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1b\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"host\":{\"platform_details\":\"Linux/UNIX\",\"architecture\":\"arm64\",\"imageId\":\"ami-07834ac50d625e75a\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\"},\"network\":{\"private_dns_name\":\"ip-172-31-20-187.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.20.187\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-b50028fd\"],\"network_id\":\"vpc-6cb55a15\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-b50028fd\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-19-164.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.19.164\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-08a268eb03f5a9488\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"qa-cspm-aws\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:25.340517\"},\"raw\":{\"PublicIpAddress\":null,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"qa-cspm-aws\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"}],\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":2},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"EbsOptimized\":true,\"EnclaveOptions\":{\"Enabled\":false},\"CapacityReservationId\":null,\"ClientToken\":\"2e696cf6-2e61-40f4-8982-8251432331b4\",\"RamdiskId\":null,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"HibernationOptions\":{\"Configured\":false},\"IamInstanceProfile\":null,\"RootVolume\":null,\"ElasticGpuAssociations\":null,\"ElasticInferenceAcceleratorAssociations\":null,\"RootDeviceName\":\"/dev/xvda\",\"LaunchTime\":\"2024-10-31T17:44:59Z\",\"CurrentInstanceBootMode\":\"uefi\",\"InstanceType\":\"m6a.xlarge\",\"PrivateDnsName\":\"ip-172-31-19-164.eu-west-1.compute.internal\",\"PublicDnsName\":\"\",\"RootDeviceType\":\"ebs\",\"SriovNetSupport\":null,\"KeyName\":null,\"Monitoring\":{\"State\":\"disabled\"},\"BootMode\":\"uefi-preferred\",\"OutpostArn\":null,\"KernelId\":null,\"Placement\":{\"PartitionNumber\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"GroupId\":null,\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"AvailabilityZone\":\"eu-west-1b\",\"GroupName\":\"\",\"HostId\":null},\"PrivateIpAddress\":\"172.31.19.164\",\"ProductCodes\":[],\"SecurityGroups\":[{\"GroupId\":\"sg-00fffedaddecb00e3\",\"GroupName\":\"launch-wizard-132\"}],\"StateTransitionReason\":\"User initiated (2024-11-02 02:46:38 GMT)\",\"AmiLaunchIndex\":0,\"Ipv6Address\":null,\"Region\":\"eu-west-1\",\"SubnetId\":\"subnet-b50028fd\",\"UsageOperation\":\"RunInstances\",\"PlatformDetails\":\"Linux/UNIX\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"Architecture\":\"x86_64\",\"Hypervisor\":\"xen\",\"Platform\":\"\",\"Licenses\":null,\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"VirtualizationType\":\"hvm\",\"BlockDeviceMappings\":[{\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-10-31T17:44:59Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0190c3e6a6b11ee19\",\"VolumeOwnerId\":null},\"DeviceName\":\"/dev/xvda\"}],\"SpotInstanceRequestId\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ImageId\":\"ami-00385a401487aefa4\",\"InstanceLifecycle\":\"\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"NetworkInterfaces\":[{\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-31T17:44:59Z\",\"AttachmentId\":\"eni-attach-00a18024d6802f854\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-00fffedaddecb00e3\",\"GroupName\":\"launch-wizard-132\"}],\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.19.164\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-19-164.eu-west-1.compute.internal\"}],\"Status\":\"in-use\",\"Association\":null,\"VpcId\":\"vpc-6cb55a15\",\"SubnetId\":\"subnet-b50028fd\",\"Ipv6Prefixes\":null,\"MacAddress\":\"06:ae:af:23:f5:db\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.19.164\",\"PrivateDnsName\":\"ip-172-31-19-164.eu-west-1.compute.internal\",\"NetworkInterfaceId\":\"eni-0f1b98f2bd817b1b4\",\"Description\":\"\"}],\"TpmSupport\":null,\"UsageOperationUpdateTime\":\"2024-10-31T17:44:59Z\",\"VpcId\":\"vpc-6cb55a15\",\"EnaSupport\":true,\"InstanceId\":\"i-08a268eb03f5a9488\",\"SourceDestCheck\":true},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-08a268eb03f5a9488\",\"i-08a268eb03f5a9488\"],\"name\":\"qa-cspm-aws\",\"category\":\"infrastructure\"},\"cloud\":{\"availability_zone\":\"eu-west-1b\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-08a268eb03f5a9488\",\"name\":\"qa-cspm-aws\"},\"machine\":{\"machine_type\":\"m6a.xlarge\"},\"service\":{\"name\":\"AWS EC2\"}},\"host\":{\"instance_type\":\"m6a.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-00385a401487aefa4\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-08a268eb03f5a9488\",\"i-08a268eb03f5a9488\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"team\":\"cloud-security-posture\",\"project\":\"kubasobon\",\"aws:ec2launchtemplate:id\":\"lt-05455d85c537ef06a\",\"org\":\"security\",\"aws:autoscaling:groupName\":\"eks-kuba-logs-1-2024111913004541080000000e-38c9a241-6b28-620b-8533-9d3b60ce6be7\",\"aws:ec2launchtemplate:version\":\"1\",\"division\":\"engineering\",\"eks:cluster-name\":\"kuba-logs\",\"k8s.io/cluster-autoscaler/enabled\":\"true\",\"k8s.io/cluster-autoscaler/kuba-logs\":\"owned\",\"kubernetes.io/cluster/kuba-logs\":\"owned\",\"owner\":\"kubasobon\",\"Name\":\"kuba-logs-1\",\"aws:eks:cluster-name\":\"kuba-logs\",\"deployment\":\"kuba-logs\",\"ec2_type\":\"kspm_eks\",\"eks:nodegroup-name\":\"kuba-logs-1-2024111913004541080000000e\",\"aws:ec2:fleet-id\":\"fleet-9cbd179e-208c-6487-ac90-09283b98d863\"},\"raw\":{\"KernelId\":null,\"RamdiskId\":null,\"InstanceId\":\"i-060d8336958181039\",\"SriovNetSupport\":null,\"Architecture\":\"x86_64\",\"CapacityReservationId\":null,\"Monitoring\":{\"State\":\"enabled\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"VirtualizationType\":\"hvm\",\"Hypervisor\":\"xen\",\"RootDeviceType\":\"ebs\",\"SpotInstanceRequestId\":null,\"UsageOperationUpdateTime\":\"2024-11-19T13:01:32Z\",\"EbsOptimized\":false,\"NetworkInterfaces\":[{\"Groups\":[{\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":\"kuba-logs-node-20241119125157867500000006\"},{\"GroupId\":\"sg-045d46bcaaf8b30a2\",\"GroupName\":\"kuba-logs_120241119125157866600000005\"},{\"GroupId\":\"sg-066a56ecc9a45761c\",\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\"}],\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-02bf634a541c372e7\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"PrivateDnsName\":\"ip-10-0-2-106.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.2.106\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-2-106.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.2.106\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-2-226.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.2.226\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-2-109.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.2.109\"},{\"PrivateIpAddress\":\"10.0.2.15\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-2-15.eu-west-1.compute.internal\"}],\"Association\":null,\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Ipv6Addresses\":[],\"MacAddress\":\"06:99:c1:c4:b6:0f\",\"Attachment\":{\"AttachTime\":\"2024-11-19T13:01:32Z\",\"AttachmentId\":\"eni-attach-0d62d2a0b490bed3a\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"InterfaceType\":\"interface\",\"SubnetId\":\"subnet-0cdfa229831a9689c\",\"Ipv4Prefixes\":null,\"Status\":\"in-use\",\"VpcId\":\"vpc-08d87433815da7907\"}],\"AmiLaunchIndex\":0,\"EnaSupport\":true,\"PublicDnsName\":\"\",\"SourceDestCheck\":true,\"InstanceLifecycle\":\"\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"TpmSupport\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ElasticInferenceAcceleratorAssociations\":null,\"InstanceType\":\"t3.small\",\"UsageOperation\":\"RunInstances\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"Placement\":{\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1b\",\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"HostId\":null,\"Tenancy\":\"default\"},\"PrivateIpAddress\":\"10.0.2.106\",\"HibernationOptions\":{\"Configured\":false},\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/eks-38c9a241-6b28-620b-8533-9d3b60ce6be7\",\"Id\":\"AIPA2IBR2EZTMRXRQPVNM\"},\"LaunchTime\":\"2024-11-19T13:01:32Z\",\"RootDeviceName\":\"/dev/xvda\",\"KeyName\":null,\"MetadataOptions\":{\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\"},\"StateReason\":null,\"RootVolume\":null,\"ClientToken\":\"fleet-9cbd179e-208c-6487-ac90-09283b98d863-0\",\"BootMode\":\"\",\"Region\":\"eu-west-1\",\"PublicIpAddress\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":\"kuba-logs-node-20241119125157867500000006\"},{\"GroupId\":\"sg-045d46bcaaf8b30a2\",\"GroupName\":\"kuba-logs_120241119125157866600000005\"},{\"GroupId\":\"sg-066a56ecc9a45761c\",\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\"}],\"State\":{\"Code\":16,\"Name\":\"running\"},\"SubnetId\":\"subnet-0cdfa229831a9689c\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T13:01:33Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-08eb963bd3e2c4cdc\",\"VolumeOwnerId\":null}}],\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":2},\"ImageId\":\"ami-0afb828e6222e77e4\",\"PlatformDetails\":\"Linux/UNIX\",\"VpcId\":\"vpc-08d87433815da7907\",\"ProductCodes\":[],\"Tags\":[{\"Key\":\"eks:cluster-name\",\"Value\":\"kuba-logs\"},{\"Key\":\"project\",\"Value\":\"kubasobon\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"eks:nodegroup-name\",\"Value\":\"kuba-logs-1-2024111913004541080000000e\"},{\"Key\":\"k8s.io/cluster-autoscaler/kuba-logs\",\"Value\":\"owned\"},{\"Value\":\"security\",\"Key\":\"org\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Key\":\"aws:ec2launchtemplate:id\",\"Value\":\"lt-05455d85c537ef06a\"},{\"Key\":\"aws:autoscaling:groupName\",\"Value\":\"eks-kuba-logs-1-2024111913004541080000000e-38c9a241-6b28-620b-8533-9d3b60ce6be7\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"k8s.io/cluster-autoscaler/enabled\",\"Value\":\"true\"},{\"Key\":\"aws:ec2launchtemplate:version\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-1\"},{\"Key\":\"deployment\",\"Value\":\"kuba-logs\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"kuba-logs\"},{\"Key\":\"aws:ec2:fleet-id\",\"Value\":\"fleet-9cbd179e-208c-6487-ac90-09283b98d863\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"kubernetes.io/cluster/kuba-logs\",\"Value\":\"owned\"}],\"ElasticGpuAssociations\":null,\"EnclaveOptions\":{\"Enabled\":false},\"Ipv6Address\":null,\"OutpostArn\":null,\"Licenses\":null,\"Platform\":\"\",\"PrivateDnsName\":\"ip-10-0-2-106.eu-west-1.compute.internal\",\"StateTransitionReason\":\"\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-060d8336958181039\",\"i-060d8336958181039\"],\"name\":\"kuba-logs-1\",\"category\":\"infrastructure\",\"sub_category\":\"compute\"},\"cloud\":{\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1b\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-060d8336958181039\",\"name\":\"kuba-logs-1\"},\"machine\":{\"machine_type\":\"t3.small\"}},\"host\":{\"instance_type\":\"t3.small\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0afb828e6222e77e4\"},\"ecs\":{\"version\":\"8.0.0\"},\"iam\":{\"id\":\"AIPA2IBR2EZTMRXRQPVNM\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/eks-38c9a241-6b28-620b-8533-9d3b60ce6be7\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-060d8336958181039\",\"i-060d8336958181039\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-060d8336958181039\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"network_id\":\"vpc-08d87433815da7907\",\"private_dns_name\":\"ip-10-0-2-106.eu-west-1.compute.internal\",\"private_ip_address\":\"10.0.2.106\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-0cdfa229831a9689c\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"instance\":{\"name\":\"elastic-agent-instance-d2594700-a677-11ef-a9ff-0a22d85204c3\",\"id\":\"i-02ca59e683aa491e1\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1b\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-0bdc398be408ed05d\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"public_ip_address\":\"54.74.168.56\",\"subnet_ids\":[\"subnet-b50028fd\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-18-232.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.18.232\",\"public_dns_name\":\"ec2-54-74-168-56.eu-west-1.compute.amazonaws.com\"},\"iam\":{\"id\":\"AIPA2IBR2EZTG6XDWOWCQ\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-d2594700-a677-11ef-a9ff-0a22d85204c3\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-02ca59e683aa491e1\",\"i-02ca59e683aa491e1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-02ca59e683aa491e1\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"raw\":{\"ElasticInferenceAcceleratorAssociations\":null,\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-d2594700-a677-11ef-a9ff-0a22d85204c3\",\"Id\":\"AIPA2IBR2EZTG6XDWOWCQ\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SecurityGroups\":[{\"GroupId\":\"sg-0b9e34e4623e664a4\",\"GroupName\":\"elastic-agent-security-group-d2594700-a677-11ef-a9ff-0a22d85204c3\"}],\"InstanceId\":\"i-02ca59e683aa491e1\",\"PrivateDnsName\":\"ip-172-31-18-232.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"SpotInstanceRequestId\":null,\"CurrentInstanceBootMode\":\"uefi\",\"ElasticGpuAssociations\":null,\"HibernationOptions\":{\"Configured\":false},\"OutpostArn\":null,\"RootDeviceType\":\"ebs\",\"KeyName\":null,\"SubnetId\":\"subnet-b50028fd\",\"RootVolume\":null,\"CapacityReservationId\":null,\"StateTransitionReason\":\"\",\"Region\":\"eu-west-1\",\"EnclaveOptions\":{\"Enabled\":false},\"SriovNetSupport\":null,\"UsageOperation\":\"RunInstances\",\"ImageId\":\"ami-0bdc398be408ed05d\",\"InstanceType\":\"m6g.xlarge\",\"Ipv6Address\":null,\"RootDeviceName\":\"/dev/xvda\",\"State\":{\"Code\":16,\"Name\":\"running\"},\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ClientToken\":\"36469c3e-1c04-b64e-5315-3523b1c4d27e\",\"LaunchTime\":\"2024-11-19T13:12:14Z\",\"RamdiskId\":null,\"Tags\":[{\"Key\":\"project\",\"Value\":\"cloudformation\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"kuba-logs-cnvm-sanity-test-stack\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/kuba-logs-cnvm-sanity-test-stack/d2594700-a677-11ef-a9ff-0a22d85204c3\"},{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-d2594700-a677-11ef-a9ff-0a22d85204c3\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Value\":\"Vulnerability Management Scanner\",\"Key\":\"Task\"}],\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"VolumeId\":\"vol-0188e7b462221a5c3\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T13:12:15Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\"}}],\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"InstanceLifecycle\":\"\",\"BootMode\":\"uefi\",\"KernelId\":null,\"ProductCodes\":[],\"Hypervisor\":\"xen\",\"Licenses\":null,\"MetadataOptions\":{\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\"},\"UsageOperationUpdateTime\":\"2024-11-19T13:12:14Z\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"NetworkInterfaces\":[{\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.18.232\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-74-168-56.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.74.168.56\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-18-232.eu-west-1.compute.internal\"}],\"Attachment\":{\"AttachTime\":\"2024-11-19T13:12:14Z\",\"AttachmentId\":\"eni-attach-00257e54813a7a96a\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"ConnectionTrackingConfiguration\":null,\"NetworkInterfaceId\":\"eni-0aa73f770116623da\",\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-b50028fd\",\"Description\":\"\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-18-232.eu-west-1.compute.internal\",\"Groups\":[{\"GroupId\":\"sg-0b9e34e4623e664a4\",\"GroupName\":\"elastic-agent-security-group-d2594700-a677-11ef-a9ff-0a22d85204c3\"}],\"Ipv6Prefixes\":null,\"Status\":\"in-use\",\"VpcId\":\"vpc-6cb55a15\",\"SourceDestCheck\":true,\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-74-168-56.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.74.168.56\"},\"Ipv6Addresses\":[],\"MacAddress\":\"06:1d:ba:95:06:03\",\"PrivateIpAddress\":\"172.31.18.232\"}],\"Placement\":{\"GroupName\":\"\",\"HostId\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1b\",\"GroupId\":null,\"HostResourceGroupArn\":null},\"PublicDnsName\":\"ec2-54-74-168-56.eu-west-1.compute.amazonaws.com\",\"TpmSupport\":null,\"EbsOptimized\":false,\"Monitoring\":{\"State\":\"disabled\"},\"PublicIpAddress\":\"54.74.168.56\",\"StateReason\":null,\"VirtualizationType\":\"hvm\",\"VpcId\":\"vpc-6cb55a15\",\"Architecture\":\"arm64\",\"AmiLaunchIndex\":0,\"EnaSupport\":true,\"Platform\":\"\",\"PlatformDetails\":\"Linux/UNIX\",\"PrivateIpAddress\":\"172.31.18.232\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-02ca59e683aa491e1\",\"i-02ca59e683aa491e1\"],\"name\":\"elastic-agent-instance-d2594700-a677-11ef-a9ff-0a22d85204c3\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"project\":\"cloudformation\",\"Task\":\"Vulnerability Management Scanner\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"division\":\"engineering\",\"org\":\"security\",\"team\":\"cloud-security\",\"Name\":\"elastic-agent-instance-d2594700-a677-11ef-a9ff-0a22d85204c3\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/kuba-logs-cnvm-sanity-test-stack/d2594700-a677-11ef-a9ff-0a22d85204c3\",\"aws:cloudformation:stack-name\":\"kuba-logs-cnvm-sanity-test-stack\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0f66f649acf0435fc\",\"name\":\"benchmark-rules-1\"},\"machine\":{\"machine_type\":\"t3.small\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\"},\"iam\":{\"id\":\"AIPA2IBR2EZTKNCYHOXWX\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/eks-04c7e4dc-c488-202d-1593-31a4cbe00ed6\"},\"resource_policies\":[],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0f66f649acf0435fc\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"benchmark-rules-1\",\"division\":\"engineering\",\"ec2_type\":\"kspm_eks\",\"eks:cluster-name\":\"benchmark-rules\",\"owner\":\"seanrathier\",\"team\":\"cloud-security-posture\",\"aws:ec2:fleet-id\":\"fleet-a237892f-bfa6-e694-0630-2fa808383483\",\"deployment\":\"benchmark-rules\",\"org\":\"security\",\"project\":\"seanrathier\",\"k8s.io/cluster-autoscaler/enabled\":\"true\",\"kubernetes.io/cluster/benchmark-rules\":\"owned\",\"aws:autoscaling:groupName\":\"eks-benchmark-rules-1-2024053013385068780000000e-04c7e4dc-c488-202d-1593-31a4cbe00ed6\",\"aws:ec2launchtemplate:id\":\"lt-0ae79ee39e2cd5943\",\"aws:ec2launchtemplate:version\":\"1\",\"aws:eks:cluster-name\":\"benchmark-rules\",\"eks:nodegroup-name\":\"benchmark-rules-1-2024053013385068780000000e\",\"k8s.io/cluster-autoscaler/benchmark-rules\":\"owned\"},\"raw\":{\"VpcId\":\"vpc-00103fb710b9960ab\",\"BootMode\":\"\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"StateTransitionReason\":\"\",\"UsageOperationUpdateTime\":\"2024-08-26T17:07:13Z\",\"AmiLaunchIndex\":0,\"KeyName\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-0054cc356c3f84c21\",\"GroupName\":\"benchmark-rules_120240530133039418700000004\"},{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":\"benchmark-rules-node-20240530133041754900000006\"},{\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\",\"GroupId\":\"sg-06db863f6566691fb\"}],\"Monitoring\":{\"State\":\"enabled\"},\"RootDeviceType\":\"ebs\",\"ClientToken\":\"fleet-a237892f-bfa6-e694-0630-2fa808383483-0\",\"PrivateDnsName\":\"ip-10-0-3-145.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.145\",\"Region\":\"eu-west-1\",\"ElasticGpuAssociations\":null,\"Licenses\":null,\"MetadataOptions\":{\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2},\"SriovNetSupport\":null,\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/eks-04c7e4dc-c488-202d-1593-31a4cbe00ed6\",\"Id\":\"AIPA2IBR2EZTKNCYHOXWX\"},\"LaunchTime\":\"2024-08-26T17:07:13Z\",\"RamdiskId\":null,\"RootDeviceName\":\"/dev/xvda\",\"RootVolume\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"Hypervisor\":\"xen\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VirtualizationType\":\"hvm\",\"EnaSupport\":true,\"SubnetId\":\"subnet-0581305834edb5054\",\"Tags\":[{\"Key\":\"eks:nodegroup-name\",\"Value\":\"benchmark-rules-1-2024053013385068780000000e\"},{\"Key\":\"k8s.io/cluster-autoscaler/benchmark-rules\",\"Value\":\"owned\"},{\"Key\":\"aws:ec2launchtemplate:version\",\"Value\":\"1\"},{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/benchmark-rules\"},{\"Key\":\"owner\",\"Value\":\"seanrathier\"},{\"Key\":\"k8s.io/cluster-autoscaler/enabled\",\"Value\":\"true\"},{\"Key\":\"project\",\"Value\":\"seanrathier\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"aws:ec2:fleet-id\",\"Value\":\"fleet-a237892f-bfa6-e694-0630-2fa808383483\"},{\"Key\":\"Name\",\"Value\":\"benchmark-rules-1\"},{\"Key\":\"aws:ec2launchtemplate:id\",\"Value\":\"lt-0ae79ee39e2cd5943\"},{\"Key\":\"aws:autoscaling:groupName\",\"Value\":\"eks-benchmark-rules-1-2024053013385068780000000e-04c7e4dc-c488-202d-1593-31a4cbe00ed6\"},{\"Key\":\"eks:cluster-name\",\"Value\":\"benchmark-rules\"},{\"Key\":\"deployment\",\"Value\":\"benchmark-rules\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"benchmark-rules\"}],\"TpmSupport\":null,\"InstanceType\":\"t3.small\",\"Ipv6Address\":null,\"NetworkInterfaces\":[{\"PrivateDnsName\":\"ip-10-0-3-145.eu-west-1.compute.internal\",\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-0054cc356c3f84c21\",\"GroupName\":\"benchmark-rules_120240530133039418700000004\"},{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":\"benchmark-rules-node-20240530133041754900000006\"},{\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\",\"GroupId\":\"sg-06db863f6566691fb\"}],\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:17:65:31:cd:f1\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-3-145.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.145\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-98.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.98\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-111.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.111\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-79.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.79\"}],\"SourceDestCheck\":true,\"SubnetId\":\"subnet-0581305834edb5054\",\"Attachment\":{\"AttachTime\":\"2024-08-26T17:07:13Z\",\"AttachmentId\":\"eni-attach-077e4d1e1aaa37390\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"Ipv4Prefixes\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"10.0.3.145\",\"Status\":\"in-use\",\"Association\":null,\"NetworkInterfaceId\":\"eni-04865c70e3aaa7d1b\",\"VpcId\":\"vpc-00103fb710b9960ab\"}],\"SourceDestCheck\":true,\"Architecture\":\"x86_64\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":2},\"ElasticInferenceAcceleratorAssociations\":null,\"HibernationOptions\":{\"Configured\":false},\"State\":{\"Code\":16,\"Name\":\"running\"},\"UsageOperation\":\"RunInstances\",\"KernelId\":null,\"StateReason\":null,\"ImageId\":\"ami-0a8b3614bc9c55c19\",\"PublicDnsName\":\"\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-04e20795789c5a6f0\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-08-26T17:07:13Z\"}}],\"InstanceId\":\"i-0f66f649acf0435fc\",\"Platform\":\"\",\"ProductCodes\":[],\"Placement\":{\"AvailabilityZone\":\"eu-west-1c\",\"HostId\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null},\"PlatformDetails\":\"Linux/UNIX\",\"CapacityReservationId\":null,\"EbsOptimized\":false,\"InstanceLifecycle\":\"\",\"OutpostArn\":null,\"EnclaveOptions\":{\"Enabled\":false},\"PublicIpAddress\":null,\"SpotInstanceRequestId\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0f66f649acf0435fc\",\"i-0f66f649acf0435fc\"],\"name\":\"benchmark-rules-1\",\"category\":\"infrastructure\",\"sub_category\":\"compute\"},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-0a8b3614bc9c55c19\",\"instance_type\":\"t3.small\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"network_id\":\"vpc-00103fb710b9960ab\",\"private_dns_name\":\"ip-10-0-3-145.eu-west-1.compute.internal\",\"private_ip_address\":\"10.0.3.145\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-0581305834edb5054\"]},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0f66f649acf0435fc\",\"i-0f66f649acf0435fc\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"host\":{\"imageId\":\"ami-054a53dca63de757b\",\"instance_type\":\"t2.micro\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\"},\"network\":{\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-43-140.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.43.140\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0f0c12913e5ec23fc\",\"i-0f0c12913e5ec23fc\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0f0c12913e5ec23fc\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"yarden-wiz-demo\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\"},\"raw\":{\"OutpostArn\":null,\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"RamdiskId\":null,\"SubnetId\":\"subnet-7a841e20\",\"Tags\":[{\"Value\":\"yarden-wiz-demo\",\"Key\":\"Name\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"}],\"EbsOptimized\":false,\"InstanceType\":\"t2.micro\",\"PublicIpAddress\":null,\"RootDeviceType\":\"ebs\",\"ElasticGpuAssociations\":null,\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"SecurityGroups\":[{\"GroupId\":\"sg-0ce799a71053a4f57\",\"GroupName\":\"launch-wizard-128\"}],\"Licenses\":null,\"Monitoring\":{\"State\":\"disabled\"},\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"VirtualizationType\":\"hvm\",\"ElasticInferenceAcceleratorAssociations\":null,\"InstanceId\":\"i-0f0c12913e5ec23fc\",\"Placement\":{\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1c\",\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"GroupId\":null,\"GroupName\":\"\"},\"PrivateIpAddress\":\"172.31.43.140\",\"ProductCodes\":[],\"SriovNetSupport\":null,\"PrivateDnsName\":\"ip-172-31-43-140.eu-west-1.compute.internal\",\"UsageOperation\":\"RunInstances\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"InstanceLifecycle\":\"\",\"KernelId\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":1},\"ImageId\":\"ami-054a53dca63de757b\",\"RootDeviceName\":\"/dev/xvda\",\"SourceDestCheck\":true,\"RootVolume\":null,\"HibernationOptions\":{\"Configured\":false},\"IamInstanceProfile\":null,\"MetadataOptions\":{\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\"},\"SpotInstanceRequestId\":null,\"CapacityReservationId\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ClientToken\":\"3e57f3ab-c04e-4f89-ba37-388039ff891a\",\"EnclaveOptions\":{\"Enabled\":false},\"VpcId\":\"vpc-6cb55a15\",\"Region\":\"eu-west-1\",\"AmiLaunchIndex\":0,\"LaunchTime\":\"2024-10-08T09:25:21Z\",\"TpmSupport\":null,\"UsageOperationUpdateTime\":\"2024-10-08T09:25:21Z\",\"BootMode\":\"uefi-preferred\",\"KeyName\":\"yarden-3p-demo-keypair\",\"Platform\":\"\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"Status\":\"attached\",\"VolumeId\":\"vol-09147b4830a2e6811\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-08T09:25:22Z\",\"DeleteOnTermination\":true}}],\"Hypervisor\":\"xen\",\"Ipv6Address\":null,\"PlatformDetails\":\"Linux/UNIX\",\"StateTransitionReason\":\"User initiated (2024-10-10 02:46:14 GMT)\",\"Architecture\":\"x86_64\",\"EnaSupport\":true,\"NetworkInterfaces\":[{\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-43-140.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.43.140\"}],\"Ipv4Prefixes\":null,\"PrivateIpAddress\":\"172.31.43.140\",\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-0ce799a71053a4f57\",\"GroupName\":\"launch-wizard-128\"}],\"MacAddress\":\"0a:d8:bb:66:9e:09\",\"NetworkInterfaceId\":\"eni-08e2b381007a3464b\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-43-140.eu-west-1.compute.internal\",\"Association\":null,\"Attachment\":{\"AttachmentId\":\"eni-attach-0396f97987ebbf332\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-08T09:25:21Z\"},\"SubnetId\":\"subnet-7a841e20\",\"VpcId\":\"vpc-6cb55a15\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\"}],\"PublicDnsName\":\"\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0f0c12913e5ec23fc\",\"i-0f0c12913e5ec23fc\"],\"name\":\"yarden-wiz-demo\",\"category\":\"infrastructure\"},\"cloud\":{\"instance\":{\"id\":\"i-0f0c12913e5ec23fc\",\"name\":\"yarden-wiz-demo\"},\"machine\":{\"machine_type\":\"t2.micro\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e6ab35860ed09391\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"name\":\"kuba-logs-0Ht\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"deployment\":\"kuba-logs\",\"org\":\"security\",\"provisioner\":\"terraform\",\"Name\":\"kuba-logs-0Ht\",\"ec2_type\":\"kspm\",\"id\":\"adc8e8a8\",\"owner\":\"kubasobon\",\"project\":\"kubasobon\",\"team\":\"cloud-security-posture\",\"division\":\"engineering\"},\"raw\":{\"Architecture\":\"x86_64\",\"ImageId\":\"ami-0a5b3305c37e58e04\",\"OutpostArn\":null,\"PublicDnsName\":\"ec2-54-246-215-38.eu-west-1.compute.amazonaws.com\",\"CpuOptions\":{\"ThreadsPerCore\":2,\"AmdSevSnp\":\"\",\"CoreCount\":8},\"Ipv6Address\":null,\"RamdiskId\":null,\"VirtualizationType\":\"hvm\",\"Region\":\"eu-west-1\",\"RootVolume\":null,\"MetadataOptions\":{\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1,\"HttpTokens\":\"optional\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"PrivateIpAddress\":\"172.31.33.4\",\"ProductCodes\":[],\"SubnetId\":\"subnet-7a841e20\",\"UsageOperation\":\"RunInstances\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"HibernationOptions\":{\"Configured\":false},\"SpotInstanceRequestId\":null,\"State\":{\"Code\":16,\"Name\":\"running\"},\"StateTransitionReason\":\"\",\"ElasticInferenceAcceleratorAssociations\":null,\"InstanceId\":\"i-0e6ab35860ed09391\",\"NetworkInterfaces\":[{\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-0566ef03d13288414\",\"Status\":\"in-use\",\"PrivateIpAddresses\":[{\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-246-215-38.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.246.215.38\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-33-4.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.33.4\"}],\"VpcId\":\"vpc-6cb55a15\",\"Association\":{\"PublicDnsName\":\"ec2-54-246-215-38.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.246.215.38\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-33-4.eu-west-1.compute.internal\",\"MacAddress\":\"0a:51:31:6a:0f:fb\",\"PrivateIpAddress\":\"172.31.33.4\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-7a841e20\",\"Attachment\":{\"AttachmentId\":\"eni-attach-0153d15e07dcc0289\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T12:51:49Z\"},\"Groups\":[{\"GroupId\":\"sg-0a509074669fdd389\",\"GroupName\":\"terraform-20241119125144329800000003\"}],\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"Description\":\"\"}],\"PrivateDnsName\":\"ip-172-31-33-4.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"SriovNetSupport\":null,\"InstanceType\":\"c5.4xlarge\",\"TpmSupport\":null,\"BootMode\":\"\",\"ElasticGpuAssociations\":null,\"EnaSupport\":true,\"Hypervisor\":\"xen\",\"RootDeviceName\":\"/dev/sda1\",\"StateReason\":null,\"AmiLaunchIndex\":0,\"EnclaveOptions\":{\"Enabled\":false},\"SecurityGroups\":[{\"GroupId\":\"sg-0a509074669fdd389\",\"GroupName\":\"terraform-20241119125144329800000003\"}],\"UsageOperationUpdateTime\":\"2024-11-19T12:51:49Z\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T12:51:50Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0d9b93be98bc8bde1\",\"VolumeOwnerId\":null}}],\"InstanceLifecycle\":\"\",\"Licenses\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Platform\":\"\",\"KernelId\":null,\"Monitoring\":{\"State\":\"disabled\"},\"ClientToken\":\"E84349A3-778D-4CED-BDB5-CAD88775510A\",\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\",\"Id\":\"AIPA2IBR2EZTKYFMHPJPM\"},\"LaunchTime\":\"2024-11-19T12:51:49Z\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"KeyName\":\"cloudbeat-generated-adc8e8a8\",\"Placement\":{\"PartitionNumber\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1c\",\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"SpreadDomain\":null},\"PlatformDetails\":\"Linux/UNIX\",\"CapacityReservationId\":null,\"PublicIpAddress\":\"54.246.215.38\",\"VpcId\":\"vpc-6cb55a15\",\"Tags\":[{\"Value\":\"adc8e8a8\",\"Key\":\"id\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Value\":\"security\",\"Key\":\"org\"},{\"Value\":\"terraform\",\"Key\":\"provisioner\"},{\"Value\":\"kuba-logs\",\"Key\":\"deployment\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Value\":\"kubasobon\",\"Key\":\"project\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-0Ht\"},{\"Value\":\"cloud-security-posture\",\"Key\":\"team\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"}],\"EbsOptimized\":false,\"RootDeviceType\":\"ebs\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e6ab35860ed09391\",\"i-0e6ab35860ed09391\"]},\"iam\":{\"arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\",\"id\":\"AIPA2IBR2EZTKYFMHPJPM\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e6ab35860ed09391\",\"i-0e6ab35860ed09391\"],\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0e6ab35860ed09391\",\"name\":\"kuba-logs-0Ht\"},\"machine\":{\"machine_type\":\"c5.4xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"host\":{\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0a5b3305c37e58e04\",\"instance_type\":\"c5.4xlarge\"},\"network\":{\"public_ip_address\":\"54.246.215.38\",\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-33-4.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.33.4\",\"public_dns_name\":\"ec2-54-246-215-38.eu-west-1.compute.amazonaws.com\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"network\":{\"subnet_ids\":[\"subnet-b50028fd\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-28-145.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.28.145\",\"public_dns_name\":\"\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-09d8f12a0d43961fd\",\"i-09d8f12a0d43961fd\"],\"asset\":{\"tags\":{\"Name\":\"ido-wiz-vunerabilities\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},\"raw\":{\"ElasticGpuAssociations\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"StateTransitionReason\":\"User initiated (2024-08-22 02:46:48 GMT)\",\"ClientToken\":\"d4a8ca81-9f4a-49e0-9b89-aba50e2fdd21\",\"NetworkInterfaces\":[{\"Association\":null,\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-08-13T10:05:10Z\",\"AttachmentId\":\"eni-attach-0a1a605847492e9a2\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"Description\":\"\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"SubnetId\":\"subnet-b50028fd\",\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-073a4f4d84a89c002\",\"GroupName\":\"launch-wizard-120\"}],\"InterfaceType\":\"interface\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.28.145\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-28-145.eu-west-1.compute.internal\"}],\"VpcId\":\"vpc-6cb55a15\",\"Ipv6Addresses\":[],\"MacAddress\":\"06:90:46:b6:ec:d5\",\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"172.31.28.145\",\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-013f518899e414455\",\"PrivateDnsName\":\"ip-172-31-28-145.eu-west-1.compute.internal\"}],\"RootDeviceType\":\"ebs\",\"SubnetId\":\"subnet-b50028fd\",\"EnaSupport\":true,\"HibernationOptions\":{\"Configured\":false},\"LaunchTime\":\"2024-08-21T13:24:11Z\",\"PublicIpAddress\":null,\"SriovNetSupport\":null,\"SecurityGroups\":[{\"GroupName\":\"launch-wizard-120\",\"GroupId\":\"sg-073a4f4d84a89c002\"}],\"MetadataOptions\":{\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\"},\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"RootVolume\":null,\"RamdiskId\":null,\"Region\":\"eu-west-1\",\"AmiLaunchIndex\":0,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":1},\"InstanceId\":\"i-09d8f12a0d43961fd\",\"Monitoring\":{\"State\":\"disabled\"},\"Placement\":{\"PartitionNumber\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1b\",\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"SpreadDomain\":null},\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"IamInstanceProfile\":null,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"UsageOperation\":\"RunInstances\",\"VpcId\":\"vpc-6cb55a15\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"ImageId\":\"ami-0a2202cf4c36161a1\",\"Licenses\":null,\"PublicDnsName\":\"\",\"EnclaveOptions\":{\"Enabled\":false},\"CapacityReservationId\":null,\"InstanceType\":\"t2.micro\",\"Tags\":[{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"Name\",\"Value\":\"ido-wiz-vunerabilities\"}],\"Architecture\":\"x86_64\",\"SourceDestCheck\":true,\"PlatformDetails\":\"Linux/UNIX\",\"ProductCodes\":[],\"UsageOperationUpdateTime\":\"2024-08-13T10:05:10Z\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-08-13T10:05:11Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-069de2691fcf62ef6\",\"VolumeOwnerId\":null}}],\"BootMode\":\"uefi-preferred\",\"ElasticInferenceAcceleratorAssociations\":null,\"Hypervisor\":\"xen\",\"OutpostArn\":null,\"EbsOptimized\":false,\"Ipv6Address\":null,\"PrivateDnsNameOptions\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true},\"PrivateIpAddress\":\"172.31.28.145\",\"RootDeviceName\":\"/dev/xvda\",\"SpotInstanceRequestId\":null,\"TpmSupport\":null,\"VirtualizationType\":\"hvm\",\"InstanceLifecycle\":\"\",\"KernelId\":null,\"KeyName\":\"ido-ec2\",\"Platform\":\"\",\"PrivateDnsName\":\"ip-172-31-28-145.eu-west-1.compute.internal\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-09d8f12a0d43961fd\",\"i-09d8f12a0d43961fd\"],\"name\":\"ido-wiz-vunerabilities\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"name\":\"ido-wiz-vunerabilities\",\"id\":\"i-09d8f12a0d43961fd\"},\"machine\":{\"machine_type\":\"t2.micro\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1b\",\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-0a2202cf4c36161a1\",\"instance_type\":\"t2.micro\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-09d8f12a0d43961fd\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e30a87924b029ae4\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"raw\":{\"NetworkInterfaces\":[{\"Attachment\":{\"AttachTime\":\"2024-09-23T22:28:46Z\",\"AttachmentId\":\"eni-attach-079035fd87b4b097c\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"MacAddress\":\"06:4b:92:c7:46:09\",\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-27-25.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.27.25\",\"Association\":null,\"Primary\":true}],\"Status\":\"in-use\",\"Groups\":[{\"GroupId\":\"sg-0539555fe9c649856\",\"GroupName\":\"elastic-agent-security-group-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\"}],\"Ipv4Prefixes\":null,\"SubnetId\":\"subnet-b50028fd\",\"ConnectionTrackingConfiguration\":null,\"NetworkInterfaceId\":\"eni-03d9da63ff4a291fa\",\"PrivateDnsName\":\"ip-172-31-27-25.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"Association\":null,\"Description\":\"\",\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.27.25\",\"VpcId\":\"vpc-6cb55a15\"}],\"PlatformDetails\":\"Linux/UNIX\",\"StateTransitionReason\":\"User initiated (2024-09-25 02:46:25 GMT)\",\"TpmSupport\":null,\"VpcId\":\"vpc-6cb55a15\",\"UsageOperation\":\"RunInstances\",\"OutpostArn\":null,\"Tags\":[{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Vulnerability-Management-cnvm/1f997e80-79fb-11ef-b33b-02c8a45cd4ff\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Vulnerability-Management-cnvm\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"Task\",\"Value\":\"Vulnerability Management Scanner\"},{\"Value\":\"Resource does not meet policy: stop@2024/11/20\",\"Key\":\"custodian_stop\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"}],\"RootVolume\":null,\"AmiLaunchIndex\":0,\"ImageId\":\"ami-03fc568d95a2c1905\",\"PublicIpAddress\":null,\"ElasticGpuAssociations\":null,\"Monitoring\":{\"State\":\"disabled\"},\"Region\":\"eu-west-1\",\"EbsOptimized\":false,\"LaunchTime\":\"2024-09-23T22:28:46Z\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"ClientToken\":\"146269ca-bfea-a87f-d7d3-bbc4cd439add\",\"PrivateDnsName\":\"ip-172-31-27-25.eu-west-1.compute.internal\",\"SubnetId\":\"subnet-b50028fd\",\"EnaSupport\":true,\"InstanceType\":\"m6g.xlarge\",\"KernelId\":null,\"ProductCodes\":[],\"Architecture\":\"arm64\",\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\",\"Id\":\"AIPA2IBR2EZTKNY3VSZEQ\"},\"SourceDestCheck\":true,\"CurrentInstanceBootMode\":\"uefi\",\"EnclaveOptions\":{\"Enabled\":false},\"Ipv6Address\":null,\"SpotInstanceRequestId\":null,\"SriovNetSupport\":null,\"PublicDnsName\":\"\",\"VirtualizationType\":\"hvm\",\"CapacityReservationId\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ElasticInferenceAcceleratorAssociations\":null,\"Hypervisor\":\"xen\",\"Placement\":{\"Affinity\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"AvailabilityZone\":\"eu-west-1b\",\"GroupId\":null,\"HostId\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\"},\"PrivateIpAddress\":\"172.31.27.25\",\"RamdiskId\":null,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"HibernationOptions\":{\"Configured\":false},\"InstanceLifecycle\":\"\",\"RootDeviceName\":\"/dev/xvda\",\"RootDeviceType\":\"ebs\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-09-23T22:28:46Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-08a95513e31f5368e\",\"VolumeOwnerId\":null}}],\"KeyName\":null,\"MetadataOptions\":{\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\"},\"SecurityGroups\":[{\"GroupId\":\"sg-0539555fe9c649856\",\"GroupName\":\"elastic-agent-security-group-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\"}],\"BootMode\":\"uefi\",\"InstanceId\":\"i-0e30a87924b029ae4\",\"Licenses\":null,\"Platform\":\"\",\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"UsageOperationUpdateTime\":\"2024-09-23T22:28:46Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e30a87924b029ae4\",\"i-0e30a87924b029ae4\"],\"name\":\"elastic-agent-instance-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Vulnerability-Management-cnvm/1f997e80-79fb-11ef-b33b-02c8a45cd4ff\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"aws:cloudformation:stack-name\":\"Elastic-Vulnerability-Management-cnvm\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"elastic-agent-instance-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\",\"Task\":\"Vulnerability Management Scanner\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\"}},\"cloud\":{\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1b\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0e30a87924b029ae4\",\"name\":\"elastic-agent-instance-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\"}},\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-03fc568d95a2c1905\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"private_ip_address\":\"172.31.27.25\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-b50028fd\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-27-25.eu-west-1.compute.internal\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0e30a87924b029ae4\",\"i-0e30a87924b029ae4\"],\"iam\":{\"id\":\"AIPA2IBR2EZTKNY3VSZEQ\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"availability_zone\":\"eu-west-1b\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0da69cc5594ceeaf0\",\"name\":\"elastic-agent-instance-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"}},\"network\":{\"private_dns_name\":\"ip-172-31-31-201.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.31.201\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-b50028fd\"],\"network_id\":\"vpc-6cb55a15\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0da69cc5594ceeaf0\",\"i-0da69cc5594ceeaf0\"],\"asset\":{\"tags\":{\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"elastic-agent-instance-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\",\"Task\":\"Cloud Security Posture Management Scanner\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Cloud-Security-Posture-Management-logsdb4/61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\",\"aws:cloudformation:stack-name\":\"Elastic-Cloud-Security-Posture-Management-logsdb4\"},\"raw\":{\"SriovNetSupport\":null,\"Region\":\"eu-west-1\",\"BlockDeviceMappings\":[{\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-10-13T14:00:08Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0760091dd4029e25e\",\"VolumeOwnerId\":null},\"DeviceName\":\"/dev/xvda\"}],\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\",\"Id\":\"AIPA2IBR2EZTF3YPBZXGC\"},\"SecurityGroups\":[{\"GroupId\":\"sg-06f6b809d5e053c55\",\"GroupName\":\"elastic-agent-security-group-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\"}],\"HibernationOptions\":{\"Configured\":false},\"RootDeviceType\":\"ebs\",\"SubnetId\":\"subnet-b50028fd\",\"Tags\":[{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Value\":\"Resource does not meet policy: stop@2024/11/20\",\"Key\":\"custodian_stop\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Value\":\"Cloud Security Posture Management Scanner\",\"Key\":\"Task\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Cloud-Security-Posture-Management-logsdb4/61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Cloud-Security-Posture-Management-logsdb4\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Value\":\"elastic-agent-instance-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\",\"Key\":\"Name\"}],\"EbsOptimized\":false,\"Hypervisor\":\"xen\",\"StateTransitionReason\":\"User initiated (2024-10-15 02:46:08 GMT)\",\"Ipv6Address\":null,\"KernelId\":null,\"PrivateDnsNameOptions\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"PublicIpAddress\":null,\"RootVolume\":null,\"BootMode\":\"uefi\",\"LaunchTime\":\"2024-10-13T14:00:08Z\",\"Platform\":\"\",\"ClientToken\":\"1beb6aa8-122b-aeab-d045-15d4565ee3b6\",\"ImageId\":\"ami-0423117f538c199c2\",\"EnclaveOptions\":{\"Enabled\":false},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Monitoring\":{\"State\":\"disabled\"},\"TpmSupport\":null,\"VirtualizationType\":\"hvm\",\"CapacityReservationId\":null,\"ElasticInferenceAcceleratorAssociations\":null,\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"InstanceType\":\"m6g.xlarge\",\"NetworkInterfaces\":[{\"PrivateDnsName\":\"ip-172-31-31-201.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-31-201.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.31.201\"}],\"SourceDestCheck\":true,\"SubnetId\":\"subnet-b50028fd\",\"VpcId\":\"vpc-6cb55a15\",\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-06e0a7290379b2582\",\"Groups\":[{\"GroupId\":\"sg-06f6b809d5e053c55\",\"GroupName\":\"elastic-agent-security-group-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\"}],\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"MacAddress\":\"06:da:16:bd:8a:ff\",\"OwnerId\":\"704479110758\",\"Association\":null,\"Attachment\":{\"Status\":\"attached\",\"AttachTime\":\"2024-10-13T14:00:08Z\",\"AttachmentId\":\"eni-attach-0b6d272bbd7d4efd7\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0},\"PrivateIpAddress\":\"172.31.31.201\",\"Status\":\"in-use\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"\"}],\"SpotInstanceRequestId\":null,\"KeyName\":null,\"ElasticGpuAssociations\":null,\"InstanceLifecycle\":\"\",\"UsageOperation\":\"RunInstances\",\"RamdiskId\":null,\"Licenses\":null,\"OutpostArn\":null,\"CurrentInstanceBootMode\":\"uefi\",\"EnaSupport\":true,\"InstanceId\":\"i-0da69cc5594ceeaf0\",\"PrivateIpAddress\":\"172.31.31.201\",\"PublicDnsName\":\"\",\"RootDeviceName\":\"/dev/xvda\",\"SourceDestCheck\":true,\"UsageOperationUpdateTime\":\"2024-10-13T14:00:08Z\",\"AmiLaunchIndex\":0,\"Placement\":{\"PartitionNumber\":null,\"SpreadDomain\":null,\"AvailabilityZone\":\"eu-west-1b\",\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"GroupId\":null},\"PlatformDetails\":\"Linux/UNIX\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"VpcId\":\"vpc-6cb55a15\",\"PrivateDnsName\":\"ip-172-31-31-201.eu-west-1.compute.internal\",\"ProductCodes\":[],\"Architecture\":\"arm64\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0da69cc5594ceeaf0\",\"i-0da69cc5594ceeaf0\"],\"name\":\"elastic-agent-instance-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"host\":{\"imageId\":\"ami-0423117f538c199c2\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"arm64\"},\"iam\":{\"id\":\"AIPA2IBR2EZTF3YPBZXGC\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0da69cc5594ceeaf0\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-05a12421713f8b648\",\"i-05a12421713f8b648\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-05a12421713f8b648\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"raw\":{\"Tags\":[{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"}],\"CapacityReservationSpecification\":{\"CapacityReservationTarget\":null,\"CapacityReservationPreference\":\"open\"},\"CurrentInstanceBootMode\":\"uefi\",\"HibernationOptions\":{\"Configured\":false},\"NetworkInterfaces\":[{\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"VpcId\":\"vpc-6cb55a15\",\"Ipv6Prefixes\":null,\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"PrivateDnsName\":\"ip-172-31-29-165.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.29.165\",\"Description\":\"\",\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-31T16:34:55Z\",\"AttachmentId\":\"eni-attach-06cb59d9ff302acce\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"MacAddress\":\"06:8b:6c:6f:63:45\",\"NetworkInterfaceId\":\"eni-0ee1875bbc2a2c735\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.29.165\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-29-165.eu-west-1.compute.internal\"}],\"Status\":\"in-use\",\"Association\":null,\"SubnetId\":\"subnet-b50028fd\",\"Groups\":[{\"GroupId\":\"sg-0f931cb570d325929\",\"GroupName\":\"launch-wizard-131\"}]}],\"Platform\":\"\",\"StateTransitionReason\":\"User initiated (2024-11-02 02:46:38 GMT)\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":2},\"ProductCodes\":[],\"SpotInstanceRequestId\":null,\"BootMode\":\"uefi-preferred\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"SourceDestCheck\":true,\"ElasticInferenceAcceleratorAssociations\":null,\"Ipv6Address\":null,\"Monitoring\":{\"State\":\"disabled\"},\"OutpostArn\":null,\"KeyName\":null,\"PublicDnsName\":\"\",\"RootDeviceType\":\"ebs\",\"SubnetId\":\"subnet-b50028fd\",\"PrivateDnsName\":\"ip-172-31-29-165.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.29.165\",\"Architecture\":\"x86_64\",\"EnaSupport\":true,\"InstanceId\":\"i-05a12421713f8b648\",\"InstanceLifecycle\":\"\",\"Placement\":{\"GroupName\":\"\",\"SpreadDomain\":null,\"Tenancy\":\"default\",\"AvailabilityZone\":\"eu-west-1b\",\"GroupId\":null,\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Affinity\":null},\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"CapacityReservationId\":null,\"ClientToken\":\"560ca6cb-e5ec-4b50-ae85-968bf63f1261\",\"ElasticGpuAssociations\":null,\"LaunchTime\":\"2024-10-31T16:34:55Z\",\"PrivateDnsNameOptions\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true},\"AmiLaunchIndex\":0,\"EnclaveOptions\":{\"Enabled\":false},\"RootVolume\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"Status\":\"attached\",\"VolumeId\":\"vol-03b25da83ec6e8359\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-31T16:34:55Z\",\"DeleteOnTermination\":true}}],\"Hypervisor\":\"xen\",\"PublicIpAddress\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-0f931cb570d325929\",\"GroupName\":\"launch-wizard-131\"}],\"VirtualizationType\":\"hvm\",\"EbsOptimized\":true,\"InstanceType\":\"m6a.2xlarge\",\"RootDeviceName\":\"/dev/xvda\",\"State\":{\"Name\":\"stopped\",\"Code\":80},\"KernelId\":null,\"Licenses\":null,\"PlatformDetails\":\"Linux/UNIX\",\"SriovNetSupport\":null,\"IamInstanceProfile\":null,\"UsageOperationUpdateTime\":\"2024-10-31T16:34:55Z\",\"Region\":\"eu-west-1\",\"RamdiskId\":null,\"VpcId\":\"vpc-6cb55a15\",\"ImageId\":\"ami-00385a401487aefa4\",\"TpmSupport\":null,\"UsageOperation\":\"RunInstances\",\"MetadataOptions\":{\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-05a12421713f8b648\",\"i-05a12421713f8b648\"],\"name\":\"\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\"}},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-00385a401487aefa4\",\"instance_type\":\"m6a.2xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"resource_policies\":[],\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-05a12421713f8b648\"},\"machine\":{\"machine_type\":\"m6a.2xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1b\"},\"network\":{\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-29-165.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.29.165\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-b50028fd\"]},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-033150c6f316e2ad1\",\"i-033150c6f316e2ad1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-033150c6f316e2ad1\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"Task\":\"Cloud Security Posture Management Scanner\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/cspm-single-account/df20e390-96e0-11ef-b64c-0a72966a557b\",\"aws:cloudformation:stack-name\":\"cspm-single-account\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"Name\":\"elastic-agent-instance-df20e390-96e0-11ef-b64c-0a72966a557b\",\"stopped-at\":\"2024-11-19 02:46:25.340517\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},\"raw\":{\"MetadataOptions\":{\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\"},\"NetworkInterfaces\":[{\"SourceDestCheck\":true,\"SubnetId\":\"subnet-7a841e20\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"InterfaceType\":\"interface\",\"MacAddress\":\"0a:c8:a3:b4:60:29\",\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-33-148.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.33.148\"}],\"VpcId\":\"vpc-6cb55a15\",\"Status\":\"in-use\",\"Association\":null,\"NetworkInterfaceId\":\"eni-0f05978387871446d\",\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"172.31.33.148\",\"Attachment\":{\"AttachTime\":\"2024-10-30T17:03:54Z\",\"AttachmentId\":\"eni-attach-0f8d3fac79a539682\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"Groups\":[{\"GroupName\":\"elastic-agent-security-group-df20e390-96e0-11ef-b64c-0a72966a557b\",\"GroupId\":\"sg-09bda1e4d7fd21ad3\"}],\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-33-148.eu-west-1.compute.internal\"}],\"OutpostArn\":null,\"SourceDestCheck\":true,\"TpmSupport\":null,\"HibernationOptions\":{\"Configured\":false},\"Hypervisor\":\"xen\",\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-df20e390-96e0-11ef-b64c-0a72966a557b\",\"Id\":\"AIPA2IBR2EZTHGZ7CEYGO\"},\"Ipv6Address\":null,\"RootVolume\":null,\"EnclaveOptions\":{\"Enabled\":false},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Region\":\"eu-west-1\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"VpcId\":\"vpc-6cb55a15\",\"ElasticInferenceAcceleratorAssociations\":null,\"InstanceId\":\"i-033150c6f316e2ad1\",\"RootDeviceName\":\"/dev/xvda\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-df20e390-96e0-11ef-b64c-0a72966a557b\"},{\"Value\":\"ElasticAgentEc2Instance\",\"Key\":\"aws:cloudformation:logical-id\"},{\"Value\":\"Resource does not meet policy: terminate@2024/12/04\",\"Key\":\"custodian_delete\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/cspm-single-account/df20e390-96e0-11ef-b64c-0a72966a557b\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"cspm-single-account\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"Task\",\"Value\":\"Cloud Security Posture Management Scanner\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:25.340517\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"}],\"ClientToken\":\"37bed622-0af5-7e33-3b27-a0b065753944\",\"EnaSupport\":true,\"RootDeviceType\":\"ebs\",\"ImageId\":\"ami-06ef752578ebe3a28\",\"KernelId\":null,\"KeyName\":null,\"ElasticGpuAssociations\":null,\"InstanceType\":\"m6g.xlarge\",\"PrivateIpAddress\":\"172.31.33.148\",\"PrivateDnsName\":\"ip-172-31-33-148.eu-west-1.compute.internal\",\"ProductCodes\":[],\"CapacityReservationId\":null,\"Licenses\":null,\"Placement\":{\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1c\",\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"GroupId\":null},\"SubnetId\":\"subnet-7a841e20\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"UsageOperation\":\"RunInstances\",\"Architecture\":\"arm64\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"Monitoring\":{\"State\":\"disabled\"},\"PublicDnsName\":\"\",\"SpotInstanceRequestId\":null,\"SriovNetSupport\":null,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"AmiLaunchIndex\":0,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"CurrentInstanceBootMode\":\"uefi\",\"RamdiskId\":null,\"BootMode\":\"uefi\",\"EbsOptimized\":false,\"PlatformDetails\":\"Linux/UNIX\",\"SecurityGroups\":[{\"GroupId\":\"sg-09bda1e4d7fd21ad3\",\"GroupName\":\"elastic-agent-security-group-df20e390-96e0-11ef-b64c-0a72966a557b\"}],\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AttachTime\":\"2024-10-30T17:03:55Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0b4abeebd7e7d6336\",\"VolumeOwnerId\":null,\"AssociatedResource\":null}}],\"LaunchTime\":\"2024-10-30T17:03:54Z\",\"Platform\":\"\",\"PublicIpAddress\":null,\"StateTransitionReason\":\"User initiated (2024-11-01 02:46:45 GMT)\",\"InstanceLifecycle\":\"\",\"UsageOperationUpdateTime\":\"2024-10-30T17:03:54Z\",\"VirtualizationType\":\"hvm\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-033150c6f316e2ad1\",\"i-033150c6f316e2ad1\"],\"name\":\"elastic-agent-instance-df20e390-96e0-11ef-b64c-0a72966a557b\"},\"network\":{\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-33-148.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.33.148\",\"public_dns_name\":\"\"},\"iam\":{\"id\":\"AIPA2IBR2EZTHGZ7CEYGO\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-df20e390-96e0-11ef-b64c-0a72966a557b\"},\"cloud\":{\"organization\":{},\"instance\":{\"id\":\"i-033150c6f316e2ad1\",\"name\":\"elastic-agent-instance-df20e390-96e0-11ef-b64c-0a72966a557b\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-06ef752578ebe3a28\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-08cd19f740140dacd\",\"i-08cd19f740140dacd\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-08cd19f740140dacd\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"name\":\"kuba-logs-0Ht\",\"id\":\"i-08cd19f740140dacd\"},\"machine\":{\"machine_type\":\"c5.4xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\"},\"resource_policies\":[],\"iam\":{\"id\":\"AIPA2IBR2EZTKYFMHPJPM\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"name\":\"kuba-logs-0Ht\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"id\":\"a20a0b76\",\"org\":\"security\",\"project\":\"kubasobon\",\"Name\":\"kuba-logs-0Ht\",\"division\":\"engineering\",\"ec2_type\":\"cspm\",\"owner\":\"kubasobon\",\"provisioner\":\"terraform\",\"team\":\"cloud-security-posture\",\"deployment\":\"kuba-logs\"},\"raw\":{\"LaunchTime\":\"2024-11-19T12:51:49Z\",\"PublicIpAddress\":\"108.129.89.148\",\"SpotInstanceRequestId\":null,\"VirtualizationType\":\"hvm\",\"StateReason\":null,\"ClientToken\":\"A3839BEA-5BFF-43D5-A05C-FC5FDDD1D279\",\"CpuOptions\":{\"CoreCount\":8,\"ThreadsPerCore\":2,\"AmdSevSnp\":\"\"},\"PlatformDetails\":\"Linux/UNIX\",\"RamdiskId\":null,\"State\":{\"Code\":16,\"Name\":\"running\"},\"VpcId\":\"vpc-6cb55a15\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T12:51:50Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-06813345710f32e59\",\"VolumeOwnerId\":null}}],\"BootMode\":\"\",\"InstanceId\":\"i-08cd19f740140dacd\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1,\"HttpTokens\":\"optional\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"ImageId\":\"ami-0a5b3305c37e58e04\",\"Licenses\":null,\"CapacityReservationId\":null,\"InstanceLifecycle\":\"\",\"PrivateDnsName\":\"ip-172-31-34-165.eu-west-1.compute.internal\",\"Tags\":[{\"Key\":\"deployment\",\"Value\":\"kuba-logs\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Value\":\"cspm\",\"Key\":\"ec2_type\"},{\"Value\":\"kubasobon\",\"Key\":\"project\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-0Ht\"},{\"Key\":\"id\",\"Value\":\"a20a0b76\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"Hypervisor\":\"xen\",\"SourceDestCheck\":true,\"ElasticGpuAssociations\":null,\"HibernationOptions\":{\"Configured\":false},\"SriovNetSupport\":null,\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"PublicDnsName\":\"ec2-108-129-89-148.eu-west-1.compute.amazonaws.com\",\"UsageOperationUpdateTime\":\"2024-11-19T12:51:49Z\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"KernelId\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Platform\":\"\",\"EnclaveOptions\":{\"Enabled\":false},\"Placement\":{\"Affinity\":null,\"AvailabilityZone\":\"eu-west-1c\",\"HostId\":null,\"PartitionNumber\":null,\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\"},\"StateTransitionReason\":\"\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"Ipv6Address\":null,\"SubnetId\":\"subnet-7a841e20\",\"RootVolume\":null,\"TpmSupport\":null,\"UsageOperation\":\"RunInstances\",\"RootDeviceType\":\"ebs\",\"Region\":\"eu-west-1\",\"AmiLaunchIndex\":0,\"EnaSupport\":true,\"IamInstanceProfile\":{\"Id\":\"AIPA2IBR2EZTKYFMHPJPM\",\"Arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\"},\"InstanceType\":\"c5.4xlarge\",\"KeyName\":\"cloudbeat-generated-a20a0b76\",\"NetworkInterfaces\":[{\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-014c7fa8b7d658c70\",\"PrivateDnsName\":\"ip-172-31-34-165.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-108-129-89-148.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"108.129.89.148\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-34-165.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.34.165\"}],\"SubnetId\":\"subnet-7a841e20\",\"VpcId\":\"vpc-6cb55a15\",\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T12:51:49Z\",\"AttachmentId\":\"eni-attach-0a07081ac38455ac9\",\"DeleteOnTermination\":true},\"Groups\":[{\"GroupId\":\"sg-00abde86f10b1c9d6\",\"GroupName\":\"terraform-20241119125144311500000001\"}],\"PrivateIpAddress\":\"172.31.34.165\",\"Status\":\"in-use\",\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-108-129-89-148.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"108.129.89.148\"},\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"MacAddress\":\"0a:59:a9:40:a6:d9\",\"SourceDestCheck\":true}],\"PrivateIpAddress\":\"172.31.34.165\",\"OutpostArn\":null,\"ProductCodes\":[],\"RootDeviceName\":\"/dev/sda1\",\"SecurityGroups\":[{\"GroupId\":\"sg-00abde86f10b1c9d6\",\"GroupName\":\"terraform-20241119125144311500000001\"}],\"Architecture\":\"x86_64\",\"EbsOptimized\":false,\"ElasticInferenceAcceleratorAssociations\":null,\"Monitoring\":{\"State\":\"disabled\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-08cd19f740140dacd\",\"i-08cd19f740140dacd\"]},\"host\":{\"instance_type\":\"c5.4xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0a5b3305c37e58e04\"},\"network\":{\"private_ip_address\":\"172.31.34.165\",\"public_dns_name\":\"ec2-108-129-89-148.eu-west-1.compute.amazonaws.com\",\"public_ip_address\":\"108.129.89.148\",\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-34-165.eu-west-1.compute.internal\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"network\":{\"public_dns_name\":\"ec2-176-34-66-193.eu-west-1.compute.amazonaws.com\",\"public_ip_address\":\"176.34.66.193\",\"subnet_ids\":[\"subnet-7a841e20\"],\"network_id\":\"vpc-6cb55a15\",\"private_dns_name\":\"ip-172-31-37-71.eu-west-1.compute.internal\",\"private_ip_address\":\"172.31.37.71\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0c0221e9384b6c064\",\"i-0c0221e9384b6c064\"],\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-0a5b3305c37e58e04\",\"instance_type\":\"c5.4xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"iam\":{\"id\":\"AIPA2IBR2EZTKYFMHPJPM\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0c0221e9384b6c064\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"owner\":\"kubasobon\",\"project\":\"kubasobon\",\"provisioner\":\"terraform\",\"Name\":\"kuba-logs-0Ht\",\"deployment\":\"kuba-logs\",\"ec2_type\":\"asset_inventory\",\"id\":\"4a6fec6c\",\"division\":\"engineering\",\"org\":\"security\",\"team\":\"cloud-security-posture\"},\"raw\":{\"BootMode\":\"\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"KeyName\":\"cloudbeat-generated-4a6fec6c\",\"Platform\":\"\",\"PlatformDetails\":\"Linux/UNIX\",\"SubnetId\":\"subnet-7a841e20\",\"ClientToken\":\"63E07671-7C82-41E4-B1FE-4C890FCA29D0\",\"Hypervisor\":\"xen\",\"InstanceLifecycle\":\"\",\"RootDeviceName\":\"/dev/sda1\",\"SecurityGroups\":[{\"GroupId\":\"sg-09e20af82b07b134a\",\"GroupName\":\"terraform-20241119125144321500000002\"}],\"VpcId\":\"vpc-6cb55a15\",\"EbsOptimized\":false,\"OutpostArn\":null,\"SpotInstanceRequestId\":null,\"HibernationOptions\":{\"Configured\":false},\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/ec2-role-with-security-audit\",\"Id\":\"AIPA2IBR2EZTKYFMHPJPM\"},\"InstanceType\":\"c5.4xlarge\",\"PrivateIpAddress\":\"172.31.37.71\",\"ProductCodes\":[],\"CapacityReservationId\":null,\"InstanceId\":\"i-0c0221e9384b6c064\",\"Placement\":{\"AvailabilityZone\":\"eu-west-1c\",\"GroupName\":\"\",\"HostId\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"GroupId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null},\"StateReason\":null,\"TpmSupport\":null,\"UsageOperation\":\"RunInstances\",\"Region\":\"eu-west-1\",\"AmiLaunchIndex\":0,\"Licenses\":null,\"State\":{\"Code\":16,\"Name\":\"running\"},\"Tags\":[{\"Value\":\"4a6fec6c\",\"Key\":\"id\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Key\":\"project\",\"Value\":\"kubasobon\"},{\"Value\":\"kuba-logs-0Ht\",\"Key\":\"Name\"},{\"Key\":\"deployment\",\"Value\":\"kuba-logs\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"ec2_type\",\"Value\":\"asset_inventory\"}],\"UsageOperationUpdateTime\":\"2024-11-19T12:51:49Z\",\"ElasticGpuAssociations\":null,\"PublicDnsName\":\"ec2-176-34-66-193.eu-west-1.compute.amazonaws.com\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1,\"HttpTokens\":\"optional\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"PrivateDnsName\":\"ip-172-31-37-71.eu-west-1.compute.internal\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"RamdiskId\":null,\"ImageId\":\"ami-0a5b3305c37e58e04\",\"NetworkInterfaces\":[{\"Ipv6Prefixes\":null,\"SubnetId\":\"subnet-7a841e20\",\"MacAddress\":\"0a:a2:64:ac:66:0b\",\"PrivateIpAddress\":\"172.31.37.71\",\"PrivateIpAddresses\":[{\"Association\":{\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-176-34-66-193.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"176.34.66.193\",\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-37-71.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.37.71\"}],\"VpcId\":\"vpc-6cb55a15\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-37-71.eu-west-1.compute.internal\",\"Status\":\"in-use\",\"Groups\":[{\"GroupId\":\"sg-09e20af82b07b134a\",\"GroupName\":\"terraform-20241119125144321500000002\"}],\"Ipv6Addresses\":[],\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-0cdc24e02f8882c12\",\"SourceDestCheck\":true,\"Association\":{\"PublicDnsName\":\"ec2-176-34-66-193.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"176.34.66.193\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T12:51:49Z\",\"AttachmentId\":\"eni-attach-0603dd1db2814b714\",\"DeleteOnTermination\":true}}],\"SourceDestCheck\":true,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-11-19T12:51:50Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-000a4c57f51315b54\",\"VolumeOwnerId\":null}}],\"EnclaveOptions\":{\"Enabled\":false},\"RootDeviceType\":\"ebs\",\"SriovNetSupport\":null,\"VirtualizationType\":\"hvm\",\"CpuOptions\":{\"CoreCount\":8,\"ThreadsPerCore\":2,\"AmdSevSnp\":\"\"},\"EnaSupport\":true,\"Ipv6Address\":null,\"LaunchTime\":\"2024-11-19T12:51:49Z\",\"Monitoring\":{\"State\":\"disabled\"},\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PublicIpAddress\":\"176.34.66.193\",\"RootVolume\":null,\"ElasticInferenceAcceleratorAssociations\":null,\"KernelId\":null,\"StateTransitionReason\":\"\",\"Architecture\":\"x86_64\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:ec2/i-0c0221e9384b6c064\",\"i-0c0221e9384b6c064\"],\"name\":\"kuba-logs-0Ht\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"eu-west-1c\",\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0c0221e9384b6c064\",\"name\":\"kuba-logs-0Ht\"},\"machine\":{\"machine_type\":\"c5.4xlarge\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"machine\":{\"machine_type\":\"t4g.2xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-1c\",\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"instance\":{\"name\":\"orestis-onweek-node-1\",\"id\":\"i-0a77491c9b1393ec8\"}},\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-0eac975a54dfee8cb\",\"instance_type\":\"t4g.2xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"public_ip_address\":\"100.27.136.248\",\"subnet_ids\":[\"subnet-8bdf6bc6\"],\"network_id\":\"vpc-73d2e309\",\"private_dns_name\":\"ip-172-31-23-246.ec2.internal\",\"private_ip_address\":\"172.31.23.246\",\"public_dns_name\":\"ec2-100-27-136-248.compute-1.amazonaws.com\"},\"resource_policies\":[],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0a77491c9b1393ec8\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0a77491c9b1393ec8\",\"i-0a77491c9b1393ec8\"],\"asset\":{\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"orestis-onweek-node-1\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:45:59.771695\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},\"raw\":{\"LaunchTime\":\"2024-05-16T10:50:25Z\",\"ProductCodes\":[],\"RootDeviceName\":\"/dev/sda1\",\"SourceDestCheck\":true,\"TpmSupport\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"SpotInstanceRequestId\":null,\"ElasticGpuAssociations\":null,\"Licenses\":null,\"Monitoring\":{\"State\":\"disabled\"},\"PrivateIpAddress\":\"172.31.23.246\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"ClientToken\":\"2d21b1b1-21a3-4b65-810b-5ff9f1e48897\",\"Hypervisor\":\"xen\",\"Placement\":{\"AvailabilityZone\":\"us-east-1c\",\"HostId\":null,\"SpreadDomain\":null,\"Affinity\":null,\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\"},\"SriovNetSupport\":null,\"Region\":\"us-east-1\",\"CpuOptions\":{\"CoreCount\":8,\"ThreadsPerCore\":1,\"AmdSevSnp\":\"\"},\"VpcId\":\"vpc-73d2e309\",\"RootVolume\":null,\"BootMode\":\"uefi\",\"HibernationOptions\":{\"Configured\":false},\"InstanceType\":\"t4g.2xlarge\",\"PlatformDetails\":\"Linux/UNIX\",\"RamdiskId\":null,\"Tags\":[{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"Name\",\"Value\":\"orestis-onweek-node-1\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:45:59.771695\"}],\"EbsOptimized\":true,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"UsageOperation\":\"RunInstances\",\"Ipv6Address\":null,\"PublicDnsName\":\"ec2-100-27-136-248.compute-1.amazonaws.com\",\"VirtualizationType\":\"hvm\",\"IamInstanceProfile\":null,\"RootDeviceType\":\"ebs\",\"ElasticInferenceAcceleratorAssociations\":null,\"NetworkInterfaces\":[{\"Groups\":[{\"GroupId\":\"sg-0e216cd0fdb8e7d68\",\"GroupName\":\"orestis-onweek\"}],\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-088febaeb5ff279d6\",\"PrivateIpAddress\":\"172.31.23.246\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-8bdf6bc6\",\"VpcId\":\"vpc-73d2e309\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-23-246.ec2.internal\",\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-100-27-136-248.compute-1.amazonaws.com\",\"PublicIp\":\"100.27.136.248\",\"CarrierIp\":null},\"MacAddress\":\"0a:ff:fb:09:11:57\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-23-246.ec2.internal\",\"PrivateIpAddress\":\"172.31.23.246\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-100-27-136-248.compute-1.amazonaws.com\",\"PublicIp\":\"100.27.136.248\"}}],\"Status\":\"in-use\",\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-05-02T14:56:48Z\",\"AttachmentId\":\"eni-attach-04114abbe44f790d9\"},\"Ipv6Prefixes\":null}],\"PublicIpAddress\":\"100.27.136.248\",\"SubnetId\":\"subnet-8bdf6bc6\",\"InstanceLifecycle\":\"\",\"KeyName\":\"ofloros-us-east-1\",\"OutpostArn\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-05-02T14:56:48Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0eb37d1fd3eb3934f\",\"VolumeOwnerId\":null}}],\"InstanceId\":\"i-0a77491c9b1393ec8\",\"KernelId\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-0e216cd0fdb8e7d68\",\"GroupName\":\"orestis-onweek\"}],\"UsageOperationUpdateTime\":\"2024-05-02T14:56:48Z\",\"StateTransitionReason\":\"User initiated (2024-05-17 02:24:05 GMT)\",\"AmiLaunchIndex\":0,\"Architecture\":\"arm64\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"CurrentInstanceBootMode\":\"uefi\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"PrivateDnsName\":\"ip-172-31-23-246.ec2.internal\",\"ImageId\":\"ami-0eac975a54dfee8cb\",\"Platform\":\"\",\"CapacityReservationId\":null,\"EnaSupport\":true,\"EnclaveOptions\":{\"Enabled\":false},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0a77491c9b1393ec8\",\"i-0a77491c9b1393ec8\"],\"name\":\"orestis-onweek-node-1\",\"category\":\"infrastructure\",\"sub_category\":\"compute\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.085+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0dfdf8d70ea3f391f\",\"i-0dfdf8d70ea3f391f\"],\"asset\":{\"id\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0dfdf8d70ea3f391f\",\"i-0dfdf8d70ea3f391f\"],\"name\":\"orestis-onweek-node-2\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:45:59.771695\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"orestis-onweek-node-2\"},\"raw\":{\"PublicIpAddress\":\"44.223.163.119\",\"EnclaveOptions\":{\"Enabled\":false},\"PrivateIpAddress\":\"172.31.25.54\",\"Placement\":{\"AvailabilityZone\":\"us-east-1c\",\"GroupId\":null,\"HostResourceGroupArn\":null,\"Affinity\":null,\"GroupName\":\"\",\"HostId\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\"},\"Hypervisor\":\"xen\",\"KeyName\":\"ofloros-us-east-1\",\"Ipv6Address\":null,\"LaunchTime\":\"2024-05-16T10:50:25Z\",\"NetworkInterfaces\":[{\"SubnetId\":\"subnet-8bdf6bc6\",\"VpcId\":\"vpc-73d2e309\",\"Association\":{\"PublicDnsName\":\"ec2-44-223-163-119.compute-1.amazonaws.com\",\"PublicIp\":\"44.223.163.119\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\"},\"Attachment\":{\"Status\":\"attached\",\"AttachTime\":\"2024-05-02T14:55:58Z\",\"AttachmentId\":\"eni-attach-021dbb7cf91c9fa2e\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0},\"PrivateIpAddresses\":[{\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-44-223-163-119.compute-1.amazonaws.com\",\"PublicIp\":\"44.223.163.119\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-25-54.ec2.internal\",\"PrivateIpAddress\":\"172.31.25.54\"}],\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:ff:df:be:92:31\",\"PrivateDnsName\":\"ip-172-31-25-54.ec2.internal\",\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-0e216cd0fdb8e7d68\",\"GroupName\":\"orestis-onweek\"}],\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.25.54\",\"Status\":\"in-use\",\"NetworkInterfaceId\":\"eni-0f318e12e44df57d5\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null}],\"RootDeviceName\":\"/dev/xvda\",\"AmiLaunchIndex\":0,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":1},\"MetadataOptions\":{\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\"},\"RamdiskId\":null,\"InstanceLifecycle\":\"\",\"KernelId\":null,\"Licenses\":null,\"PublicDnsName\":\"ec2-44-223-163-119.compute-1.amazonaws.com\",\"RootDeviceType\":\"ebs\",\"SpotInstanceRequestId\":null,\"HibernationOptions\":{\"Configured\":false},\"ImageId\":\"ami-0092a7ee6b8b2222a\",\"SubnetId\":\"subnet-8bdf6bc6\",\"ElasticGpuAssociations\":null,\"ProductCodes\":[],\"SourceDestCheck\":true,\"RootVolume\":null,\"ClientToken\":\"bc72fc23-8dfd-404f-ad04-657e595ac048\",\"CurrentInstanceBootMode\":\"uefi\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"VpcId\":\"vpc-73d2e309\",\"UsageOperation\":\"RunInstances\",\"BootMode\":\"uefi\",\"InstanceId\":\"i-0dfdf8d70ea3f391f\",\"Monitoring\":{\"State\":\"disabled\"},\"SecurityGroups\":[{\"GroupId\":\"sg-0e216cd0fdb8e7d68\",\"GroupName\":\"orestis-onweek\"}],\"VirtualizationType\":\"hvm\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"Status\":\"attached\",\"VolumeId\":\"vol-02208a6214b9aa7e5\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-05-02T14:55:59Z\",\"DeleteOnTermination\":true}}],\"CapacityReservationId\":null,\"InstanceType\":\"c6g.medium\",\"OutpostArn\":null,\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"TpmSupport\":null,\"Region\":\"us-east-1\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"EnaSupport\":true,\"PrivateDnsName\":\"ip-172-31-25-54.ec2.internal\",\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"StateTransitionReason\":\"User initiated (2024-05-17 02:24:05 GMT)\",\"IamInstanceProfile\":null,\"PlatformDetails\":\"Linux/UNIX\",\"EbsOptimized\":true,\"Tags\":[{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:45:59.771695\"},{\"Key\":\"Name\",\"Value\":\"orestis-onweek-node-2\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"}],\"Platform\":\"\",\"SriovNetSupport\":null,\"UsageOperationUpdateTime\":\"2024-05-02T14:55:58Z\",\"Architecture\":\"arm64\",\"ElasticInferenceAcceleratorAssociations\":null}},\"cloud\":{\"machine\":{\"machine_type\":\"c6g.medium\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-1c\",\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0dfdf8d70ea3f391f\",\"name\":\"orestis-onweek-node-2\"}},\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-0092a7ee6b8b2222a\",\"instance_type\":\"c6g.medium\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0dfdf8d70ea3f391f\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"network\":{\"network_id\":\"vpc-73d2e309\",\"private_dns_name\":\"ip-172-31-25-54.ec2.internal\",\"private_ip_address\":\"172.31.25.54\",\"public_dns_name\":\"ec2-44-223-163-119.compute-1.amazonaws.com\",\"public_ip_address\":\"44.223.163.119\",\"subnet_ids\":[\"subnet-8bdf6bc6\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:ec2/i-099968d1110a8d149\":{\"type\":\"virtual-machine\",\"category\":\"infrastructure\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-099968d1110a8d149\",\"i-099968d1110a8d149\"],\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"stopped-at\":\"2024-11-19 02:45:59.771695\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"aws:cloudformation:stack-name\":\"CSP-Paulo-QA-813-BC1\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"elastic-agent-instance-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\",\"Task\":\"Cloud Security Posture Management Scanner\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:us-east-1:704479110758:stack/CSP-Paulo-QA-813-BC1/ea3d0490-0327-11ef-bfb0-0ed250d4eab7\"},\"raw\":{\"ClientToken\":\"987be840-6d9f-fc57-f161-67b762e1ff96\",\"RootDeviceType\":\"ebs\",\"SourceDestCheck\":true,\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"CapacityReservationId\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"CurrentInstanceBootMode\":\"uefi\",\"ElasticInferenceAcceleratorAssociations\":null,\"EnaSupport\":true,\"Ipv6Address\":null,\"Placement\":{\"AvailabilityZone\":\"us-east-1f\",\"GroupId\":null,\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Affinity\":null,\"GroupName\":\"\",\"SpreadDomain\":null,\"Tenancy\":\"default\"},\"PublicDnsName\":\"\",\"VpcId\":\"vpc-73d2e309\",\"Region\":\"us-east-1\",\"InstanceLifecycle\":\"\",\"Hypervisor\":\"xen\",\"Monitoring\":{\"State\":\"disabled\"},\"ElasticGpuAssociations\":null,\"NetworkInterfaces\":[{\"Description\":\"\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.55.96\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-55-96.ec2.internal\",\"PrivateIpAddress\":\"172.31.55.96\"}],\"SubnetId\":\"subnet-bf6ab5b1\",\"Association\":null,\"Groups\":[{\"GroupId\":\"sg-0eb5d6011d232e16e\",\"GroupName\":\"elastic-agent-security-group-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\"}],\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-55-96.ec2.internal\",\"MacAddress\":\"16:ff:f0:16:3b:5b\",\"Status\":\"in-use\",\"VpcId\":\"vpc-73d2e309\",\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-04-25T17:19:37Z\",\"AttachmentId\":\"eni-attach-0ec8a594b61836670\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"ConnectionTrackingConfiguration\":null,\"NetworkInterfaceId\":\"eni-034bde1a09b5d9fa3\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true}],\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-04-25T17:19:38Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-05ece48f6b99b0cbd\"}}],\"BootMode\":\"uefi\",\"KernelId\":null,\"Licenses\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PlatformDetails\":\"Linux/UNIX\",\"ProductCodes\":[],\"InstanceId\":\"i-099968d1110a8d149\",\"InstanceType\":\"m6g.xlarge\",\"EnclaveOptions\":{\"Enabled\":false},\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-31-55-96.ec2.internal\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"RootDeviceName\":\"/dev/xvda\",\"PublicIpAddress\":null,\"Architecture\":\"arm64\",\"SriovNetSupport\":null,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"VirtualizationType\":\"hvm\",\"AmiLaunchIndex\":0,\"EbsOptimized\":false,\"ImageId\":\"ami-010b62b2204918052\",\"LaunchTime\":\"2024-04-25T17:19:37Z\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"SecurityGroups\":[{\"GroupId\":\"sg-0eb5d6011d232e16e\",\"GroupName\":\"elastic-agent-security-group-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\"}],\"StateTransitionReason\":\"User initiated (2024-04-27 02:19:42 GMT)\",\"IamInstanceProfile\":{\"Id\":\"AIPA2IBR2EZTFWMY676JM\",\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\"},\"PrivateIpAddress\":\"172.31.55.96\",\"TpmSupport\":null,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"RamdiskId\":null,\"SpotInstanceRequestId\":null,\"SubnetId\":\"subnet-bf6ab5b1\",\"RootVolume\":null,\"HibernationOptions\":{\"Configured\":false},\"KeyName\":null,\"Platform\":\"\",\"Tags\":[{\"Key\":\"Task\",\"Value\":\"Cloud Security Posture Management Scanner\"},{\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Key\":\"stopped-by\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"CSP-Paulo-QA-813-BC1\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\"},{\"Value\":\"arn:aws:cloudformation:us-east-1:704479110758:stack/CSP-Paulo-QA-813-BC1/ea3d0490-0327-11ef-bfb0-0ed250d4eab7\",\"Key\":\"aws:cloudformation:stack-id\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:45:59.771695\"}],\"UsageOperation\":\"RunInstances\",\"UsageOperationUpdateTime\":\"2024-04-25T17:19:37Z\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-099968d1110a8d149\",\"i-099968d1110a8d149\"],\"name\":\"elastic-agent-instance-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\",\"category\":\"infrastructure\",\"sub_category\":\"compute\"},\"cloud\":{\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-1f\",\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-099968d1110a8d149\",\"name\":\"elastic-agent-instance-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"}},\"host\":{\"platform_details\":\"Linux/UNIX\",\"architecture\":\"arm64\",\"imageId\":\"ami-010b62b2204918052\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\"},\"network\":{\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-bf6ab5b1\"],\"network_id\":\"vpc-73d2e309\",\"private_dns_name\":\"ip-172-31-55-96.ec2.internal\",\"private_ip_address\":\"172.31.55.96\"},\"iam\":{\"id\":\"AIPA2IBR2EZTFWMY676JM\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"machine\":{\"machine_type\":\"t2.large\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-1e\",\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-05c0f5c23428eb2f9\",\"name\":\"orz_811_shared_creds_proc\"}},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-05c0f5c23428eb2f9\",\"i-05c0f5c23428eb2f9\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:ec2/i-05c0f5c23428eb2f9\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"tags\":{\"stopped-at\":\"2024-11-19 02:45:59.771695\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"orz_811_shared_creds_proc\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\"},\"raw\":{\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"ElasticGpuAssociations\":null,\"InstanceType\":\"t2.large\",\"Licenses\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateIpAddress\":\"172.31.65.89\",\"RamdiskId\":null,\"BootMode\":\"uefi-preferred\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"ProductCodes\":[],\"RootVolume\":null,\"Placement\":{\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"Affinity\":null,\"AvailabilityZone\":\"us-east-1e\",\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null,\"Tenancy\":\"default\"},\"InstanceId\":\"i-05c0f5c23428eb2f9\",\"OutpostArn\":null,\"Architecture\":\"x86_64\",\"UsageOperation\":\"RunInstances\",\"Region\":\"us-east-1\",\"RootDeviceName\":\"/dev/xvda\",\"SpotInstanceRequestId\":null,\"StateReason\":{\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\",\"Code\":\"Client.UserInitiatedShutdown\"},\"SecurityGroups\":[{\"GroupId\":\"sg-0458bbec1fdae9123\",\"GroupName\":\"launch-wizard-15\"}],\"ElasticInferenceAcceleratorAssociations\":null,\"KernelId\":null,\"NetworkInterfaces\":[{\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-06-06T08:32:20Z\",\"AttachmentId\":\"eni-attach-0d5cdb9472a71d04d\"},\"Groups\":[{\"GroupId\":\"sg-0458bbec1fdae9123\",\"GroupName\":\"launch-wizard-15\"}],\"Ipv6Addresses\":[],\"PrivateDnsName\":\"ip-172-31-65-89.ec2.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-65-89.ec2.internal\",\"PrivateIpAddress\":\"172.31.65.89\"}],\"VpcId\":\"vpc-73d2e309\",\"NetworkInterfaceId\":\"eni-0c6b09613e31ec7b4\",\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-37391109\",\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.31.65.89\",\"Association\":null,\"Description\":\"\",\"InterfaceType\":\"interface\",\"MacAddress\":\"06:fa:1a:f0:3a:6f\",\"SourceDestCheck\":true,\"Status\":\"in-use\"}],\"BlockDeviceMappings\":[{\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-06-06T08:32:20Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0378cec410f3aac98\",\"VolumeOwnerId\":null},\"DeviceName\":\"/dev/xvda\"}],\"Monitoring\":{\"State\":\"disabled\"},\"PublicDnsName\":\"\",\"SourceDestCheck\":true,\"SriovNetSupport\":null,\"TpmSupport\":null,\"VirtualizationType\":\"hvm\",\"HibernationOptions\":{\"Configured\":false},\"PlatformDetails\":\"Linux/UNIX\",\"UsageOperationUpdateTime\":\"2024-06-06T08:32:20Z\",\"CapacityReservationId\":null,\"StateTransitionReason\":\"User initiated (2024-06-08 02:46:02 GMT)\",\"Hypervisor\":\"xen\",\"ImageId\":\"ami-00beae93a2d981137\",\"LaunchTime\":\"2024-06-06T08:32:20Z\",\"SubnetId\":\"subnet-37391109\",\"Tags\":[{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Value\":\"2024-11-19 02:45:59.771695\",\"Key\":\"stopped-at\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"Name\",\"Value\":\"orz_811_shared_creds_proc\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"}],\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"InstanceLifecycle\":\"\",\"EnaSupport\":true,\"KeyName\":\"orz_kp\",\"EbsOptimized\":false,\"MetadataOptions\":{\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\"},\"PublicIpAddress\":null,\"RootDeviceType\":\"ebs\",\"VpcId\":\"vpc-73d2e309\",\"ClientToken\":\"09a0153b-bdff-4cda-828a-6d4fd4c106fd\",\"Ipv6Address\":null,\"Platform\":\"\",\"EnclaveOptions\":{\"Enabled\":false},\"CurrentInstanceBootMode\":\"legacy-bios\",\"IamInstanceProfile\":null,\"PrivateDnsName\":\"ip-172-31-65-89.ec2.internal\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"AmiLaunchIndex\":0},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-05c0f5c23428eb2f9\",\"i-05c0f5c23428eb2f9\"],\"name\":\"orz_811_shared_creds_proc\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"},\"host\":{\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-00beae93a2d981137\",\"instance_type\":\"t2.large\",\"platform\":\"\"},\"network\":{\"subnet_ids\":[\"subnet-37391109\"],\"network_id\":\"vpc-73d2e309\",\"private_dns_name\":\"ip-172-31-65-89.ec2.internal\",\"private_ip_address\":\"172.31.65.89\",\"public_dns_name\":\"\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-03211b0335accab56\",\"i-03211b0335accab56\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:ec2/i-03211b0335accab56\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"network\":{\"network_id\":\"vpc-73d2e309\",\"private_dns_name\":\"ip-172-31-28-104.ec2.internal\",\"private_ip_address\":\"172.31.28.104\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-8bdf6bc6\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"division\":\"engineering\",\"name\":\"cloudtrail-event-test\",\"org\":\"security\",\"project\":\"romuloproject\",\"team\":\"cloud\"},\"raw\":{\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":2},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Monitoring\":{\"State\":\"disabled\"},\"PrivateDnsName\":\"ip-172-31-28-104.ec2.internal\",\"Tags\":[{\"Value\":\"cloud\",\"Key\":\"team\"},{\"Key\":\"name\",\"Value\":\"cloudtrail-event-test\"},{\"Key\":\"project\",\"Value\":\"romuloproject\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"ElasticInferenceAcceleratorAssociations\":null,\"ImageId\":\"ami-0fffbffa9152d137e\",\"InstanceType\":\"m5.large\",\"KernelId\":null,\"OutpostArn\":null,\"RootDeviceType\":\"ebs\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-10-14T11:56:50Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0763b98e65e2e252b\",\"VolumeOwnerId\":null}}],\"EbsOptimized\":false,\"EnclaveOptions\":{\"Enabled\":false},\"SubnetId\":\"subnet-8bdf6bc6\",\"Placement\":{\"PartitionNumber\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"GroupId\":null,\"HostId\":null,\"AvailabilityZone\":\"us-east-1c\",\"GroupName\":\"\",\"HostResourceGroupArn\":null},\"ProductCodes\":[],\"PublicIpAddress\":null,\"RamdiskId\":null,\"Architecture\":\"x86_64\",\"IamInstanceProfile\":null,\"EnaSupport\":true,\"LaunchTime\":\"2024-10-14T11:56:49Z\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"VirtualizationType\":\"hvm\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"InstanceId\":\"i-03211b0335accab56\",\"RootDeviceName\":\"/dev/xvda\",\"UsageOperation\":\"RunInstances\",\"RootVolume\":null,\"UsageOperationUpdateTime\":\"2024-10-14T11:56:49Z\",\"BootMode\":\"\",\"CapacityReservationId\":null,\"ClientToken\":\"8bf805ca-f6df-4810-93e5-ac49bd9109ca\",\"ElasticGpuAssociations\":null,\"Hypervisor\":\"xen\",\"Ipv6Address\":null,\"Platform\":\"\",\"VpcId\":\"vpc-73d2e309\",\"PrivateIpAddress\":\"172.31.28.104\",\"PlatformDetails\":\"Linux/UNIX\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SpotInstanceRequestId\":null,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"TpmSupport\":null,\"AmiLaunchIndex\":0,\"HibernationOptions\":{\"Configured\":false},\"SecurityGroups\":[{\"GroupId\":\"sg-4e483165\",\"GroupName\":\"default\"}],\"StateTransitionReason\":\"User initiated (2024-10-14 12:00:56 GMT)\",\"SourceDestCheck\":true,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"InstanceLifecycle\":\"\",\"KeyName\":null,\"Licenses\":null,\"NetworkInterfaces\":[{\"Description\":\"\",\"MacAddress\":\"0a:ff:d1:3b:2f:15\",\"Status\":\"in-use\",\"SubnetId\":\"subnet-8bdf6bc6\",\"VpcId\":\"vpc-73d2e309\",\"Association\":null,\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-0636444b03046a6e5\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-28-104.ec2.internal\",\"Groups\":[{\"GroupId\":\"sg-4e483165\",\"GroupName\":\"default\"}],\"PrivateIpAddress\":\"172.31.28.104\",\"SourceDestCheck\":true,\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-14T11:56:49Z\",\"AttachmentId\":\"eni-attach-01eb62d8ea0e05e79\",\"DeleteOnTermination\":true},\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-28-104.ec2.internal\",\"PrivateIpAddress\":\"172.31.28.104\"}]}],\"PublicDnsName\":\"\",\"MetadataOptions\":{\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1,\"HttpTokens\":\"optional\",\"InstanceMetadataTags\":\"disabled\"},\"SriovNetSupport\":null,\"Region\":\"us-east-1\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-03211b0335accab56\",\"i-03211b0335accab56\"],\"name\":\"\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-1c\",\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-03211b0335accab56\"},\"machine\":{\"machine_type\":\"m5.large\"}},\"host\":{\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0fffbffa9152d137e\",\"instance_type\":\"m5.large\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-084fb4233aaf2e60f\",\"i-084fb4233aaf2e60f\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:ec2/i-084fb4233aaf2e60f\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"sub_type\":\"ec2-instance\",\"tags\":{\"division\":\"engineering\",\"name\":\"cloudtrail-event-test\",\"org\":\"security\",\"project\":\"romuloproject\",\"team\":\"cloud\"},\"raw\":{\"PrivateDnsName\":\"ip-172-31-42-220.ec2.internal\",\"PublicIpAddress\":null,\"SourceDestCheck\":true,\"Region\":\"us-east-1\",\"AmiLaunchIndex\":0,\"EbsOptimized\":false,\"ElasticInferenceAcceleratorAssociations\":null,\"PrivateIpAddress\":\"172.31.42.220\",\"StateTransitionReason\":\"User initiated (2024-10-14 09:09:33 GMT)\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"LaunchTime\":\"2024-10-14T09:04:55Z\",\"PublicDnsName\":\"\",\"SriovNetSupport\":null,\"RootVolume\":null,\"InstanceId\":\"i-084fb4233aaf2e60f\",\"Monitoring\":{\"State\":\"disabled\"},\"Platform\":\"\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SpotInstanceRequestId\":null,\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"TpmSupport\":null,\"CapacityReservationId\":null,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":1},\"UsageOperationUpdateTime\":\"2024-10-14T09:04:55Z\",\"BootMode\":\"\",\"ClientToken\":\"f2637a83-6dd9-43d5-a613-a280e92c473e\",\"Ipv6Address\":null,\"KernelId\":null,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"SubnetId\":\"subnet-c4bf5e9b\",\"VirtualizationType\":\"hvm\",\"Architecture\":\"x86_64\",\"ElasticGpuAssociations\":null,\"EnaSupport\":true,\"EnclaveOptions\":{\"Enabled\":false},\"KeyName\":null,\"NetworkInterfaces\":[{\"PrivateIpAddress\":\"172.31.42.220\",\"Status\":\"in-use\",\"PrivateDnsName\":\"ip-172-31-42-220.ec2.internal\",\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"Association\":null,\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-4e483165\",\"GroupName\":\"default\"}],\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-42-220.ec2.internal\",\"PrivateIpAddress\":\"172.31.42.220\"}],\"Attachment\":{\"AttachmentId\":\"eni-attach-072f1fe0c20e169da\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-14T09:04:55Z\"},\"Ipv6Prefixes\":null,\"MacAddress\":\"0e:8b:3a:3b:b5:e9\",\"NetworkInterfaceId\":\"eni-0a5842d62f18ab237\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-c4bf5e9b\",\"VpcId\":\"vpc-73d2e309\",\"InterfaceType\":\"interface\"}],\"UsageOperation\":\"RunInstances\",\"InstanceType\":\"t1.micro\",\"BlockDeviceMappings\":[{\"Ebs\":{\"VolumeId\":\"vol-001952d691670b5ad\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-14T09:04:56Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\"},\"DeviceName\":\"/dev/xvda\"}],\"HibernationOptions\":{\"Configured\":false},\"Hypervisor\":\"xen\",\"SecurityGroups\":[{\"GroupName\":\"default\",\"GroupId\":\"sg-4e483165\"}],\"IamInstanceProfile\":null,\"PlatformDetails\":\"Linux/UNIX\",\"RootDeviceType\":\"ebs\",\"InstanceLifecycle\":\"\",\"ProductCodes\":[],\"RootDeviceName\":\"/dev/xvda\",\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Value\":\"cloudtrail-event-test\",\"Key\":\"name\"},{\"Key\":\"team\",\"Value\":\"cloud\"},{\"Value\":\"romuloproject\",\"Key\":\"project\"}],\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ImageId\":\"ami-0fffbffa9152d137e\",\"RamdiskId\":null,\"VpcId\":\"vpc-73d2e309\",\"Licenses\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1,\"HttpTokens\":\"optional\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"OutpostArn\":null,\"Placement\":{\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"us-east-1d\",\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"HostId\":null,\"SpreadDomain\":null}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-084fb4233aaf2e60f\",\"i-084fb4233aaf2e60f\"],\"name\":\"\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-084fb4233aaf2e60f\"},\"machine\":{\"machine_type\":\"t1.micro\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-1d\"},\"host\":{\"instance_type\":\"t1.micro\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0fffbffa9152d137e\"},\"network\":{\"network_id\":\"vpc-73d2e309\",\"private_dns_name\":\"ip-172-31-42-220.ec2.internal\",\"private_ip_address\":\"172.31.42.220\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-c4bf5e9b\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:ec2/i-060467a2500d7a8a5\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-060467a2500d7a8a5\",\"name\":\"tin-demo-instance-cspm\"},\"machine\":{\"machine_type\":\"t2.large\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-1b\",\"provider\":\"aws\"},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-06b21ccaeff8cd686\",\"instance_type\":\"t2.large\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"private_dns_name\":\"ip-172-31-92-40.ec2.internal\",\"private_ip_address\":\"172.31.92.40\",\"public_dns_name\":\"ec2-18-234-79-103.compute-1.amazonaws.com\",\"public_ip_address\":\"18.234.79.103\",\"subnet_ids\":[\"subnet-fee506df\"],\"network_id\":\"vpc-73d2e309\"},\"resource_policies\":[],\"asset\":{\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"tin-demo-instance-cspm\",\"division\":\"engineering\",\"org\":\"security\",\"project\":\"AWS re:Invent demo\",\"team\":\"cloud-security\"},\"raw\":{\"PrivateDnsName\":\"ip-172-31-92-40.ec2.internal\",\"State\":{\"Code\":16,\"Name\":\"running\"},\"TpmSupport\":null,\"UsageOperation\":\"RunInstances\",\"UsageOperationUpdateTime\":\"2024-10-15T21:39:16Z\",\"EnaSupport\":true,\"EnclaveOptions\":{\"Enabled\":false},\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"Tags\":[{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"AWS re:Invent demo\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"Name\",\"Value\":\"tin-demo-instance-cspm\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"}],\"BootMode\":\"uefi-preferred\",\"PlatformDetails\":\"Linux/UNIX\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"PublicDnsName\":\"ec2-18-234-79-103.compute-1.amazonaws.com\",\"ImageId\":\"ami-06b21ccaeff8cd686\",\"HibernationOptions\":{\"Configured\":false},\"InstanceType\":\"t2.large\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"Ipv6Address\":null,\"RootVolume\":null,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"InstanceLifecycle\":\"\",\"OutpostArn\":null,\"SubnetId\":\"subnet-fee506df\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"VolumeId\":\"vol-004657f93d7ade26c\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-15T21:39:17Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\"}}],\"LaunchTime\":\"2024-10-15T21:39:16Z\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"RootDeviceName\":\"/dev/xvda\",\"ClientToken\":\"98f09488-7699-4b57-97e6-eeaca8c41bc1\",\"ElasticGpuAssociations\":null,\"PrivateIpAddress\":\"172.31.92.40\",\"ProductCodes\":[],\"NetworkInterfaces\":[{\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-234-79-103.compute-1.amazonaws.com\",\"PublicIp\":\"18.234.79.103\"},\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-006d0decaf51b405e\",\"GroupName\":\"launch-wizard-16\"}],\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-0300f51e1aa4c664b\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-92-40.ec2.internal\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-fee506df\",\"VpcId\":\"vpc-73d2e309\",\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-15T21:39:16Z\",\"AttachmentId\":\"eni-attach-05059cc641c439a05\",\"DeleteOnTermination\":true},\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.31.92.40\",\"Status\":\"in-use\",\"Description\":\"\",\"Ipv4Prefixes\":null,\"MacAddress\":\"12:6d:ee:6b:07:b3\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.92.40\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-234-79-103.compute-1.amazonaws.com\",\"PublicIp\":\"18.234.79.103\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-92-40.ec2.internal\"}]}],\"RamdiskId\":null,\"SriovNetSupport\":null,\"VirtualizationType\":\"hvm\",\"EbsOptimized\":false,\"Hypervisor\":\"xen\",\"KernelId\":null,\"Licenses\":null,\"Region\":\"us-east-1\",\"KeyName\":\"tin-elastic-cloud-sec-dev\",\"Monitoring\":{\"State\":\"disabled\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"SourceDestCheck\":true,\"SpotInstanceRequestId\":null,\"StateReason\":null,\"AmiLaunchIndex\":1,\"ElasticInferenceAcceleratorAssociations\":null,\"InstanceId\":\"i-060467a2500d7a8a5\",\"Platform\":\"\",\"PublicIpAddress\":\"18.234.79.103\",\"StateTransitionReason\":\"\",\"Architecture\":\"x86_64\",\"Placement\":{\"Affinity\":null,\"AvailabilityZone\":\"us-east-1b\",\"GroupId\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"Tenancy\":\"default\"},\"VpcId\":\"vpc-73d2e309\",\"CapacityReservationId\":null,\"IamInstanceProfile\":null,\"RootDeviceType\":\"ebs\",\"SecurityGroups\":[{\"GroupId\":\"sg-006d0decaf51b405e\",\"GroupName\":\"launch-wizard-16\"}]},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-060467a2500d7a8a5\",\"i-060467a2500d7a8a5\"],\"name\":\"tin-demo-instance-cspm\",\"category\":\"infrastructure\",\"sub_category\":\"compute\"},\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-060467a2500d7a8a5\",\"i-060467a2500d7a8a5\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0082fa03d05ed60a5\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"cloud\":{\"instance\":{\"id\":\"i-0082fa03d05ed60a5\",\"name\":\"tin-demo-instance-asset\"},\"machine\":{\"machine_type\":\"t2.large\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-1b\",\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-06b21ccaeff8cd686\",\"instance_type\":\"t2.large\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0082fa03d05ed60a5\",\"i-0082fa03d05ed60a5\"],\"asset\":{\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"tin-demo-instance-asset\",\"division\":\"engineering\",\"org\":\"security\",\"project\":\"AWS re:Invent demo\",\"team\":\"cloud-security\"},\"raw\":{\"SubnetId\":\"subnet-fee506df\",\"LaunchTime\":\"2024-10-15T21:39:16Z\",\"OutpostArn\":null,\"PlatformDetails\":\"Linux/UNIX\",\"RootDeviceName\":\"/dev/xvda\",\"PrivateDnsNameOptions\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true},\"InstanceId\":\"i-0082fa03d05ed60a5\",\"Platform\":\"\",\"BootMode\":\"uefi-preferred\",\"ElasticGpuAssociations\":null,\"KeyName\":\"tin-elastic-cloud-sec-dev\",\"PrivateIpAddress\":\"172.31.87.172\",\"Hypervisor\":\"xen\",\"Licenses\":null,\"Monitoring\":{\"State\":\"disabled\"},\"State\":{\"Code\":16,\"Name\":\"running\"},\"AmiLaunchIndex\":2,\"Architecture\":\"x86_64\",\"ProductCodes\":[],\"EnaSupport\":true,\"InstanceType\":\"t2.large\",\"StateReason\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-10-15T21:39:17Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0a97a39444080d620\",\"VolumeOwnerId\":null}}],\"IamInstanceProfile\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"SriovNetSupport\":null,\"PublicDnsName\":\"ec2-52-90-110-172.compute-1.amazonaws.com\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"EbsOptimized\":false,\"EnclaveOptions\":{\"Enabled\":false},\"InstanceLifecycle\":\"\",\"RootDeviceType\":\"ebs\",\"HibernationOptions\":{\"Configured\":false},\"NetworkInterfaces\":[{\"SourceDestCheck\":true,\"VpcId\":\"vpc-73d2e309\",\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-15T21:39:16Z\",\"AttachmentId\":\"eni-attach-0592593363bd517bd\",\"DeleteOnTermination\":true},\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"Ipv4Prefixes\":null,\"Association\":{\"PublicIp\":\"52.90.110.172\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-52-90-110-172.compute-1.amazonaws.com\"},\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-006d0decaf51b405e\",\"GroupName\":\"launch-wizard-16\"}],\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-0d09a13fffddbaa13\",\"PrivateIpAddress\":\"172.31.87.172\",\"PrivateDnsName\":\"ip-172-31-87-172.ec2.internal\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.87.172\",\"Association\":{\"PublicIp\":\"52.90.110.172\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-52-90-110-172.compute-1.amazonaws.com\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-87-172.ec2.internal\"}],\"Status\":\"in-use\",\"SubnetId\":\"subnet-fee506df\",\"Description\":\"\",\"MacAddress\":\"12:76:d9:f7:82:95\",\"OwnerId\":\"704479110758\"}],\"Placement\":{\"AvailabilityZone\":\"us-east-1b\",\"GroupId\":null,\"GroupName\":\"\",\"SpreadDomain\":null,\"Affinity\":null,\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\"},\"PublicIpAddress\":\"52.90.110.172\",\"Ipv6Address\":null,\"SpotInstanceRequestId\":null,\"VpcId\":\"vpc-73d2e309\",\"CapacityReservationId\":null,\"CpuOptions\":{\"CoreCount\":2,\"ThreadsPerCore\":1,\"AmdSevSnp\":\"\"},\"SecurityGroups\":[{\"GroupName\":\"launch-wizard-16\",\"GroupId\":\"sg-006d0decaf51b405e\"}],\"UsageOperationUpdateTime\":\"2024-10-15T21:39:16Z\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"KernelId\":null,\"SourceDestCheck\":true,\"TpmSupport\":null,\"StateTransitionReason\":\"\",\"Tags\":[{\"Key\":\"org\",\"Value\":\"security\"},{\"Value\":\"engineering\",\"Key\":\"division\"},{\"Key\":\"Name\",\"Value\":\"tin-demo-instance-asset\"},{\"Key\":\"project\",\"Value\":\"AWS re:Invent demo\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"}],\"VirtualizationType\":\"hvm\",\"Region\":\"us-east-1\",\"ClientToken\":\"98f09488-7699-4b57-97e6-eeaca8c41bc1\",\"ImageId\":\"ami-06b21ccaeff8cd686\",\"PrivateDnsName\":\"ip-172-31-87-172.ec2.internal\",\"RamdiskId\":null,\"RootVolume\":null,\"ElasticInferenceAcceleratorAssociations\":null,\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"UsageOperation\":\"RunInstances\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0082fa03d05ed60a5\",\"i-0082fa03d05ed60a5\"],\"name\":\"tin-demo-instance-asset\",\"category\":\"infrastructure\",\"sub_category\":\"compute\"},\"network\":{\"network_id\":\"vpc-73d2e309\",\"private_dns_name\":\"ip-172-31-87-172.ec2.internal\",\"private_ip_address\":\"172.31.87.172\",\"public_dns_name\":\"ec2-52-90-110-172.compute-1.amazonaws.com\",\"public_ip_address\":\"52.90.110.172\",\"subnet_ids\":[\"subnet-fee506df\"]},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0a6f5db394ad729f3\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0a6f5db394ad729f3\",\"name\":\"tin-demo-instance-wiz\"},\"machine\":{\"machine_type\":\"t2.large\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-1b\"},\"host\":{\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-06b21ccaeff8cd686\",\"instance_type\":\"t2.large\",\"platform\":\"\"},\"network\":{\"network_id\":\"vpc-73d2e309\",\"private_dns_name\":\"ip-172-31-82-21.ec2.internal\",\"private_ip_address\":\"172.31.82.21\",\"public_dns_name\":\"ec2-3-87-0-19.compute-1.amazonaws.com\",\"public_ip_address\":\"3.87.0.19\",\"subnet_ids\":[\"subnet-fee506df\"]},\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0a6f5db394ad729f3\",\"i-0a6f5db394ad729f3\"],\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"tin-demo-instance-wiz\",\"division\":\"engineering\",\"org\":\"security\",\"project\":\"AWS re:Invent demo\",\"team\":\"cloud-security\"},\"raw\":{\"ElasticGpuAssociations\":null,\"SourceDestCheck\":true,\"EnclaveOptions\":{\"Enabled\":false},\"RamdiskId\":null,\"InstanceId\":\"i-0a6f5db394ad729f3\",\"Ipv6Address\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-006d0decaf51b405e\",\"GroupName\":\"launch-wizard-16\"}],\"State\":{\"Code\":16,\"Name\":\"running\"},\"Architecture\":\"x86_64\",\"Platform\":\"\",\"SpotInstanceRequestId\":null,\"InstanceLifecycle\":\"\",\"OutpostArn\":null,\"PublicDnsName\":\"ec2-3-87-0-19.compute-1.amazonaws.com\",\"VpcId\":\"vpc-73d2e309\",\"RootVolume\":null,\"EnaSupport\":true,\"CapacityReservationId\":null,\"HibernationOptions\":{\"Configured\":false},\"KernelId\":null,\"PrivateDnsName\":\"ip-172-31-82-21.ec2.internal\",\"AmiLaunchIndex\":0,\"InstanceType\":\"t2.large\",\"PlatformDetails\":\"Linux/UNIX\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"PrivateIpAddress\":\"172.31.82.21\",\"PublicIpAddress\":\"3.87.0.19\",\"SubnetId\":\"subnet-fee506df\",\"UsageOperation\":\"RunInstances\",\"ElasticInferenceAcceleratorAssociations\":null,\"ClientToken\":\"98f09488-7699-4b57-97e6-eeaca8c41bc1\",\"NetworkInterfaces\":[{\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-87-0-19.compute-1.amazonaws.com\",\"PublicIp\":\"3.87.0.19\",\"CarrierIp\":null},\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupName\":\"launch-wizard-16\",\"GroupId\":\"sg-006d0decaf51b405e\"}],\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"MacAddress\":\"12:4e:2b:a6:bf:3d\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.82.21\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-87-0-19.compute-1.amazonaws.com\",\"PublicIp\":\"3.87.0.19\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-82-21.ec2.internal\"}],\"Attachment\":{\"AttachTime\":\"2024-10-15T21:39:16Z\",\"AttachmentId\":\"eni-attach-0e403827d80d30caa\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"NetworkInterfaceId\":\"eni-0b81394a3bd777a9f\",\"PrivateDnsName\":\"ip-172-31-82-21.ec2.internal\",\"PrivateIpAddress\":\"172.31.82.21\",\"Status\":\"in-use\",\"VpcId\":\"vpc-73d2e309\",\"Description\":\"\",\"InterfaceType\":\"interface\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-fee506df\"}],\"Placement\":{\"Affinity\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"HostResourceGroupArn\":null,\"AvailabilityZone\":\"us-east-1b\",\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null},\"Region\":\"us-east-1\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"Monitoring\":{\"State\":\"disabled\"},\"RootDeviceType\":\"ebs\",\"StateReason\":null,\"BootMode\":\"uefi-preferred\",\"EbsOptimized\":false,\"RootDeviceName\":\"/dev/xvda\",\"TpmSupport\":null,\"UsageOperationUpdateTime\":\"2024-10-15T21:39:16Z\",\"VirtualizationType\":\"hvm\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-10-15T21:39:17Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0153a69c69c6bb21e\",\"VolumeOwnerId\":null}}],\"KeyName\":\"tin-elastic-cloud-sec-dev\",\"LaunchTime\":\"2024-10-15T21:39:16Z\",\"ImageId\":\"ami-06b21ccaeff8cd686\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"StateTransitionReason\":\"\",\"CpuOptions\":{\"CoreCount\":2,\"ThreadsPerCore\":1,\"AmdSevSnp\":\"\"},\"Licenses\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"SriovNetSupport\":null,\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"},{\"Key\":\"Name\",\"Value\":\"tin-demo-instance-wiz\"},{\"Key\":\"project\",\"Value\":\"AWS re:Invent demo\"}],\"Hypervisor\":\"xen\",\"ProductCodes\":[],\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/tin-aws-demo-role\",\"Id\":\"AIPA2IBR2EZTL6P6Y7G5P\"}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:ec2/i-0a6f5db394ad729f3\",\"i-0a6f5db394ad729f3\"],\"name\":\"tin-demo-instance-wiz\"},\"iam\":{\"id\":\"AIPA2IBR2EZTL6P6Y7G5P\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/tin-aws-demo-role\"},\"resource_policies\":[],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"tags\":{\"Name\":\"cnvm-ci-do-not-delete\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:00.034912\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},\"raw\":{\"EbsOptimized\":false,\"TpmSupport\":null,\"HibernationOptions\":{\"Configured\":false},\"UsageOperationUpdateTime\":\"2024-04-03T06:00:22Z\",\"ProductCodes\":[],\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"SubnetId\":\"subnet-350c8679\",\"Region\":\"us-east-2\",\"Monitoring\":{\"State\":\"disabled\"},\"StateTransitionReason\":\"User initiated (2024-04-06 02:20:30 GMT)\",\"VirtualizationType\":\"hvm\",\"MetadataOptions\":{\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2},\"SourceDestCheck\":true,\"AmiLaunchIndex\":0,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-04-03T06:00:23Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0e3548bad38226446\",\"VolumeOwnerId\":null}}],\"CapacityReservationId\":null,\"EnaSupport\":true,\"Hypervisor\":\"xen\",\"Licenses\":null,\"PublicIpAddress\":null,\"InstanceLifecycle\":\"\",\"KeyName\":\"orz_keypair2\",\"RootDeviceType\":\"ebs\",\"RootVolume\":null,\"BootMode\":\"uefi-preferred\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":1},\"Ipv6Address\":null,\"LaunchTime\":\"2024-04-03T10:25:05Z\",\"NetworkInterfaces\":[{\"Association\":null,\"Attachment\":{\"AttachTime\":\"2024-04-03T06:00:22Z\",\"AttachmentId\":\"eni-attach-08812229e4b69a671\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"Ipv6Addresses\":[],\"VpcId\":\"vpc-0fa96564\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-0a5d61e413291b5bd\",\"GroupName\":\"launch-wizard-15\"}],\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-02fafcadfda865b02\",\"SubnetId\":\"subnet-350c8679\",\"MacAddress\":\"0a:1a:f8:1c:86:25\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-39-18.us-east-2.compute.internal\",\"PrivateIpAddress\":\"172.31.39.18\",\"Association\":null,\"Primary\":true}],\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-39-18.us-east-2.compute.internal\",\"PrivateIpAddress\":\"172.31.39.18\",\"SourceDestCheck\":true,\"Status\":\"in-use\"}],\"Platform\":\"\",\"RamdiskId\":null,\"EnclaveOptions\":{\"Enabled\":false},\"RootDeviceName\":\"/dev/xvda\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"InstanceId\":\"i-0d48ded84bbf8336e\",\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-31-39-18.us-east-2.compute.internal\",\"SpotInstanceRequestId\":null,\"SriovNetSupport\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ElasticGpuAssociations\":null,\"ElasticInferenceAcceleratorAssociations\":null,\"PlatformDetails\":\"Linux/UNIX\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"Tags\":[{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:00.034912\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"Name\",\"Value\":\"cnvm-ci-do-not-delete\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"}],\"ClientToken\":\"3c82340f-34c8-4cca-9d51-d3f9d2f37144\",\"ImageId\":\"ami-0900fe555666598a2\",\"Placement\":{\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"us-east-2c\",\"HostId\":null,\"SpreadDomain\":null},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"Architecture\":\"x86_64\",\"InstanceType\":\"t2.micro\",\"KernelId\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-0a5d61e413291b5bd\",\"GroupName\":\"launch-wizard-15\"}],\"IamInstanceProfile\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateIpAddress\":\"172.31.39.18\",\"PublicDnsName\":\"\",\"UsageOperation\":\"RunInstances\",\"VpcId\":\"vpc-0fa96564\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:ec2/i-0d48ded84bbf8336e\",\"i-0d48ded84bbf8336e\"],\"name\":\"cnvm-ci-do-not-delete\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"},\"cloud\":{\"instance\":{\"id\":\"i-0d48ded84bbf8336e\",\"name\":\"cnvm-ci-do-not-delete\"},\"machine\":{\"machine_type\":\"t2.micro\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-2c\",\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"host\":{\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0900fe555666598a2\",\"instance_type\":\"t2.micro\",\"platform\":\"\"},\"network\":{\"network_id\":\"vpc-0fa96564\",\"private_dns_name\":\"ip-172-31-39-18.us-east-2.compute.internal\",\"private_ip_address\":\"172.31.39.18\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-350c8679\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:ec2/i-0d48ded84bbf8336e\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:ec2/i-0d48ded84bbf8336e\",\"i-0d48ded84bbf8336e\"],\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"host\":{\"imageId\":\"ami-0000456e99b2b6a9d\",\"instance_type\":\"t4g.nano\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"arm64\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:ec2/i-024c66a3f7c66847b\",\"i-024c66a3f7c66847b\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:ec2/i-024c66a3f7c66847b\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"name\":\"cnvm-2-arm\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"project\":\"dg-sa-backward\",\"team\":\"cloud-security-posture\",\"Name\":\"cnvm-2-arm\",\"division\":\"engineering\",\"org\":\"security\"},\"raw\":{\"InstanceId\":\"i-024c66a3f7c66847b\",\"VpcId\":\"vpc-0fa96564\",\"IamInstanceProfile\":null,\"ImageId\":\"ami-0000456e99b2b6a9d\",\"KeyName\":\"orz_keypair2\",\"CapacityReservationId\":null,\"ClientToken\":\"66bbce27-cc95-408e-8d47-82ee7f378b89\",\"Monitoring\":{\"State\":\"disabled\"},\"RamdiskId\":null,\"InstanceLifecycle\":\"\",\"PlatformDetails\":\"Linux/UNIX\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-76e81c1d\",\"AmiLaunchIndex\":0,\"CurrentInstanceBootMode\":\"uefi\",\"PrivateDnsName\":\"ip-172-31-13-238.us-east-2.compute.internal\",\"BootMode\":\"uefi\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"UsageOperation\":\"RunInstances\",\"RootDeviceName\":\"/dev/sda1\",\"RootDeviceType\":\"ebs\",\"RootVolume\":null,\"Region\":\"us-east-2\",\"ElasticGpuAssociations\":null,\"InstanceType\":\"t4g.nano\",\"LaunchTime\":\"2024-04-03T10:37:10Z\",\"StateTransitionReason\":\"\",\"Tags\":[{\"Key\":\"project\",\"Value\":\"dg-sa-backward\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"Name\",\"Value\":\"cnvm-2-arm\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Value\":\"security\",\"Key\":\"org\"}],\"Architecture\":\"arm64\",\"PrivateIpAddress\":\"172.31.13.238\",\"PublicDnsName\":\"ec2-18-225-234-77.us-east-2.compute.amazonaws.com\",\"TpmSupport\":null,\"VirtualizationType\":\"hvm\",\"HibernationOptions\":{\"Configured\":false},\"Hypervisor\":\"xen\",\"KernelId\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-089f6d7234f7b5f61\",\"GroupName\":\"launch-wizard-16\"}],\"SriovNetSupport\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-04-03T10:37:10Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-08b10572e52abee22\",\"VolumeOwnerId\":null}}],\"CapacityReservationSpecification\":{\"CapacityReservationTarget\":null,\"CapacityReservationPreference\":\"open\"},\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"ProductCodes\":[],\"StateReason\":null,\"Platform\":\"\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"EbsOptimized\":true,\"EnaSupport\":true,\"EnclaveOptions\":{\"Enabled\":false},\"Licenses\":null,\"PublicIpAddress\":\"18.225.234.77\",\"SpotInstanceRequestId\":null,\"Ipv6Address\":null,\"State\":{\"Code\":16,\"Name\":\"running\"},\"UsageOperationUpdateTime\":\"2024-04-03T10:37:10Z\",\"ElasticInferenceAcceleratorAssociations\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"NetworkInterfaces\":[{\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-13-238.us-east-2.compute.internal\",\"VpcId\":\"vpc-0fa96564\",\"Description\":\"\",\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-04-03T10:37:10Z\",\"AttachmentId\":\"eni-attach-09a9cb6e4178955e5\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null},\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"PrivateIpAddresses\":[{\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-225-234-77.us-east-2.compute.amazonaws.com\",\"PublicIp\":\"18.225.234.77\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-13-238.us-east-2.compute.internal\",\"PrivateIpAddress\":\"172.31.13.238\"}],\"SourceDestCheck\":true,\"SubnetId\":\"subnet-76e81c1d\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-225-234-77.us-east-2.compute.amazonaws.com\",\"PublicIp\":\"18.225.234.77\"},\"PrivateIpAddress\":\"172.31.13.238\",\"Status\":\"in-use\",\"NetworkInterfaceId\":\"eni-0a26d91f6e522f3af\",\"Groups\":[{\"GroupId\":\"sg-089f6d7234f7b5f61\",\"GroupName\":\"launch-wizard-16\"}],\"Ipv6Addresses\":[],\"MacAddress\":\"02:ed:8d:6c:6b:73\",\"ConnectionTrackingConfiguration\":null}],\"OutpostArn\":null,\"Placement\":{\"Affinity\":null,\"AvailabilityZone\":\"us-east-2a\",\"GroupName\":\"\",\"HostId\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"GroupId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null}},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:ec2/i-024c66a3f7c66847b\",\"i-024c66a3f7c66847b\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-024c66a3f7c66847b\",\"name\":\"cnvm-2-arm\"},\"machine\":{\"machine_type\":\"t4g.nano\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-2a\",\"provider\":\"aws\",\"region\":\"us-east-2\"},\"network\":{\"public_ip_address\":\"18.225.234.77\",\"subnet_ids\":[\"subnet-76e81c1d\"],\"network_id\":\"vpc-0fa96564\",\"private_dns_name\":\"ip-172-31-13-238.us-east-2.compute.internal\",\"private_ip_address\":\"172.31.13.238\",\"public_dns_name\":\"ec2-18-225-234-77.us-east-2.compute.amazonaws.com\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"id\":[\"arn:aws:ec2:us-east-2:704479110758:ec2/i-05ec629ae509d33af\",\"i-05ec629ae509d33af\"],\"name\":\"elastic-agent-instance-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Task\":\"Vulnerability Management Scanner\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:us-east-2:704479110758:stack/Elastic-Vulnerability-Management/af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\",\"aws:cloudformation:stack-name\":\"Elastic-Vulnerability-Management\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"stopped-at\":\"2024-11-19 02:46:00.034912\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"elastic-agent-instance-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\"},\"raw\":{\"CurrentInstanceBootMode\":\"uefi\",\"Platform\":\"\",\"UsageOperation\":\"RunInstances\",\"Monitoring\":{\"State\":\"disabled\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"TpmSupport\":null,\"RootDeviceName\":\"/dev/xvda\",\"SpotInstanceRequestId\":null,\"VirtualizationType\":\"hvm\",\"Architecture\":\"arm64\",\"ElasticGpuAssociations\":null,\"Hypervisor\":\"xen\",\"AmiLaunchIndex\":0,\"PlatformDetails\":\"Linux/UNIX\",\"RootDeviceType\":\"ebs\",\"BootMode\":\"uefi\",\"CpuOptions\":{\"ThreadsPerCore\":1,\"AmdSevSnp\":\"\",\"CoreCount\":4},\"InstanceType\":\"m6g.xlarge\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AttachTime\":\"2024-10-25T08:40:16Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-09bc217c54a99875e\",\"VolumeOwnerId\":null,\"AssociatedResource\":null}}],\"ElasticInferenceAcceleratorAssociations\":null,\"ImageId\":\"ami-07952741b58430924\",\"InstanceId\":\"i-05ec629ae509d33af\",\"RootVolume\":null,\"LaunchTime\":\"2024-10-25T08:40:16Z\",\"OutpostArn\":null,\"StateTransitionReason\":\"User initiated (2024-10-27 02:46:00 GMT)\",\"RamdiskId\":null,\"UsageOperationUpdateTime\":\"2024-10-25T08:40:16Z\",\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\",\"Id\":\"AIPA2IBR2EZTM3EDCWPTI\"},\"Ipv6Address\":null,\"Licenses\":null,\"State\":{\"Name\":\"stopped\",\"Code\":80},\"Tags\":[{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Vulnerability-Management\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Value\":\"elastic-agent-instance-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\",\"Key\":\"Name\"},{\"Key\":\"Task\",\"Value\":\"Vulnerability Management Scanner\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:00.034912\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-east-2:704479110758:stack/Elastic-Vulnerability-Management/af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\"}],\"Region\":\"us-east-2\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"EnaSupport\":true,\"EnclaveOptions\":{\"Enabled\":false},\"SecurityGroups\":[{\"GroupId\":\"sg-03749ee20e5e0bffe\",\"GroupName\":\"elastic-agent-security-group-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\"}],\"SourceDestCheck\":true,\"ClientToken\":\"5958ffd0-a8c2-2fb0-0ce4-5d40c2c91773\",\"HibernationOptions\":{\"Configured\":false},\"PublicIpAddress\":null,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"SubnetId\":\"subnet-76e81c1d\",\"InstanceLifecycle\":\"\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PublicDnsName\":\"\",\"EbsOptimized\":false,\"SriovNetSupport\":null,\"CapacityReservationId\":null,\"NetworkInterfaces\":[{\"NetworkInterfaceId\":\"eni-0e6b226dda67c9576\",\"VpcId\":\"vpc-0fa96564\",\"Association\":null,\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-25T08:40:16Z\",\"AttachmentId\":\"eni-attach-036fc4bd83a02048a\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null},\"InterfaceType\":\"interface\",\"MacAddress\":\"02:3b:63:38:55:a5\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-76e81c1d\",\"Description\":\"\",\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"ConnectionTrackingConfiguration\":null,\"PrivateDnsName\":\"ip-172-31-1-113.us-east-2.compute.internal\",\"PrivateIpAddress\":\"172.31.1.113\",\"Status\":\"in-use\",\"Groups\":[{\"GroupId\":\"sg-03749ee20e5e0bffe\",\"GroupName\":\"elastic-agent-security-group-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\"}],\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.1.113\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-1-113.us-east-2.compute.internal\"}]}],\"VpcId\":\"vpc-0fa96564\",\"Placement\":{\"Tenancy\":\"default\",\"AvailabilityZone\":\"us-east-2a\",\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Affinity\":null,\"SpreadDomain\":null},\"PrivateIpAddress\":\"172.31.1.113\",\"ProductCodes\":[],\"KernelId\":null,\"KeyName\":null,\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"PrivateDnsName\":\"ip-172-31-1-113.us-east-2.compute.internal\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-05ec629ae509d33af\",\"name\":\"elastic-agent-instance-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-east-2a\"},\"network\":{\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-76e81c1d\"],\"network_id\":\"vpc-0fa96564\",\"private_dns_name\":\"ip-172-31-1-113.us-east-2.compute.internal\",\"private_ip_address\":\"172.31.1.113\"},\"iam\":{\"id\":\"AIPA2IBR2EZTM3EDCWPTI\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:ec2/i-05ec629ae509d33af\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-07952741b58430924\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:ec2/i-05ec629ae509d33af\",\"i-05ec629ae509d33af\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"host\":{\"imageId\":\"ami-0d31da82470b0ec5a\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"arm64\"},\"network\":{\"network_id\":\"vpc-36a1394e\",\"private_dns_name\":\"ip-172-31-33-178.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.33.178\",\"public_dns_name\":\"ec2-35-94-206-252.us-west-2.compute.amazonaws.com\",\"public_ip_address\":\"35.94.206.252\",\"subnet_ids\":[\"subnet-10e39f3b\"]},\"iam\":{\"id\":\"AIPA2IBR2EZTMLUNUAYCB\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-4dfb5900-03fa-11ef-b226-0a9c50dbbe7f\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-03efedd47dd5a14b5\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"instance\":{\"id\":\"i-03efedd47dd5a14b5\",\"name\":\"ci-build-runner\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2d\",\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-03efedd47dd5a14b5\",\"i-03efedd47dd5a14b5\"],\"asset\":{\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Name\":\"ci-build-runner\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/cnvm-region-BC1/4dfb5900-03fa-11ef-b226-0a9c50dbbe7f\",\"aws:cloudformation:stack-name\":\"cnvm-region-BC1\",\"org\":\"security\",\"team\":\"cloud-security\",\"Task\":\"Vulnerability Management Scanner\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"division\":\"engineering\",\"project\":\"cloudformation\"},\"raw\":{\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-4dfb5900-03fa-11ef-b226-0a9c50dbbe7f\",\"Id\":\"AIPA2IBR2EZTMLUNUAYCB\"},\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"Placement\":{\"AvailabilityZone\":\"us-west-2d\",\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"HostId\":null},\"State\":{\"Code\":16,\"Name\":\"running\"},\"Tags\":[{\"Key\":\"Task\",\"Value\":\"Vulnerability Management Scanner\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"Name\",\"Value\":\"ci-build-runner\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/cnvm-region-BC1/4dfb5900-03fa-11ef-b226-0a9c50dbbe7f\"},{\"Value\":\"cnvm-region-BC1\",\"Key\":\"aws:cloudformation:stack-name\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"cloudformation\"}],\"TpmSupport\":null,\"UsageOperationUpdateTime\":\"2024-04-26T18:25:38Z\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-04-26T18:25:39Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-00462c78bd6024e55\",\"VolumeOwnerId\":null}}],\"EbsOptimized\":false,\"OutpostArn\":null,\"RootDeviceType\":\"ebs\",\"BootMode\":\"uefi\",\"Architecture\":\"arm64\",\"InstanceId\":\"i-03efedd47dd5a14b5\",\"KeyName\":\"lola-csp-west\",\"VirtualizationType\":\"hvm\",\"CurrentInstanceBootMode\":\"uefi\",\"ImageId\":\"ami-0d31da82470b0ec5a\",\"PrivateDnsName\":\"ip-172-31-33-178.us-west-2.compute.internal\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"HibernationOptions\":{\"Configured\":false},\"SourceDestCheck\":true,\"ElasticGpuAssociations\":null,\"KernelId\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"MetadataOptions\":{\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2},\"Platform\":\"\",\"SriovNetSupport\":null,\"StateReason\":null,\"SubnetId\":\"subnet-10e39f3b\",\"ClientToken\":\"de986576-8494-7ec2-b5d3-ea82a8d00416\",\"RootDeviceName\":\"/dev/xvda\",\"SpotInstanceRequestId\":null,\"EnaSupport\":true,\"EnclaveOptions\":{\"Enabled\":false},\"VpcId\":\"vpc-36a1394e\",\"PlatformDetails\":\"Linux/UNIX\",\"RootVolume\":null,\"InstanceLifecycle\":\"\",\"NetworkInterfaces\":[{\"SubnetId\":\"subnet-10e39f3b\",\"Groups\":[{\"GroupName\":\"elastic-agent-security-group-4dfb5900-03fa-11ef-b226-0a9c50dbbe7f\",\"GroupId\":\"sg-035ac0cfb33c18ca6\"}],\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-06bf06c459685f715\",\"PrivateIpAddress\":\"172.31.33.178\",\"Status\":\"in-use\",\"Association\":{\"PublicDnsName\":\"ec2-35-94-206-252.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.94.206.252\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Ipv6Addresses\":[],\"SourceDestCheck\":true,\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-04-26T18:25:38Z\",\"AttachmentId\":\"eni-attach-0abf5d29e17a2d66a\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"InterfaceType\":\"interface\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-36a1394e\",\"MacAddress\":\"0e:3f:bf:34:7e:13\",\"PrivateDnsName\":\"ip-172-31-33-178.us-west-2.compute.internal\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.33.178\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-94-206-252.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.94.206.252\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-33-178.us-west-2.compute.internal\"}]}],\"ProductCodes\":[],\"PublicIpAddress\":\"35.94.206.252\",\"UsageOperation\":\"RunInstances\",\"SecurityGroups\":[{\"GroupName\":\"elastic-agent-security-group-4dfb5900-03fa-11ef-b226-0a9c50dbbe7f\",\"GroupId\":\"sg-035ac0cfb33c18ca6\"}],\"AmiLaunchIndex\":0,\"CapacityReservationId\":null,\"ElasticInferenceAcceleratorAssociations\":null,\"LaunchTime\":\"2024-04-26T18:25:38Z\",\"Licenses\":null,\"Monitoring\":{\"State\":\"disabled\"},\"PublicDnsName\":\"ec2-35-94-206-252.us-west-2.compute.amazonaws.com\",\"Region\":\"us-west-2\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"Hypervisor\":\"xen\",\"InstanceType\":\"m6g.xlarge\",\"Ipv6Address\":null,\"PrivateIpAddress\":\"172.31.33.178\",\"RamdiskId\":null,\"StateTransitionReason\":\"\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-03efedd47dd5a14b5\",\"i-03efedd47dd5a14b5\"],\"name\":\"ci-build-runner\",\"category\":\"infrastructure\",\"sub_category\":\"compute\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"machine\":{\"machine_type\":\"t2.large\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2b\",\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-08f90f31e66de69fd\",\"name\":\"e2e-cdr-demo-vm-falco\"}},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-07c5ecd8498c59db5\",\"instance_type\":\"t2.large\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"private_dns_name\":\"ip-172-31-31-236.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.31.236\",\"public_dns_name\":\"ec2-35-89-254-71.us-west-2.compute.amazonaws.com\",\"public_ip_address\":\"35.89.254.71\",\"subnet_ids\":[\"subnet-5283762a\"],\"network_id\":\"vpc-36a1394e\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-08f90f31e66de69fd\":{\"type\":\"virtual-machine\",\"category\":\"infrastructure\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-08f90f31e66de69fd\",\"i-08f90f31e66de69fd\"],\"asset\":{\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-08f90f31e66de69fd\",\"i-08f90f31e66de69fd\"],\"name\":\"e2e-cdr-demo-vm-falco\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"team\":\"cloud-security\",\"Name\":\"e2e-cdr-demo-vm-falco\",\"division\":\"engineering\",\"org\":\"security\",\"project\":\"AWS re:Invent Demo\"},\"raw\":{\"Architecture\":\"x86_64\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"RamdiskId\":null,\"State\":{\"Code\":16,\"Name\":\"running\"},\"ClientToken\":\"abc69b0e-7a82-4748-98ea-8a133cfd4189\",\"EnclaveOptions\":{\"Enabled\":false},\"InstanceType\":\"t2.large\",\"Ipv6Address\":null,\"Monitoring\":{\"State\":\"disabled\"},\"AmiLaunchIndex\":0,\"Licenses\":null,\"SriovNetSupport\":null,\"StateTransitionReason\":\"\",\"BootMode\":\"uefi-preferred\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"EnaSupport\":true,\"RootDeviceType\":\"ebs\",\"SpotInstanceRequestId\":null,\"VirtualizationType\":\"hvm\",\"EbsOptimized\":false,\"HibernationOptions\":{\"Configured\":false},\"PrivateIpAddress\":\"172.31.31.236\",\"StateReason\":null,\"VpcId\":\"vpc-36a1394e\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"KeyName\":\"nick-csd-key-uswest2\",\"Platform\":\"\",\"PlatformDetails\":\"Linux/UNIX\",\"SubnetId\":\"subnet-5283762a\",\"ElasticInferenceAcceleratorAssociations\":null,\"IamInstanceProfile\":null,\"PublicDnsName\":\"ec2-35-89-254-71.us-west-2.compute.amazonaws.com\",\"PublicIpAddress\":\"35.89.254.71\",\"CapacityReservationId\":null,\"Hypervisor\":\"xen\",\"InstanceId\":\"i-08f90f31e66de69fd\",\"Placement\":{\"SpreadDomain\":null,\"Tenancy\":\"default\",\"AvailabilityZone\":\"us-west-2b\",\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"Affinity\":null,\"PartitionNumber\":null},\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"OutpostArn\":null,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"e2e-cdr-demo-vm-falco\"},{\"Key\":\"project\",\"Value\":\"AWS re:Invent Demo\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"}],\"UsageOperationUpdateTime\":\"2024-10-18T18:48:19Z\",\"RootVolume\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-00d6ed6fcdcf4eac8\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-18T18:48:19Z\"}}],\"LaunchTime\":\"2024-10-18T18:48:19Z\",\"SecurityGroups\":[{\"GroupId\":\"sg-0f1bcb6c9f518a248\",\"GroupName\":\"launch-wizard-3\"}],\"SourceDestCheck\":true,\"ElasticGpuAssociations\":null,\"KernelId\":null,\"PrivateDnsName\":\"ip-172-31-31-236.us-west-2.compute.internal\",\"UsageOperation\":\"RunInstances\",\"InstanceLifecycle\":\"\",\"NetworkInterfaces\":[{\"ConnectionTrackingConfiguration\":null,\"PrivateDnsName\":\"ip-172-31-31-236.us-west-2.compute.internal\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-31-236.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.31.236\",\"Association\":{\"PublicDnsName\":\"ec2-35-89-254-71.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.89.254.71\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"Primary\":true}],\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Groups\":[{\"GroupId\":\"sg-0f1bcb6c9f518a248\",\"GroupName\":\"launch-wizard-3\"}],\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-36a1394e\",\"Description\":\"\",\"InterfaceType\":\"interface\",\"NetworkInterfaceId\":\"eni-0901db0fe00220044\",\"SubnetId\":\"subnet-5283762a\",\"Association\":{\"PublicDnsName\":\"ec2-35-89-254-71.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.89.254.71\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"Attachment\":{\"AttachTime\":\"2024-10-18T18:48:19Z\",\"AttachmentId\":\"eni-attach-0d6d904f9e65dd11f\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"Ipv4Prefixes\":null,\"MacAddress\":\"02:7c:fa:38:c9:c7\",\"PrivateIpAddress\":\"172.31.31.236\"}],\"ProductCodes\":[],\"TpmSupport\":null,\"Region\":\"us-west-2\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ImageId\":\"ami-07c5ecd8498c59db5\",\"RootDeviceName\":\"/dev/xvda\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0df628b1ae494eb56\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"network\":{\"private_dns_name\":\"ip-172-31-22-221.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.22.221\",\"public_dns_name\":\"ec2-35-95-24-16.us-west-2.compute.amazonaws.com\",\"public_ip_address\":\"35.95.24.16\",\"subnet_ids\":[\"subnet-5283762a\"],\"network_id\":\"vpc-36a1394e\"},\"iam\":{\"id\":\"AIPA2IBR2EZTEYUL7U35M\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/eks-7ac95e1a-9954-4821-8641-1effa5718724\"},\"asset\":{\"raw\":{\"ProductCodes\":[],\"SriovNetSupport\":null,\"UsageOperation\":\"RunInstances\",\"RootVolume\":null,\"VpcId\":\"vpc-36a1394e\",\"EnaSupport\":true,\"KeyName\":\"nick-csd-key-uswest2\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Platform\":\"\",\"PublicIpAddress\":\"35.95.24.16\",\"UsageOperationUpdateTime\":\"2024-10-24T01:48:28Z\",\"CapacityReservationId\":null,\"PrivateIpAddress\":\"172.31.22.221\",\"SecurityGroups\":[{\"GroupId\":\"sg-08cfc0c23c2c819c4\",\"GroupName\":\"eks-remoteAccess-7ac95e1a-9954-4821-8641-1effa5718724\"},{\"GroupName\":\"eks-cluster-sg-e2e-cdr-demo-k8s-1011743187\",\"GroupId\":\"sg-02233909779b23ce1\"}],\"StateReason\":null,\"KernelId\":null,\"SourceDestCheck\":true,\"Region\":\"us-west-2\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"RootDeviceType\":\"ebs\",\"VirtualizationType\":\"hvm\",\"RootDeviceName\":\"/dev/xvda\",\"SpotInstanceRequestId\":null,\"ImageId\":\"ami-0b995858c4742f856\",\"Ipv6Address\":null,\"MetadataOptions\":{\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"optional\"},\"SubnetId\":\"subnet-5283762a\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"EbsOptimized\":false,\"InstanceType\":\"t2.large\",\"Licenses\":null,\"OutpostArn\":null,\"StateTransitionReason\":\"\",\"ClientToken\":\"fleet-0e3e363f-e6a7-ec2f-2e9a-210abdddceeb-0\",\"ElasticInferenceAcceleratorAssociations\":null,\"AmiLaunchIndex\":0,\"CpuOptions\":{\"CoreCount\":2,\"ThreadsPerCore\":1,\"AmdSevSnp\":\"\"},\"ElasticGpuAssociations\":null,\"Placement\":{\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"us-west-2b\",\"HostId\":null,\"PartitionNumber\":null,\"SpreadDomain\":null},\"PrivateDnsName\":\"ip-172-31-22-221.us-west-2.compute.internal\",\"State\":{\"Code\":16,\"Name\":\"running\"},\"Architecture\":\"x86_64\",\"NetworkInterfaces\":[{\"Groups\":[{\"GroupName\":\"eks-remoteAccess-7ac95e1a-9954-4821-8641-1effa5718724\",\"GroupId\":\"sg-08cfc0c23c2c819c4\"},{\"GroupName\":\"eks-cluster-sg-e2e-cdr-demo-k8s-1011743187\",\"GroupId\":\"sg-02233909779b23ce1\"}],\"Ipv6Prefixes\":null,\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.25.242\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-25-242.us-west-2.compute.internal\"},{\"PrivateDnsName\":\"ip-172-31-19-143.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.19.143\",\"Association\":null,\"Primary\":false},{\"PrivateDnsName\":\"ip-172-31-29-222.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.29.222\",\"Association\":null,\"Primary\":false},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-29-202.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.29.202\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-22-232.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.22.232\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-17-40.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.17.40\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-16-247.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.16.247\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-30-22.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.30.22\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-28-118.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.28.118\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-16-21.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.16.21\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-18-112.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.18.112\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-20-80.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.20.80\"}],\"SubnetId\":\"subnet-5283762a\",\"ConnectionTrackingConfiguration\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"172.31.25.242\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"VpcId\":\"vpc-36a1394e\",\"Association\":null,\"Description\":\"aws-K8S-i-0df628b1ae494eb56\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"PrivateDnsName\":\"ip-172-31-25-242.us-west-2.compute.internal\",\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-24T01:49:20Z\",\"AttachmentId\":\"eni-attach-09bc74786862a8bf6\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"EnaSrdSpecification\":null},\"MacAddress\":\"02:b2:78:e0:6e:31\",\"NetworkInterfaceId\":\"eni-0b0954da267a1508a\"},{\"Ipv6Prefixes\":null,\"MacAddress\":\"02:dc:ff:88:69:83\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"VpcId\":\"vpc-36a1394e\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-95-24-16.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.95.24.16\"},\"Groups\":[{\"GroupId\":\"sg-08cfc0c23c2c819c4\",\"GroupName\":\"eks-remoteAccess-7ac95e1a-9954-4821-8641-1effa5718724\"},{\"GroupId\":\"sg-02233909779b23ce1\",\"GroupName\":\"eks-cluster-sg-e2e-cdr-demo-k8s-1011743187\"}],\"PrivateDnsName\":\"ip-172-31-22-221.us-west-2.compute.internal\",\"SubnetId\":\"subnet-5283762a\",\"Description\":\"\",\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.22.221\",\"PrivateIpAddresses\":[{\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-95-24-16.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.95.24.16\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-22-221.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.22.221\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-19-45.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.19.45\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-18-172.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.18.172\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-17-44.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.17.44\"},{\"PrivateDnsName\":\"ip-172-31-31-138.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.31.138\",\"Association\":null,\"Primary\":false},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-26-54.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.26.54\"},{\"PrivateDnsName\":\"ip-172-31-22-69.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.22.69\",\"Association\":null,\"Primary\":false},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-25-21.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.25.21\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-23-212.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.23.212\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-27-35.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.27.35\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-19-129.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.19.129\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-16-240.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.16.240\"}],\"Status\":\"in-use\",\"InterfaceType\":\"interface\",\"NetworkInterfaceId\":\"eni-07c8b9331b79d7ab5\",\"Ipv4Prefixes\":null,\"Attachment\":{\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-24T01:48:28Z\",\"AttachmentId\":\"eni-attach-0a00f79bcd941f4cd\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"ConnectionTrackingConfiguration\":null}],\"PlatformDetails\":\"Linux/UNIX\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-24T01:48:28Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0a44eb08b514803a8\"}}],\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/eks-7ac95e1a-9954-4821-8641-1effa5718724\",\"Id\":\"AIPA2IBR2EZTEYUL7U35M\"},\"CurrentInstanceBootMode\":\"legacy-bios\",\"HibernationOptions\":{\"Configured\":false},\"PublicDnsName\":\"ec2-35-95-24-16.us-west-2.compute.amazonaws.com\",\"Hypervisor\":\"xen\",\"InstanceId\":\"i-0df628b1ae494eb56\",\"LaunchTime\":\"2024-10-24T01:48:28Z\",\"Monitoring\":{\"State\":\"disabled\"},\"BootMode\":\"\",\"RamdiskId\":null,\"Tags\":[{\"Key\":\"aws:autoscaling:groupName\",\"Value\":\"eks-e2e-cdr-demo-falco-k8s-node-7ac95e1a-9954-4821-8641-1effa5718724\"},{\"Key\":\"k8s.io/cluster-autoscaler/e2e-cdr-demo-k8s\",\"Value\":\"owned\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"e2e-cdr-demo-k8s\"},{\"Key\":\"project\",\"Value\":\"AWS re:Invent Demo\"},{\"Value\":\"cloud-security\",\"Key\":\"team\"},{\"Key\":\"eks:cluster-name\",\"Value\":\"e2e-cdr-demo-k8s\"},{\"Key\":\"aws:ec2launchtemplate:id\",\"Value\":\"lt-0d4da700290768476\"},{\"Key\":\"eks:nodegroup-name\",\"Value\":\"e2e-cdr-demo-falco-k8s-node\"},{\"Key\":\"aws:ec2:fleet-id\",\"Value\":\"fleet-0e3e363f-e6a7-ec2f-2e9a-210abdddceeb\"},{\"Key\":\"Name\",\"Value\":\"e2e-cdr-demo-k8s-node\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"aws:ec2launchtemplate:version\",\"Value\":\"1\"},{\"Key\":\"k8s.io/cluster-autoscaler/enabled\",\"Value\":\"true\"},{\"Key\":\"kubernetes.io/cluster/e2e-cdr-demo-k8s\",\"Value\":\"owned\"}],\"EnclaveOptions\":{\"Enabled\":false},\"InstanceLifecycle\":\"\",\"TpmSupport\":null},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0df628b1ae494eb56\",\"i-0df628b1ae494eb56\"],\"name\":\"e2e-cdr-demo-k8s-node\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"aws:autoscaling:groupName\":\"eks-e2e-cdr-demo-falco-k8s-node-7ac95e1a-9954-4821-8641-1effa5718724\",\"aws:ec2launchtemplate:id\":\"lt-0d4da700290768476\",\"division\":\"engineering\",\"kubernetes.io/cluster/e2e-cdr-demo-k8s\":\"owned\",\"org\":\"security\",\"Name\":\"e2e-cdr-demo-k8s-node\",\"aws:eks:cluster-name\":\"e2e-cdr-demo-k8s\",\"eks:cluster-name\":\"e2e-cdr-demo-k8s\",\"eks:nodegroup-name\":\"e2e-cdr-demo-falco-k8s-node\",\"k8s.io/cluster-autoscaler/e2e-cdr-demo-k8s\":\"owned\",\"k8s.io/cluster-autoscaler/enabled\":\"true\",\"aws:ec2:fleet-id\":\"fleet-0e3e363f-e6a7-ec2f-2e9a-210abdddceeb\",\"aws:ec2launchtemplate:version\":\"1\",\"project\":\"AWS re:Invent Demo\",\"team\":\"cloud-security\"}},\"cloud\":{\"organization\":{},\"instance\":{\"id\":\"i-0df628b1ae494eb56\",\"name\":\"e2e-cdr-demo-k8s-node\"},\"machine\":{\"machine_type\":\"t2.large\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2b\",\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"host\":{\"imageId\":\"ami-0b995858c4742f856\",\"instance_type\":\"t2.large\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0df628b1ae494eb56\",\"i-0df628b1ae494eb56\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"network\":{\"network_id\":\"vpc-36a1394e\",\"private_dns_name\":\"ip-172-31-20-43.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.20.43\",\"public_dns_name\":\"ec2-54-71-206-42.us-west-2.compute.amazonaws.com\",\"public_ip_address\":\"54.71.206.42\",\"subnet_ids\":[\"subnet-5283762a\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0d16c961e37715412\",\"i-0d16c961e37715412\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0d16c961e37715412\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0d16c961e37715412\",\"i-0d16c961e37715412\"],\"name\":\"e2e-demo-auditdmanager\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"division\":\"engineering\",\"org\":\"security\",\"project\":\"nickalayil\",\"team\":\"cloud-security\",\"Name\":\"e2e-demo-auditdmanager\"},\"raw\":{\"ImageId\":\"ami-0b8c6b923777519db\",\"Monitoring\":{\"State\":\"disabled\"},\"RamdiskId\":null,\"SriovNetSupport\":null,\"CpuOptions\":{\"ThreadsPerCore\":1,\"AmdSevSnp\":\"\",\"CoreCount\":2},\"ElasticGpuAssociations\":null,\"ElasticInferenceAcceleratorAssociations\":null,\"SourceDestCheck\":true,\"State\":{\"Code\":16,\"Name\":\"running\"},\"UsageOperation\":\"RunInstances\",\"VpcId\":\"vpc-36a1394e\",\"InstanceId\":\"i-0d16c961e37715412\",\"InstanceLifecycle\":\"\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-07e6078c6d90458c6\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-11-05T21:33:53Z\"}}],\"IamInstanceProfile\":null,\"KeyName\":\"nick-csd-key-uswest2\",\"OutpostArn\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-0be0988f8b09ddb77\",\"GroupName\":\"launch-wizard-10\"}],\"EnaSupport\":true,\"Licenses\":null,\"Placement\":{\"GroupId\":null,\"GroupName\":\"\",\"PartitionNumber\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"us-west-2b\",\"HostId\":null,\"HostResourceGroupArn\":null,\"SpreadDomain\":null},\"LaunchTime\":\"2024-11-05T21:33:53Z\",\"NetworkInterfaces\":[{\"InterfaceType\":\"interface\",\"MacAddress\":\"02:e2:59:e8:39:0b\",\"NetworkInterfaceId\":\"eni-04da94d05d3924c01\",\"OwnerId\":\"704479110758\",\"Status\":\"in-use\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.20.43\",\"SubnetId\":\"subnet-5283762a\",\"Association\":{\"PublicIp\":\"54.71.206.42\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-71-206-42.us-west-2.compute.amazonaws.com\"},\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-20-43.us-west-2.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-71-206-42.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"54.71.206.42\",\"CarrierIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-20-43.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.20.43\"}],\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-05T21:33:53Z\",\"AttachmentId\":\"eni-attach-0c8278e48a197d315\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null},\"Groups\":[{\"GroupId\":\"sg-0be0988f8b09ddb77\",\"GroupName\":\"launch-wizard-10\"}],\"Ipv4Prefixes\":null,\"SourceDestCheck\":true,\"VpcId\":\"vpc-36a1394e\",\"Description\":\"\"}],\"RootDeviceType\":\"ebs\",\"Region\":\"us-west-2\",\"AmiLaunchIndex\":0,\"CapacityReservationId\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"Platform\":\"\",\"UsageOperationUpdateTime\":\"2024-11-05T21:33:53Z\",\"Architecture\":\"x86_64\",\"InstanceType\":\"t2.large\",\"PublicDnsName\":\"ec2-54-71-206-42.us-west-2.compute.amazonaws.com\",\"PublicIpAddress\":\"54.71.206.42\",\"StateTransitionReason\":\"\",\"PrivateDnsName\":\"ip-172-31-20-43.us-west-2.compute.internal\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"ProductCodes\":[],\"EbsOptimized\":false,\"BootMode\":\"uefi-preferred\",\"KernelId\":null,\"Tags\":[{\"Value\":\"cloud-security\",\"Key\":\"team\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"nickalayil\"},{\"Key\":\"Name\",\"Value\":\"e2e-demo-auditdmanager\"}],\"TpmSupport\":null,\"HibernationOptions\":{\"Configured\":false},\"Ipv6Address\":null,\"StateReason\":null,\"PlatformDetails\":\"Linux/UNIX\",\"VirtualizationType\":\"hvm\",\"RootDeviceName\":\"/dev/sda1\",\"SpotInstanceRequestId\":null,\"ClientToken\":\"e0f96865-6d57-4158-bd23-3ba91ed89a4f\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"Hypervisor\":\"xen\",\"RootVolume\":null,\"EnclaveOptions\":{\"Enabled\":false},\"PrivateIpAddress\":\"172.31.20.43\",\"SubnetId\":\"subnet-5283762a\"}},\"cloud\":{\"machine\":{\"machine_type\":\"t2.large\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2b\",\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0d16c961e37715412\",\"name\":\"e2e-demo-auditdmanager\"}},\"host\":{\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-0b8c6b923777519db\",\"instance_type\":\"t2.large\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-0d8824be71c5981c2\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"network_id\":\"vpc-36a1394e\",\"private_dns_name\":\"ip-172-31-34-172.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.34.172\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-10e39f3b\"]},\"asset\":{\"tags\":{\"Name\":\"elastic-agent-instance-63f7b220-8d67-11ef-9f4c-067d0aea149f\",\"Task\":\"Vulnerability Management Scanner\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:00.987794\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/cnvm-deploy-2/63f7b220-8d67-11ef-9f4c-067d0aea149f\",\"aws:cloudformation:stack-name\":\"cnvm-deploy-2\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},\"raw\":{\"InstanceId\":\"i-0cc79d156768bda80\",\"PrivateDnsName\":\"ip-172-31-34-172.us-west-2.compute.internal\",\"ProductCodes\":[],\"RootDeviceType\":\"ebs\",\"RootDeviceName\":\"/dev/xvda\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"AmiLaunchIndex\":0,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"VolumeId\":\"vol-048076f12234a2710\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-18T15:41:39Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\"}}],\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"EbsOptimized\":false,\"Licenses\":null,\"Placement\":{\"AvailabilityZone\":\"us-west-2d\",\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null,\"SpreadDomain\":null},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"PublicDnsName\":\"\",\"VirtualizationType\":\"hvm\",\"BootMode\":\"uefi\",\"ElasticGpuAssociations\":null,\"EnclaveOptions\":{\"Enabled\":false},\"SourceDestCheck\":true,\"TpmSupport\":null,\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-63f7b220-8d67-11ef-9f4c-067d0aea149f\",\"Id\":\"AIPA2IBR2EZTDJK3LLUGD\"},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"OutpostArn\":null,\"ElasticInferenceAcceleratorAssociations\":null,\"InstanceLifecycle\":\"\",\"LaunchTime\":\"2024-10-18T15:41:39Z\",\"NetworkInterfaces\":[{\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-0d6714bbfe3f03780\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-36a1394e\",\"SubnetId\":\"subnet-10e39f3b\",\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-063f67e6d1e8397e4\",\"GroupName\":\"elastic-agent-security-group-63f7b220-8d67-11ef-9f4c-067d0aea149f\"}],\"PrivateDnsName\":\"ip-172-31-34-172.us-west-2.compute.internal\",\"SourceDestCheck\":true,\"Attachment\":{\"Status\":\"attached\",\"AttachTime\":\"2024-10-18T15:41:39Z\",\"AttachmentId\":\"eni-attach-0fe8152bbb3ac8664\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0},\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"PrivateIpAddress\":\"172.31.34.172\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-34-172.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.34.172\",\"Association\":null,\"Primary\":true}],\"Status\":\"in-use\",\"Association\":null,\"ConnectionTrackingConfiguration\":null,\"Ipv6Addresses\":[],\"MacAddress\":\"0e:7f:c7:29:2a:27\"}],\"SriovNetSupport\":null,\"VpcId\":\"vpc-36a1394e\",\"Hypervisor\":\"xen\",\"SubnetId\":\"subnet-10e39f3b\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"ImageId\":\"ami-0d8824be71c5981c2\",\"PublicIpAddress\":null,\"Tags\":[{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/cnvm-deploy-2/63f7b220-8d67-11ef-9f4c-067d0aea149f\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"cnvm-deploy-2\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:00.987794\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"Task\",\"Value\":\"Vulnerability Management Scanner\"},{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-63f7b220-8d67-11ef-9f4c-067d0aea149f\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"}],\"Region\":\"us-west-2\",\"Architecture\":\"arm64\",\"ClientToken\":\"59757683-e073-65c2-b0d5-b7b05f210eff\",\"CurrentInstanceBootMode\":\"uefi\",\"Monitoring\":{\"State\":\"disabled\"},\"UsageOperation\":\"RunInstances\",\"CapacityReservationId\":null,\"EnaSupport\":true,\"InstanceType\":\"m6g.xlarge\",\"Platform\":\"\",\"SpotInstanceRequestId\":null,\"StateTransitionReason\":\"User initiated (2024-10-20 02:46:06 GMT)\",\"KernelId\":null,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"HibernationOptions\":{\"Configured\":false},\"Ipv6Address\":null,\"PlatformDetails\":\"Linux/UNIX\",\"PrivateIpAddress\":\"172.31.34.172\",\"RamdiskId\":null,\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"SecurityGroups\":[{\"GroupName\":\"elastic-agent-security-group-63f7b220-8d67-11ef-9f4c-067d0aea149f\",\"GroupId\":\"sg-063f67e6d1e8397e4\"}],\"RootVolume\":null,\"KeyName\":null,\"UsageOperationUpdateTime\":\"2024-10-18T15:41:39Z\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0cc79d156768bda80\",\"i-0cc79d156768bda80\"],\"name\":\"elastic-agent-instance-63f7b220-8d67-11ef-9f4c-067d0aea149f\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0cc79d156768bda80\",\"name\":\"elastic-agent-instance-63f7b220-8d67-11ef-9f4c-067d0aea149f\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2d\",\"provider\":\"aws\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0cc79d156768bda80\",\"i-0cc79d156768bda80\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0cc79d156768bda80\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"iam\":{\"id\":\"AIPA2IBR2EZTDJK3LLUGD\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-63f7b220-8d67-11ef-9f4c-067d0aea149f\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"iam\":{\"id\":\"AIPA2IBR2EZTE5JA65O53\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0eeaf91da844ddc66\",\"i-0eeaf91da844ddc66\"],\"asset\":{\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0eeaf91da844ddc66\",\"i-0eeaf91da844ddc66\"],\"name\":\"elastic-agent-instance-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/tin-cdr-demo-cnvm-deploy/63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\",\"org\":\"security\",\"Name\":\"elastic-agent-instance-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\",\"Task\":\"Vulnerability Management Scanner\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"aws:cloudformation:stack-name\":\"tin-cdr-demo-cnvm-deploy\",\"division\":\"engineering\",\"name\":\"tin-cnvm-host-creation\",\"project\":\"AWS re:Invent Demo\",\"team\":\"cloud-security\"},\"raw\":{\"NetworkInterfaces\":[{\"Status\":\"in-use\",\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-09155fdf257633309\",\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"172.31.38.174\",\"SourceDestCheck\":true,\"VpcId\":\"vpc-36a1394e\",\"Attachment\":{\"AttachmentId\":\"eni-attach-0d31b3456022ae32c\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-24T00:54:03Z\"},\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"MacAddress\":\"0e:c0:0e:12:e6:d7\",\"PrivateDnsName\":\"ip-172-31-38-174.us-west-2.compute.internal\",\"SubnetId\":\"subnet-10e39f3b\",\"Association\":{\"PublicDnsName\":\"ec2-35-80-10-173.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.80.10.173\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-0195d033368a43696\",\"GroupName\":\"elastic-agent-security-group-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\"}],\"Ipv4Prefixes\":null,\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-38-174.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.38.174\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-80-10-173.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.80.10.173\"}}]}],\"Tags\":[{\"Key\":\"team\",\"Value\":\"cloud-security\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"tin-cdr-demo-cnvm-deploy\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"name\",\"Value\":\"tin-cnvm-host-creation\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/tin-cdr-demo-cnvm-deploy/63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\"},{\"Key\":\"project\",\"Value\":\"AWS re:Invent Demo\"},{\"Key\":\"Task\",\"Value\":\"Vulnerability Management Scanner\"}],\"ProductCodes\":[],\"RamdiskId\":null,\"RootDeviceName\":\"/dev/xvda\",\"BootMode\":\"uefi\",\"CpuOptions\":{\"ThreadsPerCore\":1,\"AmdSevSnp\":\"\",\"CoreCount\":4},\"ImageId\":\"ami-0d8824be71c5981c2\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"AmiLaunchIndex\":0,\"UsageOperation\":\"RunInstances\",\"Region\":\"us-west-2\",\"KernelId\":null,\"KeyName\":null,\"Placement\":{\"Affinity\":null,\"GroupId\":null,\"HostId\":null,\"HostResourceGroupArn\":null,\"Tenancy\":\"default\",\"AvailabilityZone\":\"us-west-2d\",\"GroupName\":\"\",\"PartitionNumber\":null,\"SpreadDomain\":null},\"PublicIpAddress\":\"35.80.10.173\",\"CurrentInstanceBootMode\":\"uefi\",\"HibernationOptions\":{\"Configured\":false},\"InstanceLifecycle\":\"\",\"PlatformDetails\":\"Linux/UNIX\",\"StateReason\":null,\"CapacityReservationId\":null,\"EnclaveOptions\":{\"Enabled\":false},\"InstanceType\":\"m6g.xlarge\",\"PrivateDnsName\":\"ip-172-31-38-174.us-west-2.compute.internal\",\"StateTransitionReason\":\"\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"Status\":\"attached\",\"VolumeId\":\"vol-0e40ba0b9b5a04946\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-24T00:54:04Z\",\"DeleteOnTermination\":true}}],\"ElasticInferenceAcceleratorAssociations\":null,\"Platform\":\"\",\"RootDeviceType\":\"ebs\",\"OutpostArn\":null,\"PublicDnsName\":\"ec2-35-80-10-173.us-west-2.compute.amazonaws.com\",\"LaunchTime\":\"2024-10-24T00:54:03Z\",\"Monitoring\":{\"State\":\"disabled\"},\"EbsOptimized\":false,\"InstanceId\":\"i-0eeaf91da844ddc66\",\"SpotInstanceRequestId\":null,\"UsageOperationUpdateTime\":\"2024-10-24T00:54:03Z\",\"SubnetId\":\"subnet-10e39f3b\",\"RootVolume\":null,\"Licenses\":null,\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SecurityGroups\":[{\"GroupId\":\"sg-0195d033368a43696\",\"GroupName\":\"elastic-agent-security-group-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\"}],\"State\":{\"Code\":16,\"Name\":\"running\"},\"EnaSupport\":true,\"Ipv6Address\":null,\"SourceDestCheck\":true,\"SriovNetSupport\":null,\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\",\"Id\":\"AIPA2IBR2EZTE5JA65O53\"},\"MetadataOptions\":{\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2},\"Architecture\":\"arm64\",\"ClientToken\":\"d213a120-972c-7f5a-c5df-992c6518b451\",\"ElasticGpuAssociations\":null,\"Hypervisor\":\"xen\",\"TpmSupport\":null,\"PrivateIpAddress\":\"172.31.38.174\",\"VirtualizationType\":\"hvm\",\"VpcId\":\"vpc-36a1394e\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null}}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0eeaf91da844ddc66\",\"name\":\"elastic-agent-instance-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2d\",\"provider\":\"aws\",\"region\":\"us-west-2\"},\"host\":{\"platform_details\":\"Linux/UNIX\",\"architecture\":\"arm64\",\"imageId\":\"ami-0d8824be71c5981c2\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0eeaf91da844ddc66\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"network\":{\"subnet_ids\":[\"subnet-10e39f3b\"],\"network_id\":\"vpc-36a1394e\",\"private_dns_name\":\"ip-172-31-38-174.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.38.174\",\"public_dns_name\":\"ec2-35-80-10-173.us-west-2.compute.amazonaws.com\",\"public_ip_address\":\"35.80.10.173\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"raw\":{\"NetworkInterfaces\":[{\"MacAddress\":\"0e:67:8b:12:ac:35\",\"NetworkInterfaceId\":\"eni-0eafe2b40446f8be6\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-36-247.us-west-2.compute.internal\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-10e39f3b\",\"Association\":{\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-94-161-189.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.94.161.189\",\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Attachment\":{\"AttachTime\":\"2024-11-06T13:41:13Z\",\"AttachmentId\":\"eni-attach-02a2e6e1045c4574e\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"PrivateIpAddress\":\"172.31.36.247\",\"VpcId\":\"vpc-36a1394e\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"Status\":\"in-use\",\"Groups\":[{\"GroupId\":\"sg-0b6f928505d13494c\",\"GroupName\":\"elastic-agent-security-group-b6825a40-9c44-11ef-b077-0a7b4e013dbd\"}],\"InterfaceType\":\"interface\",\"PrivateIpAddresses\":[{\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-94-161-189.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.94.161.189\",\"CarrierIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-36-247.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.36.247\"}]}],\"VirtualizationType\":\"hvm\",\"Monitoring\":{\"State\":\"disabled\"},\"OutpostArn\":null,\"PrivateIpAddress\":\"172.31.36.247\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"Hypervisor\":\"xen\",\"CapacityReservationId\":null,\"ProductCodes\":[],\"MetadataOptions\":{\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\"},\"Placement\":{\"GroupId\":null,\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"Affinity\":null,\"AvailabilityZone\":\"us-west-2d\",\"GroupName\":\"\",\"Tenancy\":\"default\"},\"SpotInstanceRequestId\":null,\"ClientToken\":\"75ca548a-54f0-755e-ba1b-62910ad42822\",\"Licenses\":null,\"UsageOperationUpdateTime\":\"2024-11-06T13:41:13Z\",\"Architecture\":\"arm64\",\"StateTransitionReason\":\"\",\"SecurityGroups\":[{\"GroupId\":\"sg-0b6f928505d13494c\",\"GroupName\":\"elastic-agent-security-group-b6825a40-9c44-11ef-b077-0a7b4e013dbd\"}],\"VpcId\":\"vpc-36a1394e\",\"HibernationOptions\":{\"Configured\":false},\"RootDeviceType\":\"ebs\",\"EnaSupport\":true,\"IamInstanceProfile\":{\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-b6825a40-9c44-11ef-b077-0a7b4e013dbd\",\"Id\":\"AIPA2IBR2EZTLRBFHQ7WT\"},\"Platform\":\"\",\"PublicDnsName\":\"ec2-35-94-161-189.us-west-2.compute.amazonaws.com\",\"PublicIpAddress\":\"35.94.161.189\",\"AmiLaunchIndex\":0,\"EbsOptimized\":false,\"TpmSupport\":null,\"Region\":\"us-west-2\",\"Ipv6Address\":null,\"CurrentInstanceBootMode\":\"uefi\",\"ImageId\":\"ami-0d8824be71c5981c2\",\"InstanceType\":\"m6g.xlarge\",\"KernelId\":null,\"RootDeviceName\":\"/dev/xvda\",\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Value\":\"Vulnerability Management Scanner\",\"Key\":\"Task\"},{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-b6825a40-9c44-11ef-b077-0a7b4e013dbd\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"},{\"Value\":\"cnvm-deployment-eah-demo\",\"Key\":\"name\"},{\"Key\":\"project\",\"Value\":\"eah-demo\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"cnvm-eah-demo-deploy\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/cnvm-eah-demo-deploy/b6825a40-9c44-11ef-b077-0a7b4e013dbd\"}],\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"ElasticInferenceAcceleratorAssociations\":null,\"PlatformDetails\":\"Linux/UNIX\",\"State\":{\"Code\":16,\"Name\":\"running\"},\"BootMode\":\"uefi\",\"KeyName\":null,\"LaunchTime\":\"2024-11-06T13:41:13Z\",\"RamdiskId\":null,\"RootVolume\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"VolumeId\":\"vol-0906555df764a06bf\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-11-06T13:41:13Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\"}}],\"InstanceId\":\"i-0e83736e9cec16bb4\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateDnsName\":\"ip-172-31-36-247.us-west-2.compute.internal\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-10e39f3b\",\"EnclaveOptions\":{\"Enabled\":false},\"InstanceLifecycle\":\"\",\"SriovNetSupport\":null,\"UsageOperation\":\"RunInstances\",\"StateReason\":null,\"ElasticGpuAssociations\":null,\"SourceDestCheck\":true},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0e83736e9cec16bb4\",\"i-0e83736e9cec16bb4\"],\"name\":\"elastic-agent-instance-b6825a40-9c44-11ef-b077-0a7b4e013dbd\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/cnvm-eah-demo-deploy/b6825a40-9c44-11ef-b077-0a7b4e013dbd\",\"division\":\"engineering\",\"name\":\"cnvm-deployment-eah-demo\",\"project\":\"eah-demo\",\"team\":\"cloud-security\",\"Task\":\"Vulnerability Management Scanner\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"aws:cloudformation:stack-name\":\"cnvm-eah-demo-deploy\",\"org\":\"security\",\"Name\":\"elastic-agent-instance-b6825a40-9c44-11ef-b077-0a7b4e013dbd\"}},\"cloud\":{\"organization\":{},\"instance\":{\"id\":\"i-0e83736e9cec16bb4\",\"name\":\"elastic-agent-instance-b6825a40-9c44-11ef-b077-0a7b4e013dbd\"},\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2d\",\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"host\":{\"platform\":\"\",\"platform_details\":\"Linux/UNIX\",\"architecture\":\"arm64\",\"imageId\":\"ami-0d8824be71c5981c2\",\"instance_type\":\"m6g.xlarge\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0e83736e9cec16bb4\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"network_id\":\"vpc-36a1394e\",\"private_dns_name\":\"ip-172-31-36-247.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.36.247\",\"public_dns_name\":\"ec2-35-94-161-189.us-west-2.compute.amazonaws.com\",\"public_ip_address\":\"35.94.161.189\",\"subnet_ids\":[\"subnet-10e39f3b\"]},\"iam\":{\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-b6825a40-9c44-11ef-b077-0a7b4e013dbd\",\"id\":\"AIPA2IBR2EZTLRBFHQ7WT\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0e83736e9cec16bb4\",\"i-0e83736e9cec16bb4\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0688a2682c84edbb2\",\"i-0688a2682c84edbb2\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0688a2682c84edbb2\":{\"type\":\"virtual-machine\",\"category\":\"infrastructure\"}},\"host\":{\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-07c5ecd8498c59db5\",\"instance_type\":\"t2.medium\",\"platform\":\"\"},\"network\":{\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-dc1cd881\"],\"network_id\":\"vpc-36a1394e\",\"private_dns_name\":\"ip-172-31-0-42.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.0.42\"},\"resource_policies\":[],\"asset\":{\"tags\":{\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:00.987794\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"maxcold-wiz-misconfigs-full-posture\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\"},\"raw\":{\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"SourceDestCheck\":true,\"RootVolume\":null,\"RootDeviceType\":\"ebs\",\"Monitoring\":{\"State\":\"disabled\"},\"PrivateIpAddress\":\"172.31.0.42\",\"VpcId\":\"vpc-36a1394e\",\"ElasticInferenceAcceleratorAssociations\":null,\"HibernationOptions\":{\"Configured\":false},\"KernelId\":null,\"CurrentInstanceBootMode\":\"legacy-bios\",\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"NetworkInterfaces\":[{\"Association\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-0-42.us-west-2.compute.internal\",\"SubnetId\":\"subnet-dc1cd881\",\"SourceDestCheck\":true,\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-06T17:35:24Z\",\"AttachmentId\":\"eni-attach-0d08d76f0b5ea5c5a\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null},\"Groups\":[{\"GroupId\":\"sg-0b9a7eeea55cd2485\",\"GroupName\":\"launch-wizard-13\"}],\"NetworkInterfaceId\":\"eni-06b18e265a938710f\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-0-42.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.0.42\",\"Association\":null,\"Primary\":true}],\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"Status\":\"in-use\",\"MacAddress\":\"0a:42:cc:b6:f6:47\",\"PrivateIpAddress\":\"172.31.0.42\",\"VpcId\":\"vpc-36a1394e\",\"Description\":\"\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null}],\"LaunchTime\":\"2024-11-06T17:35:24Z\",\"PlatformDetails\":\"Linux/UNIX\",\"SriovNetSupport\":null,\"UsageOperationUpdateTime\":\"2024-11-06T17:35:24Z\",\"ProductCodes\":[],\"ElasticGpuAssociations\":null,\"Ipv6Address\":null,\"KeyName\":\"maxcold-key\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"RootDeviceName\":\"/dev/xvda\",\"BootMode\":\"uefi-preferred\",\"Placement\":{\"AvailabilityZone\":\"us-west-2c\",\"GroupId\":null,\"PartitionNumber\":null,\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"GroupName\":\"\",\"HostId\":null},\"PublicIpAddress\":null,\"IamInstanceProfile\":null,\"SpotInstanceRequestId\":null,\"Hypervisor\":\"xen\",\"StateTransitionReason\":\"User initiated (2024-11-08 02:46:02 GMT)\",\"UsageOperation\":\"RunInstances\",\"Region\":\"us-west-2\",\"CapacityReservationId\":null,\"OutpostArn\":null,\"Platform\":\"\",\"SubnetId\":\"subnet-dc1cd881\",\"Architecture\":\"x86_64\",\"ImageId\":\"ami-07c5ecd8498c59db5\",\"InstanceLifecycle\":\"\",\"InstanceType\":\"t2.medium\",\"EbsOptimized\":false,\"EnclaveOptions\":{\"Enabled\":false},\"PublicDnsName\":\"\",\"SecurityGroups\":[{\"GroupId\":\"sg-0b9a7eeea55cd2485\",\"GroupName\":\"launch-wizard-13\"}],\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"InstanceId\":\"i-0688a2682c84edbb2\",\"Licenses\":null,\"PrivateDnsName\":\"ip-172-31-0-42.us-west-2.compute.internal\",\"RamdiskId\":null,\"VirtualizationType\":\"hvm\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"AttachTime\":\"2024-11-06T17:35:25Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-04e3abfffffcf7f83\",\"VolumeOwnerId\":null,\"AssociatedResource\":null}}],\"ClientToken\":\"f37fea9c-b8a6-4407-a129-41221505b194\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"EnaSupport\":true,\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"Tags\":[{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"Name\",\"Value\":\"maxcold-wiz-misconfigs-full-posture\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Value\":\"Resource does not meet policy: terminate@2024/12/04\",\"Key\":\"custodian_delete\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:00.987794\"}],\"TpmSupport\":null,\"AmiLaunchIndex\":0},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0688a2682c84edbb2\",\"i-0688a2682c84edbb2\"],\"name\":\"maxcold-wiz-misconfigs-full-posture\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0688a2682c84edbb2\",\"name\":\"maxcold-wiz-misconfigs-full-posture\"},\"machine\":{\"machine_type\":\"t2.medium\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2c\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0759096ea1b6f4102\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"org\":\"security\",\"project\":\"AWS re:Invent demo\",\"team\":\"cloud-security\",\"Name\":\"aws-reinvent-demo-awsbedrock-instance\",\"division\":\"engineering\"},\"raw\":{\"ElasticInferenceAcceleratorAssociations\":null,\"KernelId\":null,\"Placement\":{\"AvailabilityZone\":\"us-west-2c\",\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Affinity\":null,\"GroupId\":null,\"GroupName\":\"\",\"SpreadDomain\":null,\"Tenancy\":\"default\"},\"Licenses\":null,\"UsageOperation\":\"RunInstances\",\"InstanceType\":\"t2.medium\",\"RamdiskId\":null,\"Ipv6Address\":null,\"OutpostArn\":null,\"PlatformDetails\":\"Linux/UNIX\",\"RootDeviceName\":\"/dev/xvda\",\"RootVolume\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"Status\":\"attached\",\"VolumeId\":\"vol-0dbb66de5fc94f992\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-30T12:23:33Z\",\"DeleteOnTermination\":true}}],\"CurrentInstanceBootMode\":\"legacy-bios\",\"ImageId\":\"ami-004a0173a724e2261\",\"Monitoring\":{\"State\":\"disabled\"},\"SriovNetSupport\":null,\"VpcId\":\"vpc-36a1394e\",\"Architecture\":\"x86_64\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateIpAddress\":\"172.31.15.13\",\"State\":{\"Code\":16,\"Name\":\"running\"},\"Region\":\"us-west-2\",\"CapacityReservationId\":null,\"InstanceId\":\"i-0759096ea1b6f4102\",\"AmiLaunchIndex\":0,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"Hypervisor\":\"xen\",\"ProductCodes\":[],\"ClientToken\":\"terraform-20241030122326757400000001\",\"KeyName\":null,\"LaunchTime\":\"2024-10-30T12:23:33Z\",\"UsageOperationUpdateTime\":\"2024-10-30T12:23:33Z\",\"StateTransitionReason\":\"\",\"VirtualizationType\":\"hvm\",\"EnclaveOptions\":{\"Enabled\":false},\"HibernationOptions\":{\"Configured\":false},\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":1,\"HttpTokens\":\"optional\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"Platform\":\"\",\"SourceDestCheck\":true,\"SpotInstanceRequestId\":null,\"InstanceLifecycle\":\"\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"PublicDnsName\":\"ec2-52-42-245-80.us-west-2.compute.amazonaws.com\",\"SecurityGroups\":[{\"GroupId\":\"sg-056115801a45a367e\",\"GroupName\":\"launch-wizard-5\"}],\"SubnetId\":\"subnet-dc1cd881\",\"BootMode\":\"\",\"EbsOptimized\":false,\"NetworkInterfaces\":[{\"Attachment\":{\"AttachmentId\":\"eni-attach-00a0749f20a5bafca\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-30T12:23:33Z\"},\"NetworkInterfaceId\":\"eni-0d55d8b0b17e665df\",\"PrivateIpAddress\":\"172.31.15.13\",\"SubnetId\":\"subnet-dc1cd881\",\"PrivateIpAddresses\":[{\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-52-42-245-80.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"52.42.245.80\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-15-13.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.15.13\"}],\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Description\":\"\",\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:35:f4:db:0d:e9\",\"OwnerId\":\"704479110758\",\"Groups\":[{\"GroupId\":\"sg-056115801a45a367e\",\"GroupName\":\"launch-wizard-5\"}],\"InterfaceType\":\"interface\",\"PrivateDnsName\":\"ip-172-31-15-13.us-west-2.compute.internal\",\"VpcId\":\"vpc-36a1394e\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-52-42-245-80.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"52.42.245.80\"},\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[]}],\"Tags\":[{\"Value\":\"AWS re:Invent demo\",\"Key\":\"project\"},{\"Value\":\"aws-reinvent-demo-awsbedrock-instance\",\"Key\":\"Name\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"division\",\"Value\":\"engineering\"}],\"TpmSupport\":null,\"ElasticGpuAssociations\":null,\"RootDeviceType\":\"ebs\",\"IamInstanceProfile\":{\"Id\":\"AIPA2IBR2EZTEYLQBCYBB\",\"Arn\":\"arn:aws:iam::704479110758:instance-profile/ec2_instance_profile\"},\"PrivateDnsName\":\"ip-172-31-15-13.us-west-2.compute.internal\",\"StateReason\":null,\"EnaSupport\":true,\"PublicIpAddress\":\"52.42.245.80\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0759096ea1b6f4102\",\"i-0759096ea1b6f4102\"],\"name\":\"aws-reinvent-demo-awsbedrock-instance\",\"category\":\"infrastructure\",\"sub_category\":\"compute\"},\"cloud\":{\"organization\":{},\"instance\":{\"id\":\"i-0759096ea1b6f4102\",\"name\":\"aws-reinvent-demo-awsbedrock-instance\"},\"machine\":{\"machine_type\":\"t2.medium\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2c\",\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"private_dns_name\":\"ip-172-31-15-13.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.15.13\",\"public_dns_name\":\"ec2-52-42-245-80.us-west-2.compute.amazonaws.com\",\"public_ip_address\":\"52.42.245.80\",\"subnet_ids\":[\"subnet-dc1cd881\"],\"network_id\":\"vpc-36a1394e\"},\"iam\":{\"id\":\"AIPA2IBR2EZTEYLQBCYBB\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/ec2_instance_profile\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-004a0173a724e2261\",\"instance_type\":\"t2.medium\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0759096ea1b6f4102\",\"i-0759096ea1b6f4102\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"network\":{\"subnet_ids\":[\"subnet-dc1cd881\"],\"network_id\":\"vpc-36a1394e\",\"private_dns_name\":\"ip-172-31-4-241.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.4.241\",\"public_dns_name\":\"\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-020b9bc8084c22628\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"cloud\":{\"organization\":{},\"instance\":{\"id\":\"i-020b9bc8084c22628\",\"name\":\"maxcold-kfr-tin-demo-wiz\"},\"machine\":{\"machine_type\":\"t2.medium\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2c\",\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"host\":{\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-07c5ecd8498c59db5\",\"instance_type\":\"t2.medium\",\"platform\":\"\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-020b9bc8084c22628\",\"i-020b9bc8084c22628\"],\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"stopped-at\":\"2024-11-19 02:46:00.987794\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"maxcold-kfr-tin-demo-wiz\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\"},\"raw\":{\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"CapacityReservationId\":null,\"KernelId\":null,\"PublicDnsName\":\"\",\"ClientToken\":\"ac62cabe-ba37-416d-aa3e-620250a0f632\",\"EbsOptimized\":false,\"RootDeviceName\":\"/dev/xvda\",\"SecurityGroups\":[{\"GroupId\":\"sg-039bc1a54f17e2d3b\",\"GroupName\":\"launch-wizard-11\"}],\"SpotInstanceRequestId\":null,\"LaunchTime\":\"2024-11-06T11:23:35Z\",\"Licenses\":null,\"NetworkInterfaces\":[{\"SourceDestCheck\":true,\"Association\":null,\"Description\":\"\",\"Groups\":[{\"GroupName\":\"launch-wizard-11\",\"GroupId\":\"sg-039bc1a54f17e2d3b\"}],\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:1f:97:b9:9b:dd\",\"PrivateDnsName\":\"ip-172-31-4-241.us-west-2.compute.internal\",\"Status\":\"in-use\",\"Attachment\":{\"AttachTime\":\"2024-11-06T11:23:35Z\",\"AttachmentId\":\"eni-attach-07d0f0842f029da0f\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"NetworkInterfaceId\":\"eni-066d021d99aabb840\",\"OwnerId\":\"704479110758\",\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.4.241\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-4-241.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.4.241\"}],\"SubnetId\":\"subnet-dc1cd881\",\"VpcId\":\"vpc-36a1394e\",\"InterfaceType\":\"interface\"}],\"RootDeviceType\":\"ebs\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"ImageId\":\"ami-07c5ecd8498c59db5\",\"PlatformDetails\":\"Linux/UNIX\",\"PrivateIpAddress\":\"172.31.4.241\",\"SubnetId\":\"subnet-dc1cd881\",\"RootVolume\":null,\"ElasticInferenceAcceleratorAssociations\":null,\"EnclaveOptions\":{\"Enabled\":false},\"Platform\":\"\",\"SourceDestCheck\":true,\"SriovNetSupport\":null,\"VirtualizationType\":\"hvm\",\"Hypervisor\":\"xen\",\"MetadataOptions\":{\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2},\"PrivateDnsName\":\"ip-172-31-4-241.us-west-2.compute.internal\",\"Architecture\":\"x86_64\",\"HibernationOptions\":{\"Configured\":false},\"State\":{\"Name\":\"stopped\",\"Code\":80},\"Placement\":{\"AvailabilityZone\":\"us-west-2c\",\"GroupName\":\"\",\"HostId\":null,\"HostResourceGroupArn\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"GroupId\":null,\"PartitionNumber\":null},\"ProductCodes\":[],\"PublicIpAddress\":null,\"StateTransitionReason\":\"User initiated (2024-11-08 02:46:02 GMT)\",\"VpcId\":\"vpc-36a1394e\",\"AmiLaunchIndex\":0,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"InstanceLifecycle\":\"\",\"UsageOperation\":\"RunInstances\",\"Region\":\"us-west-2\",\"Ipv6Address\":null,\"KeyName\":\"maxcold-key\",\"TpmSupport\":null,\"CurrentInstanceBootMode\":\"legacy-bios\",\"RamdiskId\":null,\"UsageOperationUpdateTime\":\"2024-11-06T11:23:35Z\",\"IamInstanceProfile\":null,\"InstanceId\":\"i-020b9bc8084c22628\",\"InstanceType\":\"t2.medium\",\"BootMode\":\"uefi-preferred\",\"ElasticGpuAssociations\":null,\"EnaSupport\":true,\"OutpostArn\":null,\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"Tags\":[{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Value\":\"2024-11-19 02:46:00.987794\",\"Key\":\"stopped-at\"},{\"Key\":\"Name\",\"Value\":\"maxcold-kfr-tin-demo-wiz\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"}],\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-067d4dcfed5c55590\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-11-06T11:23:35Z\"}}],\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Monitoring\":{\"State\":\"disabled\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-020b9bc8084c22628\",\"i-020b9bc8084c22628\"],\"name\":\"maxcold-kfr-tin-demo-wiz\",\"category\":\"infrastructure\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"host\":{\"platform_details\":\"Linux/UNIX\",\"architecture\":\"x86_64\",\"imageId\":\"ami-07c5ecd8498c59db5\",\"instance_type\":\"t2.medium\",\"platform\":\"\"},\"network\":{\"private_dns_name\":\"ip-172-31-1-201.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.1.201\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-dc1cd881\"],\"network_id\":\"vpc-36a1394e\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-00c72f39d2943d88e\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"name\":\"maxcold-kfir-tin-demo-aws-sec-hub\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Name\":\"maxcold-kfir-tin-demo-aws-sec-hub\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"stopped-at\":\"2024-11-19 02:46:00.987794\"},\"raw\":{\"EnclaveOptions\":{\"Enabled\":false},\"LaunchTime\":\"2024-11-06T11:24:30Z\",\"Licenses\":null,\"OutpostArn\":null,\"Platform\":\"\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"Ipv6Address\":null,\"Placement\":{\"SpreadDomain\":null,\"Tenancy\":\"default\",\"AvailabilityZone\":\"us-west-2c\",\"GroupId\":null,\"HostId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Affinity\":null,\"GroupName\":\"\"},\"PublicDnsName\":\"\",\"VirtualizationType\":\"hvm\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"RootDeviceName\":\"/dev/xvda\",\"RootDeviceType\":\"ebs\",\"SriovNetSupport\":null,\"Tags\":[{\"Key\":\"stopped-by\",\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:00.987794\"},{\"Key\":\"Name\",\"Value\":\"maxcold-kfir-tin-demo-aws-sec-hub\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"}],\"InstanceType\":\"t2.medium\",\"EbsOptimized\":false,\"HibernationOptions\":{\"Configured\":false},\"IamInstanceProfile\":null,\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-36a1394e\",\"Region\":\"us-west-2\",\"BlockDeviceMappings\":[{\"Ebs\":{\"Status\":\"attached\",\"VolumeId\":\"vol-06b0e50c13e3473e7\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-11-06T11:24:31Z\",\"DeleteOnTermination\":true},\"DeviceName\":\"/dev/xvda\"}],\"Architecture\":\"x86_64\",\"ClientToken\":\"664b9733-f271-4f1b-a2b5-545c93766608\",\"NetworkInterfaces\":[{\"SourceDestCheck\":true,\"VpcId\":\"vpc-36a1394e\",\"Association\":null,\"ConnectionTrackingConfiguration\":null,\"PrivateDnsName\":\"ip-172-31-1-201.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.1.201\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.1.201\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-1-201.us-west-2.compute.internal\"}],\"NetworkInterfaceId\":\"eni-038644fa2f16c27c5\",\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-02b1ba689936cb3b3\",\"GroupName\":\"launch-wizard-12\"}],\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-06T11:24:30Z\",\"AttachmentId\":\"eni-attach-04db579ab4434edcf\",\"DeleteOnTermination\":true},\"MacAddress\":\"0a:87:16:37:31:85\",\"OwnerId\":\"704479110758\",\"Status\":\"in-use\",\"Ipv4Prefixes\":null,\"SubnetId\":\"subnet-dc1cd881\"}],\"SubnetId\":\"subnet-dc1cd881\",\"BootMode\":\"uefi-preferred\",\"ImageId\":\"ami-07c5ecd8498c59db5\",\"RamdiskId\":null,\"StateTransitionReason\":\"User initiated (2024-11-08 02:46:02 GMT)\",\"ElasticGpuAssociations\":null,\"PrivateIpAddress\":\"172.31.1.201\",\"RootVolume\":null,\"InstanceLifecycle\":\"\",\"ElasticInferenceAcceleratorAssociations\":null,\"InstanceId\":\"i-00c72f39d2943d88e\",\"PlatformDetails\":\"Linux/UNIX\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"PrivateDnsName\":\"ip-172-31-1-201.us-west-2.compute.internal\",\"EnaSupport\":true,\"SpotInstanceRequestId\":null,\"MetadataOptions\":{\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\"},\"ProductCodes\":[],\"SecurityGroups\":[{\"GroupName\":\"launch-wizard-12\",\"GroupId\":\"sg-02b1ba689936cb3b3\"}],\"State\":{\"Name\":\"stopped\",\"Code\":80},\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"UsageOperationUpdateTime\":\"2024-11-06T11:24:30Z\",\"AmiLaunchIndex\":0,\"KeyName\":\"maxcold-key\",\"PublicIpAddress\":null,\"SourceDestCheck\":true,\"TpmSupport\":null,\"UsageOperation\":\"RunInstances\",\"CapacityReservationId\":null,\"KernelId\":null,\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Monitoring\":{\"State\":\"disabled\"},\"Hypervisor\":\"xen\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-00c72f39d2943d88e\",\"i-00c72f39d2943d88e\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-00c72f39d2943d88e\",\"name\":\"maxcold-kfir-tin-demo-aws-sec-hub\"},\"machine\":{\"machine_type\":\"t2.medium\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2c\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-00c72f39d2943d88e\",\"i-00c72f39d2943d88e\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"organization\":{},\"instance\":{\"id\":\"i-0c804d494c564ee63\",\"name\":\"nick-defend-testmachine\"},\"machine\":{\"machine_type\":\"t3.large\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2b\",\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-04dd23e62ed049936\",\"instance_type\":\"t3.large\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"network\":{\"network_id\":\"vpc-36a1394e\",\"private_dns_name\":\"ip-172-31-17-206.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.17.206\",\"public_dns_name\":\"\",\"subnet_ids\":[\"subnet-5283762a\"]},\"resource_policies\":[],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0c804d494c564ee63\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"org\":\"security\",\"project\":\"nickalayil\",\"team\":\"cloud-security\",\"Name\":\"nick-defend-testmachine\",\"division\":\"engineering\"},\"raw\":{\"ElasticInferenceAcceleratorAssociations\":null,\"IamInstanceProfile\":null,\"Architecture\":\"x86_64\",\"PublicDnsName\":\"\",\"SpotInstanceRequestId\":null,\"PlatformDetails\":\"Linux/UNIX\",\"Tags\":[{\"Key\":\"project\",\"Value\":\"nickalayil\"},{\"Key\":\"Name\",\"Value\":\"nick-defend-testmachine\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"}],\"InstanceType\":\"t3.large\",\"EbsOptimized\":true,\"ProductCodes\":[],\"RootDeviceType\":\"ebs\",\"CapacityReservationId\":null,\"EnclaveOptions\":{\"Enabled\":false},\"ImageId\":\"ami-04dd23e62ed049936\",\"Placement\":{\"HostId\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\",\"Affinity\":null,\"AvailabilityZone\":\"us-west-2b\",\"GroupId\":null,\"GroupName\":\"\",\"HostResourceGroupArn\":null,\"SpreadDomain\":null},\"Platform\":\"\",\"PrivateDnsName\":\"ip-172-31-17-206.us-west-2.compute.internal\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"TpmSupport\":null,\"CurrentInstanceBootMode\":\"uefi\",\"EnaSupport\":true,\"Ipv6Address\":null,\"SriovNetSupport\":null,\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"VirtualizationType\":\"hvm\",\"ElasticGpuAssociations\":null,\"UsageOperation\":\"RunInstances\",\"Region\":\"us-west-2\",\"SubnetId\":\"subnet-5283762a\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":1,\"ThreadsPerCore\":2},\"LaunchTime\":\"2024-11-01T14:30:35Z\",\"OutpostArn\":null,\"VpcId\":\"vpc-36a1394e\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"RamdiskId\":null,\"RootDeviceName\":\"/dev/sda1\",\"InstanceLifecycle\":\"\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"PrivateIpAddress\":\"172.31.17.206\",\"SourceDestCheck\":true,\"RootVolume\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0fefd67c4d257328c\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-30T19:20:56Z\"}}],\"StateTransitionReason\":\"User initiated (2024-11-01 14:49:46 GMT)\",\"ClientToken\":\"3fd5a4da-c42c-47e4-9645-0ade2f81fcc2\",\"KernelId\":null,\"KeyName\":\"nick-csd-key-uswest2\",\"MetadataOptions\":{\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\"},\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"BootMode\":\"uefi-preferred\",\"Licenses\":null,\"NetworkInterfaces\":[{\"Attachment\":{\"AttachTime\":\"2024-10-30T19:20:56Z\",\"AttachmentId\":\"eni-attach-0468e25ef09cd8ab3\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"InterfaceType\":\"interface\",\"MacAddress\":\"02:58:f7:9e:67:45\",\"PrivateIpAddress\":\"172.31.17.206\",\"Status\":\"in-use\",\"VpcId\":\"vpc-36a1394e\",\"Groups\":[{\"GroupId\":\"sg-02dc68e5abb998260\",\"GroupName\":\"launch-wizard-8\"}],\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-17-206.us-west-2.compute.internal\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-17-206.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.17.206\",\"Association\":null,\"Primary\":true}],\"SourceDestCheck\":true,\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"NetworkInterfaceId\":\"eni-0f64b1336d3d13bdd\",\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-5283762a\",\"Association\":null,\"Ipv6Addresses\":[]}],\"SecurityGroups\":[{\"GroupId\":\"sg-02dc68e5abb998260\",\"GroupName\":\"launch-wizard-8\"}],\"InstanceId\":\"i-0c804d494c564ee63\",\"HibernationOptions\":{\"Configured\":false},\"Monitoring\":{\"State\":\"disabled\"},\"AmiLaunchIndex\":0,\"PublicIpAddress\":null,\"UsageOperationUpdateTime\":\"2024-10-30T19:20:56Z\",\"Hypervisor\":\"xen\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0c804d494c564ee63\",\"i-0c804d494c564ee63\"],\"name\":\"nick-defend-testmachine\",\"category\":\"infrastructure\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-0c804d494c564ee63\",\"i-0c804d494c564ee63\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"host\":{\"architecture\":\"x86_64\",\"imageId\":\"ami-04dd23e62ed049936\",\"instance_type\":\"t2.large\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-00f065dbe95e4ab95\",\"i-00f065dbe95e4ab95\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:ec2/i-00f065dbe95e4ab95\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"name\":\"e2e-demo-auditbeat\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"division\":\"engineering\",\"org\":\"security\",\"project\":\"nickalayil\",\"team\":\"cloud-security\",\"Name\":\"e2e-demo-auditbeat\"},\"raw\":{\"StateTransitionReason\":\"\",\"VpcId\":\"vpc-36a1394e\",\"RootVolume\":null,\"EnaSupport\":true,\"NetworkInterfaces\":[{\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Ipv6Addresses\":[],\"SourceDestCheck\":true,\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-05T21:10:41Z\",\"AttachmentId\":\"eni-attach-0af52ee3201e941c3\"},\"Groups\":[{\"GroupId\":\"sg-02bcac1e2159394c9\",\"GroupName\":\"launch-wizard-9\"}],\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-004e05930f9fd556a\",\"PrivateDnsName\":\"ip-172-31-19-239.us-west-2.compute.internal\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-19-239.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.19.239\",\"Association\":{\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-95-25-78.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.95.25.78\",\"CarrierIp\":null,\"CustomerOwnedIp\":null}}],\"Association\":{\"PublicDnsName\":\"ec2-35-95-25-78.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.95.25.78\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"SubnetId\":\"subnet-5283762a\",\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"172.31.19.239\",\"Status\":\"in-use\",\"VpcId\":\"vpc-36a1394e\",\"MacAddress\":\"02:99:be:1e:6b:8b\"}],\"PrivateIpAddress\":\"172.31.19.239\",\"UsageOperationUpdateTime\":\"2024-11-05T21:10:41Z\",\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":true,\"HostnameType\":\"ip-name\"},\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"Name\",\"Value\":\"e2e-demo-auditbeat\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"},{\"Key\":\"project\",\"Value\":\"nickalayil\"}],\"KernelId\":null,\"State\":{\"Code\":16,\"Name\":\"running\"},\"RootDeviceName\":\"/dev/sda1\",\"SourceDestCheck\":true,\"SpotInstanceRequestId\":null,\"EbsOptimized\":false,\"HibernationOptions\":{\"Configured\":false},\"PublicDnsName\":\"ec2-35-95-25-78.us-west-2.compute.amazonaws.com\",\"RootDeviceType\":\"ebs\",\"UsageOperation\":\"RunInstances\",\"CurrentInstanceBootMode\":\"legacy-bios\",\"IamInstanceProfile\":null,\"InstanceType\":\"t2.large\",\"Platform\":\"\",\"InstanceId\":\"i-00f065dbe95e4ab95\",\"RamdiskId\":null,\"SecurityGroups\":[{\"GroupId\":\"sg-02bcac1e2159394c9\",\"GroupName\":\"launch-wizard-9\"}],\"VirtualizationType\":\"hvm\",\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null},\"ElasticGpuAssociations\":null,\"BootMode\":\"uefi-preferred\",\"OutpostArn\":null,\"Licenses\":null,\"StateReason\":null,\"Region\":\"us-west-2\",\"Hypervisor\":\"xen\",\"KeyName\":\"nick-csd-key-uswest2\",\"AmiLaunchIndex\":0,\"InstanceLifecycle\":\"\",\"PlatformDetails\":\"Linux/UNIX\",\"ProductCodes\":[],\"PublicIpAddress\":\"35.95.25.78\",\"TpmSupport\":null,\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":2,\"ThreadsPerCore\":1},\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"ElasticInferenceAcceleratorAssociations\":null,\"PrivateDnsName\":\"ip-172-31-19-239.us-west-2.compute.internal\",\"EnclaveOptions\":{\"Enabled\":false},\"ImageId\":\"ami-04dd23e62ed049936\",\"LaunchTime\":\"2024-11-05T21:10:41Z\",\"SriovNetSupport\":null,\"SubnetId\":\"subnet-5283762a\",\"Architecture\":\"x86_64\",\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"AssociatedResource\":null,\"AttachTime\":\"2024-11-05T21:10:41Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"VolumeId\":\"vol-0bdf72eef331443e0\",\"VolumeOwnerId\":null}}],\"MetadataOptions\":{\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\",\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\"},\"Ipv6Address\":null,\"Monitoring\":{\"State\":\"disabled\"},\"Placement\":{\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"Tenancy\":\"default\",\"SpreadDomain\":null,\"Affinity\":null,\"AvailabilityZone\":\"us-west-2b\",\"GroupId\":null,\"GroupName\":\"\",\"HostId\":null},\"CapacityReservationId\":null,\"ClientToken\":\"95daa1a3-ce2c-405a-8121-42e27abdef91\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:ec2/i-00f065dbe95e4ab95\",\"i-00f065dbe95e4ab95\"]},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-00f065dbe95e4ab95\",\"name\":\"e2e-demo-auditbeat\"},\"machine\":{\"machine_type\":\"t2.large\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"us-west-2b\",\"provider\":\"aws\"},\"network\":{\"private_dns_name\":\"ip-172-31-19-239.us-west-2.compute.internal\",\"private_ip_address\":\"172.31.19.239\",\"public_dns_name\":\"ec2-35-95-25-78.us-west-2.compute.amazonaws.com\",\"public_ip_address\":\"35.95.25.78\",\"subnet_ids\":[\"subnet-5283762a\"],\"network_id\":\"vpc-36a1394e\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:ec2/i-0f65de455ea507d64\",\"i-0f65de455ea507d64\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"machine\":{\"machine_type\":\"m6g.xlarge\"},\"service\":{\"name\":\"AWS EC2\"},\"availability_zone\":\"ap-northeast-3a\",\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"instance\":{\"id\":\"i-0f65de455ea507d64\",\"name\":\"elastic-agent-instance-7c201840-8fb7-11ef-b631-06d7d70edc93\"}},\"network\":{\"subnet_ids\":[\"subnet-3135917c\"],\"network_id\":\"vpc-04076d6d\",\"private_dns_name\":\"ip-172-31-38-165.ap-northeast-3.compute.internal\",\"private_ip_address\":\"172.31.38.165\",\"public_dns_name\":\"\"},\"resource_policies\":[],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:ec2/i-0f65de455ea507d64\":{\"category\":\"infrastructure\",\"type\":\"virtual-machine\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"virtual-machine\",\"sub_type\":\"ec2-instance\",\"tags\":{\"Task\":\"Vulnerability Management Scanner\",\"Type\":\"8.16-QA\",\"aws:cloudformation:logical-id\":\"ElasticAgentEc2Instance\",\"aws:cloudformation:stack-name\":\"Elastic-Vulnerability-Management-816\",\"custodian_stop\":\"Resource does not meet policy: stop@2024/11/20\",\"Name\":\"elastic-agent-instance-7c201840-8fb7-11ef-b631-06d7d70edc93\",\"aws:cloudformation:stack-id\":\"arn:aws:cloudformation:ap-northeast-3:704479110758:stack/Elastic-Vulnerability-Management-816/7c201840-8fb7-11ef-b631-06d7d70edc93\",\"custodian_delete\":\"Resource does not meet policy: terminate@2024/12/04\",\"stopped-at\":\"2024-11-19 02:46:15.484193\",\"stopped-by\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\"},\"raw\":{\"InstanceType\":\"m6g.xlarge\",\"KernelId\":null,\"MetadataOptions\":{\"HttpEndpoint\":\"enabled\",\"HttpProtocolIpv6\":\"disabled\",\"HttpPutResponseHopLimit\":2,\"HttpTokens\":\"required\",\"InstanceMetadataTags\":\"disabled\",\"State\":\"applied\"},\"PrivateDnsNameOptions\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Region\":\"ap-northeast-3\",\"RootVolume\":null,\"EnclaveOptions\":{\"Enabled\":false},\"IamInstanceProfile\":{\"Id\":\"AIPA2IBR2EZTBQSJFGWFR\",\"Arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-7c201840-8fb7-11ef-b631-06d7d70edc93\"},\"RootDeviceName\":\"/dev/xvda\",\"Hypervisor\":\"xen\",\"OutpostArn\":null,\"PublicIpAddress\":null,\"StateTransitionReason\":\"User initiated (2024-10-23 02:46:28 GMT)\",\"Architecture\":\"arm64\",\"InstanceLifecycle\":\"\",\"SriovNetSupport\":null,\"BlockDeviceMappings\":[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"VolumeId\":\"vol-0a3f6efa368cf5ccb\",\"VolumeOwnerId\":null,\"AssociatedResource\":null,\"AttachTime\":\"2024-10-21T14:20:02Z\",\"DeleteOnTermination\":true,\"Status\":\"attached\"}}],\"ElasticInferenceAcceleratorAssociations\":null,\"PrivateDnsName\":\"ip-172-31-38-165.ap-northeast-3.compute.internal\",\"State\":{\"Code\":80,\"Name\":\"stopped\"},\"StateReason\":{\"Code\":\"Client.UserInitiatedShutdown\",\"Message\":\"Client.UserInitiatedShutdown: User initiated shutdown\"},\"CapacityReservationId\":null,\"PlatformDetails\":\"Linux/UNIX\",\"RamdiskId\":null,\"RootDeviceType\":\"ebs\",\"VpcId\":\"vpc-04076d6d\",\"Licenses\":null,\"PublicDnsName\":\"\",\"HibernationOptions\":{\"Configured\":false},\"ImageId\":\"ami-0e4bd9c95a19339a6\",\"PrivateIpAddress\":\"172.31.38.165\",\"SecurityGroups\":[{\"GroupId\":\"sg-06a3c2327b0c74906\",\"GroupName\":\"elastic-agent-security-group-7c201840-8fb7-11ef-b631-06d7d70edc93\"}],\"SourceDestCheck\":true,\"AmiLaunchIndex\":0,\"LaunchTime\":\"2024-10-21T14:20:01Z\",\"MaintenanceOptions\":{\"AutoRecovery\":\"default\"},\"Monitoring\":{\"State\":\"disabled\"},\"Placement\":{\"AvailabilityZone\":\"ap-northeast-3a\",\"GroupName\":\"\",\"HostId\":null,\"Affinity\":null,\"GroupId\":null,\"HostResourceGroupArn\":null,\"PartitionNumber\":null,\"SpreadDomain\":null,\"Tenancy\":\"default\"},\"SpotInstanceRequestId\":null,\"TpmSupport\":null,\"BootMode\":\"uefi\",\"Ipv6Address\":null,\"EnaSupport\":true,\"SubnetId\":\"subnet-3135917c\",\"UsageOperationUpdateTime\":\"2024-10-21T14:20:01Z\",\"InstanceId\":\"i-0f65de455ea507d64\",\"CpuOptions\":{\"AmdSevSnp\":\"\",\"CoreCount\":4,\"ThreadsPerCore\":1},\"CurrentInstanceBootMode\":\"uefi\",\"Tags\":[{\"Value\":\"8.16-QA\",\"Key\":\"Type\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentEc2Instance\"},{\"Key\":\"Task\",\"Value\":\"Vulnerability Management Scanner\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Vulnerability-Management-816\"},{\"Key\":\"custodian_delete\",\"Value\":\"Resource does not meet policy: terminate@2024/12/04\"},{\"Key\":\"stopped-at\",\"Value\":\"2024-11-19 02:46:15.484193\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:ap-northeast-3:704479110758:stack/Elastic-Vulnerability-Management-816/7c201840-8fb7-11ef-b631-06d7d70edc93\"},{\"Key\":\"Name\",\"Value\":\"elastic-agent-instance-7c201840-8fb7-11ef-b631-06d7d70edc93\"},{\"Value\":\"Tagging Enforcement - contact rnd-hosts-wg@elastic.co or #rnd-hosting for more information\",\"Key\":\"stopped-by\"},{\"Key\":\"custodian_stop\",\"Value\":\"Resource does not meet policy: stop@2024/11/20\"}],\"ClientToken\":\"a825638c-104d-be9f-6755-ff78cbf11dbd\",\"NetworkInterfaces\":[{\"Ipv4Prefixes\":null,\"MacAddress\":\"0e:bc:44:e9:68:c3\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-38-165.ap-northeast-3.compute.internal\",\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-38-165.ap-northeast-3.compute.internal\",\"PrivateIpAddress\":\"172.31.38.165\"}],\"VpcId\":\"vpc-04076d6d\",\"SubnetId\":\"subnet-3135917c\",\"Association\":null,\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-06a3c2327b0c74906\",\"GroupName\":\"elastic-agent-security-group-7c201840-8fb7-11ef-b631-06d7d70edc93\"}],\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-01ee6589b164a2c1d\",\"Attachment\":{\"AttachTime\":\"2024-10-21T14:20:01Z\",\"AttachmentId\":\"eni-attach-0be3d2c28ec0ef354\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"PrivateIpAddress\":\"172.31.38.165\",\"SourceDestCheck\":true,\"Status\":\"in-use\"}],\"Platform\":\"\",\"ProductCodes\":[],\"UsageOperation\":\"RunInstances\",\"VirtualizationType\":\"hvm\",\"EbsOptimized\":false,\"ElasticGpuAssociations\":null,\"KeyName\":null,\"CapacityReservationSpecification\":{\"CapacityReservationPreference\":\"open\",\"CapacityReservationTarget\":null}},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:ec2/i-0f65de455ea507d64\",\"i-0f65de455ea507d64\"],\"name\":\"elastic-agent-instance-7c201840-8fb7-11ef-b631-06d7d70edc93\"},\"host\":{\"architecture\":\"arm64\",\"imageId\":\"ami-0e4bd9c95a19339a6\",\"instance_type\":\"m6g.xlarge\",\"platform\":\"\",\"platform_details\":\"Linux/UNIX\"},\"iam\":{\"id\":\"AIPA2IBR2EZTBQSJFGWFR\",\"arn\":\"arn:aws:iam::704479110758:instance-profile/elastic-agent-instance-profile-7c201840-8fb7-11ef-b631-06d7d70edc93\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:elasticloadbalancing:eu-west-2:704479110758:loadbalancer/api-kops-csp-demo-1-k8s-l-u69ntl\"],\"entity.metadata\":{\"arn:aws:elasticloadbalancing:eu-west-2:704479110758:loadbalancer/api-kops-csp-demo-1-k8s-l-u69ntl\":{\"category\":\"infrastructure\",\"type\":\"load-balancer\"}},\"asset\":{\"type\":\"load-balancer\",\"sub_type\":\"elastic-load-balancer\",\"tags\":null,\"raw\":{\"load_balancer\":{\"Subnets\":[\"subnet-0981d6560ece89ecb\",\"subnet-0b301a436d259a430\"],\"VPCId\":\"vpc-058b21b3bf0f435b0\",\"BackendServerDescriptions\":[],\"DNSName\":\"api-kops-csp-demo-1-k8s-l-u69ntl-675085101.eu-west-2.elb.amazonaws.com\",\"Instances\":[{\"InstanceId\":\"i-0d259bbd0f15a22de\"}],\"Scheme\":\"internet-facing\",\"HealthCheck\":{\"Timeout\":5,\"UnhealthyThreshold\":2,\"HealthyThreshold\":2,\"Interval\":10,\"Target\":\"SSL:443\"},\"SecurityGroups\":[\"sg-035d6dc68c125f46b\"],\"CanonicalHostedZoneNameID\":\"ZHURV8PSTC4K8\",\"LoadBalancerName\":\"api-kops-csp-demo-1-k8s-l-u69ntl\",\"Policies\":{\"AppCookieStickinessPolicies\":[],\"LBCookieStickinessPolicies\":[],\"OtherPolicies\":[]},\"SourceSecurityGroup\":{\"GroupName\":\"api-elb.kops-csp-demo-1.k8s.local\",\"OwnerAlias\":\"704479110758\"},\"AvailabilityZones\":[\"eu-west-2a\",\"eu-west-2b\"],\"CanonicalHostedZoneName\":\"api-kops-csp-demo-1-k8s-l-u69ntl-675085101.eu-west-2.elb.amazonaws.com\",\"CreatedTime\":\"2022-05-08T05:54:07.41Z\",\"ListenerDescriptions\":[{\"Listener\":{\"LoadBalancerPort\":443,\"Protocol\":\"TCP\",\"InstanceProtocol\":\"TCP\",\"SSLCertificateId\":null,\"InstancePort\":443},\"PolicyNames\":[]}]}},\"id\":[\"arn:aws:elasticloadbalancing:eu-west-2:704479110758:loadbalancer/api-kops-csp-demo-1-k8s-l-u69ntl\"],\"name\":\"api-kops-csp-demo-1-k8s-l-u69ntl\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/AccessAnalyzerMonitorServiceRole_TI5HVTD3R2\",\"AROA2IBR2EZTHSUBTX3VH\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/AccessAnalyzerMonitorServiceRole_TI5HVTD3R2\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2023-03-06T14:15:02Z\",\"RoleName\":\"AccessAnalyzerMonitorServiceRole_TI5HVTD3R2\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22access-analyzer.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Tags\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/AccessAnalyzerMonitorServiceRole_TI5HVTD3R2\",\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTHSUBTX3VH\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/AccessAnalyzerMonitorServiceRole_TI5HVTD3R2\",\"AROA2IBR2EZTHSUBTX3VH\"],\"name\":\"AccessAnalyzerMonitorServiceRole_TI5HVTD3R2\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"EC2 role for SSM for Quick-Setup\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTDBYANUQTP\",\"RoleName\":\"AmazonSSMRoleForInstancesQuickSetup\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/AmazonSSMRoleForInstancesQuickSetup\",\"CreateDate\":\"2024-02-14T10:01:51Z\"},\"id\":[\"arn:aws:iam::704479110758:role/AmazonSSMRoleForInstancesQuickSetup\",\"AROA2IBR2EZTDBYANUQTP\"],\"name\":\"AmazonSSMRoleForInstancesQuickSetup\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/AmazonSSMRoleForInstancesQuickSetup\",\"AROA2IBR2EZTDBYANUQTP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/AmazonSSMRoleForInstancesQuickSetup\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/amir-8-12-qa-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/amir-8-12-qa-role\",\"CreateDate\":\"2023-12-25T11:45:28Z\",\"RoleName\":\"amir-8-12-qa-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTCUMQJEN5Q\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/amir-8-12-qa-role\",\"AROA2IBR2EZTCUMQJEN5Q\"],\"name\":\"amir-8-12-qa-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/amir-8-12-qa-role\",\"AROA2IBR2EZTCUMQJEN5Q\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/amir-env-1-eks-node-group-20230627154427801100000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/amir-env-1-eks-node-group-20230627154427801100000008\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTHXEWDFPQK\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"CreateDate\":\"2023-06-27T15:44:27Z\",\"RoleName\":\"amir-env-1-eks-node-group-20230627154427801100000008\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/amir-env-1-eks-node-group-20230627154427801100000008\",\"AROA2IBR2EZTHXEWDFPQK\"],\"name\":\"amir-env-1-eks-node-group-20230627154427801100000008\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/amir-env-1-eks-node-group-20230627154427801100000008\",\"AROA2IBR2EZTHXEWDFPQK\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/amir-env-cluster-20230627154406264000000001\",\"AROA2IBR2EZTAD2GDNPQF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/amir-env-cluster-20230627154406264000000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTAD2GDNPQF\",\"RoleName\":\"amir-env-cluster-20230627154406264000000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"Arn\":\"arn:aws:iam::704479110758:role/amir-env-cluster-20230627154406264000000001\",\"CreateDate\":\"2023-06-27T15:44:06Z\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/amir-env-cluster-20230627154406264000000001\",\"AROA2IBR2EZTAD2GDNPQF\"],\"name\":\"amir-env-cluster-20230627154406264000000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/amir-env6-1-eks-node-group-20230628120928200700000008\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleName\":\"amir-env6-1-eks-node-group-20230628120928200700000008\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/amir-env6-1-eks-node-group-20230628120928200700000008\",\"CreateDate\":\"2023-06-28T12:09:28Z\",\"RoleId\":\"AROA2IBR2EZTDIOJGBDUG\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/amir-env6-1-eks-node-group-20230628120928200700000008\",\"AROA2IBR2EZTDIOJGBDUG\"],\"name\":\"amir-env6-1-eks-node-group-20230628120928200700000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/amir-env6-1-eks-node-group-20230628120928200700000008\",\"AROA2IBR2EZTDIOJGBDUG\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/amir-env6-cluster-20230628120907310200000001\",\"AROA2IBR2EZTO3LBVGPQC\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/amir-env6-cluster-20230628120907310200000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/amir-env6-cluster-20230628120907310200000001\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-06-28T12:09:07Z\",\"RoleId\":\"AROA2IBR2EZTO3LBVGPQC\",\"RoleName\":\"amir-env6-cluster-20230628120907310200000001\",\"Description\":null,\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/amir-env6-cluster-20230628120907310200000001\",\"AROA2IBR2EZTO3LBVGPQC\"],\"name\":\"amir-env6-cluster-20230628120907310200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/appsync-ds-ddb-jeqm57-AppSyncCommentTable-\",\"AROA2IBR2EZTAF7PHV5BM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/appsync-ds-ddb-jeqm57-AppSyncCommentTable-\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTAF7PHV5BM\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22appsync.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2021-06-28T11:10:16Z\",\"Path\":\"/service-role/\",\"RoleName\":\"appsync-ds-ddb-jeqm57-AppSyncCommentTable-\",\"Description\":\"Allows the AWS AppSync service to access your data source.\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/appsync-ds-ddb-jeqm57-AppSyncCommentTable-\"},\"id\":[\"arn:aws:iam::704479110758:role/service-role/appsync-ds-ddb-jeqm57-AppSyncCommentTable-\",\"AROA2IBR2EZTAF7PHV5BM\"],\"name\":\"appsync-ds-ddb-jeqm57-AppSyncCommentTable-\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\",\"CreateDate\":\"2021-06-28T11:10:17Z\",\"RoleId\":\"AROA2IBR2EZTIJVXCNCES\",\"RoleName\":\"appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\",\"MaxSessionDuration\":3600,\"Path\":\"/service-role/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22appsync.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows the AWS AppSync service to access your data source.\",\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\",\"AROA2IBR2EZTIJVXCNCES\"],\"name\":\"appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\",\"AROA2IBR2EZTIJVXCNCES\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ari-eks\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-06-19T10:36:37Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTHT23XIOXX\",\"Description\":\"Allows access to other AWS service resources that are required to operate clusters managed by EKS.\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ari-eks\",\"RoleName\":\"ari-eks\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/ari-eks\",\"AROA2IBR2EZTHT23XIOXX\"],\"name\":\"ari-eks\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/ari-eks\",\"AROA2IBR2EZTHT23XIOXX\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/ari-test-ec2-eks\",\"AROA2IBR2EZTN7BZKEPBY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ari-test-ec2-eks\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"ari-test-ec2-eks\",\"Arn\":\"arn:aws:iam::704479110758:role/ari-test-ec2-eks\",\"RoleId\":\"AROA2IBR2EZTN7BZKEPBY\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-06-19T10:52:59Z\",\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/ari-test-ec2-eks\",\"AROA2IBR2EZTN7BZKEPBY\"],\"name\":\"ari-test-ec2-eks\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/asset-inventory-cloudbeat\",\"AROA2IBR2EZTCEZ5Y5GTL\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/asset-inventory-cloudbeat\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/asset-inventory-cloudbeat\",\"CreateDate\":\"2024-03-25T10:01:29Z\",\"RoleName\":\"asset-inventory-cloudbeat\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTCEZ5Y5GTL\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/asset-inventory-cloudbeat\",\"AROA2IBR2EZTCEZ5Y5GTL\"],\"name\":\"asset-inventory-cloudbeat\",\"category\":\"identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/aws-cloudtrail-logs-oleg\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/aws-cloudtrail-logs-oleg\",\"RoleName\":\"aws-cloudtrail-logs-oleg\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"CreateDate\":\"2023-01-05T12:37:32Z\",\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTNKGLDDDFM\"},\"id\":[\"arn:aws:iam::704479110758:role/service-role/aws-cloudtrail-logs-oleg\",\"AROA2IBR2EZTNKGLDDDFM\"],\"name\":\"aws-cloudtrail-logs-oleg\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/aws-cloudtrail-logs-oleg\",\"AROA2IBR2EZTNKGLDDDFM\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-ec2-spot-fleet-tagging-role\",\"AROA2IBR2EZTD2KFPX6LU\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-ec2-spot-fleet-tagging-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"CreateDate\":\"2020-03-17T14:38:52Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTD2KFPX6LU\",\"PermissionsBoundary\":null,\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-ec2-spot-fleet-tagging-role\",\"RoleName\":\"aws-ec2-spot-fleet-tagging-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22spotfleet.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-ec2-spot-fleet-tagging-role\",\"AROA2IBR2EZTD2KFPX6LU\"],\"name\":\"aws-ec2-spot-fleet-tagging-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/AWS-QuickSetup-StackSet-Local-AdministrationRole\",\"AROA2IBR2EZTHAQOV5UMP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/AWS-QuickSetup-StackSet-Local-AdministrationRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTHAQOV5UMP\",\"RoleName\":\"AWS-QuickSetup-StackSet-Local-AdministrationRole\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/AWS-QuickSetup-StackSet-Local-AdministrationRole\",\"CreateDate\":\"2024-02-14T09:52:17Z\",\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22cloudformation.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/AWS-QuickSetup-StackSet-Local-AdministrationRole\",\"AROA2IBR2EZTHAQOV5UMP\"],\"name\":\"AWS-QuickSetup-StackSet-Local-AdministrationRole\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/AWS-QuickSetup-StackSet-Local-ExecutionRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"AWS-QuickSetup-StackSet-Local-ExecutionRole\",\"MaxSessionDuration\":3600,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTOMJUCTEMP\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2FAWS-QuickSetup-StackSet-Local-AdministrationRole%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/AWS-QuickSetup-StackSet-Local-ExecutionRole\",\"CreateDate\":\"2024-02-14T09:52:27Z\"},\"id\":[\"arn:aws:iam::704479110758:role/AWS-QuickSetup-StackSet-Local-ExecutionRole\",\"AROA2IBR2EZTOMJUCTEMP\"],\"name\":\"AWS-QuickSetup-StackSet-Local-ExecutionRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/AWS-QuickSetup-StackSet-Local-ExecutionRole\",\"AROA2IBR2EZTOMJUCTEMP\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/aws-quicksight-secretsmanager-role-v0\",\"AROA2IBR2EZTFZGZ45I6P\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/aws-quicksight-secretsmanager-role-v0\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/aws-quicksight-secretsmanager-role-v0\",\"CreateDate\":\"2024-10-16T18:23:09Z\",\"RoleName\":\"aws-quicksight-secretsmanager-role-v0\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22quicksight.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTFZGZ45I6P\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/aws-quicksight-secretsmanager-role-v0\",\"AROA2IBR2EZTFZGZ45I6P\"],\"name\":\"aws-quicksight-secretsmanager-role-v0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/aws-quicksight-service-role-v0\",\"AROA2IBR2EZTKS56AMGNM\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/aws-quicksight-service-role-v0\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/service-role/aws-quicksight-service-role-v0\",\"CreateDate\":\"2024-10-16T18:23:09Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22quicksight.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTKS56AMGNM\",\"RoleName\":\"aws-quicksight-service-role-v0\",\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/aws-quicksight-service-role-v0\",\"AROA2IBR2EZTKS56AMGNM\"],\"name\":\"aws-quicksight-service-role-v0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-reinvent-2024-private-ec2-instance-role-f934c03f\",\"RoleName\":\"aws-reinvent-2024-private-ec2-instance-role-f934c03f\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"CreateDate\":\"2024-11-06T18:06:53Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTHJMXDMIKW\"},\"id\":[\"arn:aws:iam::704479110758:role/aws-reinvent-2024-private-ec2-instance-role-f934c03f\",\"AROA2IBR2EZTHJMXDMIKW\"],\"name\":\"aws-reinvent-2024-private-ec2-instance-role-f934c03f\",\"category\":\"identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-reinvent-2024-private-ec2-instance-role-f934c03f\",\"AROA2IBR2EZTHJMXDMIKW\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-reinvent-2024-private-ec2-instance-role-f934c03f\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-reinvent-2024-public-ec2-instance-role-f934c03f\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/aws-reinvent-2024-public-ec2-instance-role-f934c03f\",\"AROA2IBR2EZTKJEQEGDFV\"],\"name\":\"aws-reinvent-2024-public-ec2-instance-role-f934c03f\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTKJEQEGDFV\",\"CreateDate\":\"2024-11-06T18:06:53Z\",\"Path\":\"/\",\"RoleName\":\"aws-reinvent-2024-public-ec2-instance-role-f934c03f\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-reinvent-2024-public-ec2-instance-role-f934c03f\",\"Tags\":null}},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-reinvent-2024-public-ec2-instance-role-f934c03f\",\"AROA2IBR2EZTKJEQEGDFV\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"raw\":{\"CreateDate\":\"2023-05-08T10:34:13Z\",\"RoleId\":\"AROA2IBR2EZTO6DXHR2MN\",\"PermissionsBoundary\":null,\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/AWSDataLifecycleManagerDefaultRole\",\"Path\":\"/service-role/\",\"RoleName\":\"AWSDataLifecycleManagerDefaultRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22dlm.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/service-role/AWSDataLifecycleManagerDefaultRole\",\"AROA2IBR2EZTO6DXHR2MN\"],\"name\":\"AWSDataLifecycleManagerDefaultRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/AWSDataLifecycleManagerDefaultRole\",\"AROA2IBR2EZTO6DXHR2MN\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/AWSDataLifecycleManagerDefaultRole\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"name\":\"AWSGlueServiceRole-demoalb\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22glue.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"RoleName\":\"AWSGlueServiceRole-demoalb\",\"CreateDate\":\"2020-12-02T14:20:38Z\",\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTDRKPIJUIZ\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/AWSGlueServiceRole-demoalb\"},\"id\":[\"arn:aws:iam::704479110758:role/service-role/AWSGlueServiceRole-demoalb\",\"AROA2IBR2EZTDRKPIJUIZ\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/AWSGlueServiceRole-demoalb\",\"AROA2IBR2EZTDRKPIJUIZ\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/AWSGlueServiceRole-demoalb\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-01-09T15:06:29Z\",\"RoleName\":\"AWSServiceRoleForAccessAnalyzer\",\"Description\":null,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer\",\"Path\":\"/aws-service-role/access-analyzer.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTIGFUE4DEY\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22access-analyzer.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer\",\"AROA2IBR2EZTIGFUE4DEY\"],\"name\":\"AWSServiceRoleForAccessAnalyzer\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer\",\"AROA2IBR2EZTIGFUE4DEY\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS\",\"AROA2IBR2EZTEYCLRLLCA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS\",\"AROA2IBR2EZTEYCLRLLCA\"],\"name\":\"AWSServiceRoleForAmazonEKS\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS\",\"CreateDate\":\"2020-06-22T08:14:35Z\",\"Path\":\"/aws-service-role/eks.amazonaws.com/\",\"Description\":\"Allows EKS to manage clusters on your behalf.\",\"MaxSessionDuration\":3600,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTEYCLRLLCA\",\"RoleName\":\"AWSServiceRoleForAmazonEKS\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/eks-fargate.amazonaws.com/AWSServiceRoleForAmazonEKSForFargate\",\"AROA2IBR2EZTKTHLW5XHW\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/eks-fargate.amazonaws.com/AWSServiceRoleForAmazonEKSForFargate\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"raw\":{\"RoleId\":\"AROA2IBR2EZTKTHLW5XHW\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks-fargate.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"This policy grants necessary permissions to Amazon EKS to run fargate tasks\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/eks-fargate.amazonaws.com/AWSServiceRoleForAmazonEKSForFargate\",\"CreateDate\":\"2022-08-02T13:28:22Z\",\"Path\":\"/aws-service-role/eks-fargate.amazonaws.com/\",\"RoleName\":\"AWSServiceRoleForAmazonEKSForFargate\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/eks-fargate.amazonaws.com/AWSServiceRoleForAmazonEKSForFargate\",\"AROA2IBR2EZTKTHLW5XHW\"],\"name\":\"AWSServiceRoleForAmazonEKSForFargate\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup\",\"AROA2IBR2EZTPOHIOUKLM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTPOHIOUKLM\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks-nodegroup.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup\",\"CreateDate\":\"2021-07-01T06:46:50Z\",\"Path\":\"/aws-service-role/eks-nodegroup.amazonaws.com/\",\"RoleName\":\"AWSServiceRoleForAmazonEKSNodegroup\",\"Description\":\"This policy allows Amazon EKS to create and manage Nodegroups\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup\",\"AROA2IBR2EZTPOHIOUKLM\"],\"name\":\"AWSServiceRoleForAmazonEKSNodegroup\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/elasticfilesystem.amazonaws.com/AWSServiceRoleForAmazonElasticFileSystem\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-12-23T19:43:34Z\",\"Path\":\"/aws-service-role/elasticfilesystem.amazonaws.com/\",\"RoleName\":\"AWSServiceRoleForAmazonElasticFileSystem\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22elasticfilesystem.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/elasticfilesystem.amazonaws.com/AWSServiceRoleForAmazonElasticFileSystem\",\"RoleId\":\"AROA2IBR2EZTFNQ5I2RBG\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/elasticfilesystem.amazonaws.com/AWSServiceRoleForAmazonElasticFileSystem\",\"AROA2IBR2EZTFNQ5I2RBG\"],\"name\":\"AWSServiceRoleForAmazonElasticFileSystem\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/elasticfilesystem.amazonaws.com/AWSServiceRoleForAmazonElasticFileSystem\",\"AROA2IBR2EZTFNQ5I2RBG\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonElasticsearchService\",\"AROA2IBR2EZTLFY6HZPAS\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonElasticsearchService\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonElasticsearchService\",\"CreateDate\":\"2020-09-16T09:55:54Z\",\"RoleId\":\"AROA2IBR2EZTLFY6HZPAS\",\"RoleName\":\"AWSServiceRoleForAmazonElasticsearchService\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22es.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/aws-service-role/es.amazonaws.com/\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonElasticsearchService\",\"AROA2IBR2EZTLFY6HZPAS\"],\"name\":\"AWSServiceRoleForAmazonElasticsearchService\",\"category\":\"identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty\",\"CreateDate\":\"2024-06-05T04:04:01Z\",\"RoleName\":\"AWSServiceRoleForAmazonGuardDuty\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22guardduty.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/aws-service-role/guardduty.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTCDDVG3BNK\",\"Description\":\"A service-linked role required for Amazon GuardDuty to access your resources. \",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty\",\"AROA2IBR2EZTCDDVG3BNK\"],\"name\":\"AWSServiceRoleForAmazonGuardDuty\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty\",\"AROA2IBR2EZTCDDVG3BNK\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/malware-protection.guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDutyMalwareProtection\",\"AROA2IBR2EZTEHKO6GVCK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/malware-protection.guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDutyMalwareProtection\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"AWSServiceRoleForAmazonGuardDutyMalwareProtection\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/aws-service-role/malware-protection.guardduty.amazonaws.com/\",\"Description\":\"A service-linked role required for Amazon GuardDuty Malware Scan to access your resources. \",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2024-06-05T04:04:01Z\",\"RoleId\":\"AROA2IBR2EZTEHKO6GVCK\",\"RoleName\":\"AWSServiceRoleForAmazonGuardDutyMalwareProtection\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22malware-protection.guardduty.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/malware-protection.guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDutyMalwareProtection\"},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/malware-protection.guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDutyMalwareProtection\",\"AROA2IBR2EZTEHKO6GVCK\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/inspector2.amazonaws.com/AWSServiceRoleForAmazonInspector2\",\"AROA2IBR2EZTGULR36GS5\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/inspector2.amazonaws.com/AWSServiceRoleForAmazonInspector2\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"AWSServiceRoleForAmazonInspector2\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-01-17T21:54:23Z\",\"RoleId\":\"AROA2IBR2EZTGULR36GS5\",\"Description\":\"Allowing Inspector to call AWS services on behalf of customers\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/inspector2.amazonaws.com/AWSServiceRoleForAmazonInspector2\",\"RoleName\":\"AWSServiceRoleForAmazonInspector2\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22inspector2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Tags\":null,\"Path\":\"/aws-service-role/inspector2.amazonaws.com/\"},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/inspector2.amazonaws.com/AWSServiceRoleForAmazonInspector2\",\"AROA2IBR2EZTGULR36GS5\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService\",\"AROA2IBR2EZTJVWEMHQQE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService\",\"CreateDate\":\"2021-10-04T12:20:00Z\",\"Path\":\"/aws-service-role/opensearchservice.amazonaws.com/\",\"RoleName\":\"AWSServiceRoleForAmazonOpenSearchService\",\"Description\":null,\"RoleId\":\"AROA2IBR2EZTJVWEMHQQE\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22opensearchservice.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService\",\"AROA2IBR2EZTJVWEMHQQE\"],\"name\":\"AWSServiceRoleForAmazonOpenSearchService\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"raw\":{\"CreateDate\":\"2023-07-06T07:23:20Z\",\"Path\":\"/aws-service-role/ssm.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTO7GWACS2Y\",\"Description\":\"Provides access to AWS Resources managed or used by Amazon SSM.\",\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM\",\"RoleName\":\"AWSServiceRoleForAmazonSSM\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ssm.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM\",\"AROA2IBR2EZTO7GWACS2Y\"],\"name\":\"AWSServiceRoleForAmazonSSM\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM\",\"AROA2IBR2EZTO7GWACS2Y\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"name\":\"AWSServiceRoleForApplicationAutoScaling_ECSService\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs.application-autoscaling.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService\",\"CreateDate\":\"2020-10-27T12:57:55Z\",\"Path\":\"/aws-service-role/ecs.application-autoscaling.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTDYJKIC5OS\",\"RoleName\":\"AWSServiceRoleForApplicationAutoScaling_ECSService\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService\",\"AROA2IBR2EZTDYJKIC5OS\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService\",\"AROA2IBR2EZTDYJKIC5OS\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2021-03-24T13:49:06Z\",\"RoleId\":\"AROA2IBR2EZTLKJNCFVYU\",\"RoleName\":\"AWSServiceRoleForAutoScaling\",\"Description\":\"Default Service-Linked Role enables access to AWS Services and Resources used or managed by Auto Scaling\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling\",\"Path\":\"/aws-service-role/autoscaling.amazonaws.com/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22autoscaling.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling\",\"AROA2IBR2EZTLKJNCFVYU\"],\"name\":\"AWSServiceRoleForAutoScaling\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling\",\"AROA2IBR2EZTLKJNCFVYU\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/management.chatbot.amazonaws.com/AWSServiceRoleForAWSChatbot\",\"AROA2IBR2EZTIAYAW2FXC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/management.chatbot.amazonaws.com/AWSServiceRoleForAWSChatbot\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"AWSServiceRoleForAWSChatbot\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTIAYAW2FXC\",\"RoleName\":\"AWSServiceRoleForAWSChatbot\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22management.chatbot.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/management.chatbot.amazonaws.com/AWSServiceRoleForAWSChatbot\",\"CreateDate\":\"2020-10-20T10:23:18Z\",\"Path\":\"/aws-service-role/management.chatbot.amazonaws.com/\",\"Description\":\"The Service Linked Role used by AWS Chatbot.\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/management.chatbot.amazonaws.com/AWSServiceRoleForAWSChatbot\",\"AROA2IBR2EZTIAYAW2FXC\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/cloud9.amazonaws.com/AWSServiceRoleForAWSCloud9\",\"AROA2IBR2EZTEKMEX6QAQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/cloud9.amazonaws.com/AWSServiceRoleForAWSCloud9\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Path\":\"/aws-service-role/cloud9.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTEKMEX6QAQ\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22cloud9.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"CreateDate\":\"2022-03-06T07:33:49Z\",\"RoleName\":\"AWSServiceRoleForAWSCloud9\",\"Description\":\"Service linked role for AWS Cloud9\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/cloud9.amazonaws.com/AWSServiceRoleForAWSCloud9\"},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/cloud9.amazonaws.com/AWSServiceRoleForAWSCloud9\",\"AROA2IBR2EZTEKMEX6QAQ\"],\"name\":\"AWSServiceRoleForAWSCloud9\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"tags\":null,\"raw\":{\"Path\":\"/aws-service-role/backup.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTCOBGNRFUF\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2020-12-23T19:43:46Z\",\"RoleName\":\"AWSServiceRoleForBackup\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22backup.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup\"},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup\",\"AROA2IBR2EZTCOBGNRFUF\"],\"name\":\"AWSServiceRoleForBackup\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup\",\"AROA2IBR2EZTCOBGNRFUF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"name\":\"AWSServiceRoleForCloudFormationStackSetsOrgMember\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/member.org.stacksets.cloudformation.amazonaws.com/AWSServiceRoleForCloudFormationStackSetsOrgMember\",\"Path\":\"/aws-service-role/member.org.stacksets.cloudformation.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTO4AAANE3U\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22member.org.stacksets.cloudformation.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"CreateDate\":\"2024-01-22T22:34:53Z\",\"RoleName\":\"AWSServiceRoleForCloudFormationStackSetsOrgMember\",\"Description\":\"Service linked role for CloudFormation StackSets (Organization Member)\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/member.org.stacksets.cloudformation.amazonaws.com/AWSServiceRoleForCloudFormationStackSetsOrgMember\",\"AROA2IBR2EZTO4AAANE3U\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/member.org.stacksets.cloudformation.amazonaws.com/AWSServiceRoleForCloudFormationStackSetsOrgMember\",\"AROA2IBR2EZTO4AAANE3U\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/member.org.stacksets.cloudformation.amazonaws.com/AWSServiceRoleForCloudFormationStackSetsOrgMember\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail\",\"AROA2IBR2EZTAMOGJQN5F\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"AWSServiceRoleForCloudTrail\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-07-18T19:13:35Z\",\"Path\":\"/aws-service-role/cloudtrail.amazonaws.com/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22cloudtrail.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail\",\"RoleId\":\"AROA2IBR2EZTAMOGJQN5F\",\"RoleName\":\"AWSServiceRoleForCloudTrail\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail\",\"AROA2IBR2EZTAMOGJQN5F\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents\",\"AROA2IBR2EZTLYENX7KRP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents\",\"CreateDate\":\"2024-05-27T18:28:19Z\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/aws-service-role/events.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTLYENX7KRP\",\"RoleName\":\"AWSServiceRoleForCloudWatchEvents\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22events.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents\",\"AROA2IBR2EZTLYENX7KRP\"],\"name\":\"AWSServiceRoleForCloudWatchEvents\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig\",\"AROA2IBR2EZTO66T7MQ2A\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2021-11-16T14:04:04Z\",\"RoleId\":\"AROA2IBR2EZTO66T7MQ2A\",\"RoleName\":\"AWSServiceRoleForConfig\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22config.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig\",\"Path\":\"/aws-service-role/config.amazonaws.com/\",\"Description\":null,\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig\",\"AROA2IBR2EZTO66T7MQ2A\"],\"name\":\"AWSServiceRoleForConfig\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms\",\"AROA2IBR2EZTHSU764CW6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms\",\"AROA2IBR2EZTHSU764CW6\"],\"name\":\"AWSServiceRoleForConfigConforms\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms\",\"CreateDate\":\"2021-11-16T14:06:09Z\",\"Path\":\"/aws-service-role/config-conforms.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTHSU764CW6\",\"RoleName\":\"AWSServiceRoleForConfigConforms\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22config-conforms.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Service Linked Role for AWS Config Conformance Packs Service\",\"PermissionsBoundary\":null,\"Tags\":null}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/cost-optimization-hub.bcm.amazonaws.com/AWSServiceRoleForCostOptimizationHub\",\"AROA2IBR2EZTIH324T3O4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/cost-optimization-hub.bcm.amazonaws.com/AWSServiceRoleForCostOptimizationHub\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/cost-optimization-hub.bcm.amazonaws.com/AWSServiceRoleForCostOptimizationHub\",\"RoleName\":\"AWSServiceRoleForCostOptimizationHub\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22cost-optimization-hub.bcm.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2024-05-31T15:49:05Z\",\"Path\":\"/aws-service-role/cost-optimization-hub.bcm.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTIH324T3O4\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/cost-optimization-hub.bcm.amazonaws.com/AWSServiceRoleForCostOptimizationHub\",\"AROA2IBR2EZTIH324T3O4\"],\"name\":\"AWSServiceRoleForCostOptimizationHub\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru\",\"AROA2IBR2EZTFM6SP52TP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"AWSServiceRoleForDevOpsGuru\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/aws-service-role/devops-guru.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTFM6SP52TP\",\"Description\":\"AWS service role used to execute actions on your behalf.\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru\",\"CreateDate\":\"2023-04-03T14:52:13Z\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"RoleName\":\"AWSServiceRoleForDevOpsGuru\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22devops-guru.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru\",\"AROA2IBR2EZTFM6SP52TP\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/ec2-instance-connect.amazonaws.com/AWSServiceRoleForEc2InstanceConnect\",\"AROA2IBR2EZTADRUYGO7H\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/ec2-instance-connect.amazonaws.com/AWSServiceRoleForEc2InstanceConnect\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/ec2-instance-connect.amazonaws.com/AWSServiceRoleForEc2InstanceConnect\",\"Path\":\"/aws-service-role/ec2-instance-connect.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTADRUYGO7H\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2-instance-connect.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"The Service Linked Role used by EC2 Instance Connect Endpoint.\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2024-04-15T09:15:57Z\",\"RoleName\":\"AWSServiceRoleForEc2InstanceConnect\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/ec2-instance-connect.amazonaws.com/AWSServiceRoleForEc2InstanceConnect\",\"AROA2IBR2EZTADRUYGO7H\"],\"name\":\"AWSServiceRoleForEc2InstanceConnect\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot\",\"AROA2IBR2EZTE7IVTVKTM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-03-17T14:44:48Z\",\"RoleId\":\"AROA2IBR2EZTE7IVTVKTM\",\"RoleName\":\"AWSServiceRoleForEC2Spot\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22spot.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Default EC2 Spot Service Linked Role\",\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot\",\"Path\":\"/aws-service-role/spot.amazonaws.com/\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot\",\"AROA2IBR2EZTE7IVTVKTM\"],\"name\":\"AWSServiceRoleForEC2Spot\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/spotfleet.amazonaws.com/AWSServiceRoleForEC2SpotFleet\",\"AROA2IBR2EZTI5NOTWXSM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/spotfleet.amazonaws.com/AWSServiceRoleForEC2SpotFleet\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/spotfleet.amazonaws.com/AWSServiceRoleForEC2SpotFleet\",\"AROA2IBR2EZTI5NOTWXSM\"],\"name\":\"AWSServiceRoleForEC2SpotFleet\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/spotfleet.amazonaws.com/AWSServiceRoleForEC2SpotFleet\",\"RoleId\":\"AROA2IBR2EZTI5NOTWXSM\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22spotfleet.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Default EC2 Spot Fleet Service Linked Role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"CreateDate\":\"2020-08-05T11:29:58Z\",\"Path\":\"/aws-service-role/spotfleet.amazonaws.com/\",\"RoleName\":\"AWSServiceRoleForEC2SpotFleet\",\"PermissionsBoundary\":null,\"Tags\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS\",\"AROA2IBR2EZTBIPT2Q3HR\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-07-29T13:52:01Z\",\"Path\":\"/aws-service-role/ecs.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTBIPT2Q3HR\",\"RoleName\":\"AWSServiceRoleForECS\",\"Description\":\"Role to enable Amazon ECS to manage your cluster.\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS\",\"AROA2IBR2EZTBIPT2Q3HR\"],\"name\":\"AWSServiceRoleForECS\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache\",\"AROA2IBR2EZTD4MD2QACP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2021-03-14T13:19:58Z\",\"RoleId\":\"AROA2IBR2EZTD4MD2QACP\",\"RoleName\":\"AWSServiceRoleForElastiCache\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22elasticache.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"This policy allows ElastiCache to manage AWS resources on your behalf as necessary for managing your cache.\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache\",\"Path\":\"/aws-service-role/elasticache.amazonaws.com/\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache\",\"AROA2IBR2EZTD4MD2QACP\"],\"name\":\"AWSServiceRoleForElastiCache\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing\",\"AROA2IBR2EZTEZDWG76FB\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2020-07-29T14:01:04Z\",\"RoleId\":\"AROA2IBR2EZTEZDWG76FB\",\"RoleName\":\"AWSServiceRoleForElasticLoadBalancing\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22elasticloadbalancing.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows ELB to call AWS services on your behalf.\",\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing\",\"Path\":\"/aws-service-role/elasticloadbalancing.amazonaws.com/\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing\",\"AROA2IBR2EZTEZDWG76FB\"],\"name\":\"AWSServiceRoleForElasticLoadBalancing\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator\",\"AROA2IBR2EZTOANZJ3EXA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"AWSServiceRoleForGlobalAccelerator\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Path\":\"/aws-service-role/globalaccelerator.amazonaws.com/\",\"Description\":\"Allows Global Accelerator to call AWS services on customer's behalf\",\"RoleId\":\"AROA2IBR2EZTOANZJ3EXA\",\"RoleName\":\"AWSServiceRoleForGlobalAccelerator\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22globalaccelerator.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator\",\"CreateDate\":\"2020-07-29T15:19:59Z\"},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator\",\"AROA2IBR2EZTOANZJ3EXA\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder\",\"AROA2IBR2EZTMJXDEV6GM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder\",\"CreateDate\":\"2024-05-28T08:35:24Z\",\"Path\":\"/aws-service-role/imagebuilder.amazonaws.com/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22imagebuilder.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTMJXDEV6GM\",\"RoleName\":\"AWSServiceRoleForImageBuilder\",\"Description\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder\",\"AROA2IBR2EZTMJXDEV6GM\"],\"name\":\"AWSServiceRoleForImageBuilder\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/mrk.kms.amazonaws.com/AWSServiceRoleForKeyManagementServiceMultiRegionKeys\",\"AROA2IBR2EZTJOTMBXX45\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/mrk.kms.amazonaws.com/AWSServiceRoleForKeyManagementServiceMultiRegionKeys\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/mrk.kms.amazonaws.com/AWSServiceRoleForKeyManagementServiceMultiRegionKeys\",\"AROA2IBR2EZTJOTMBXX45\"],\"name\":\"AWSServiceRoleForKeyManagementServiceMultiRegionKeys\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/mrk.kms.amazonaws.com/AWSServiceRoleForKeyManagementServiceMultiRegionKeys\",\"CreateDate\":\"2023-02-12T15:15:13Z\",\"Path\":\"/aws-service-role/mrk.kms.amazonaws.com/\",\"RoleName\":\"AWSServiceRoleForKeyManagementServiceMultiRegionKeys\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22mrk.kms.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Enables access to AWS services and resources required for AWS KMS Multi-Region Keys\",\"PermissionsBoundary\":null,\"RoleId\":\"AROA2IBR2EZTJOTMBXX45\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations\",\"AROA2IBR2EZTPIKFITJAO\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"CreateDate\":\"2022-04-01T17:23:24Z\",\"Path\":\"/aws-service-role/organizations.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTPIKFITJAO\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations\",\"RoleName\":\"AWSServiceRoleForOrganizations\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22organizations.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Service-linked role used by AWS Organizations to enable integration of other AWS services with Organizations.\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations\",\"AROA2IBR2EZTPIKFITJAO\"],\"name\":\"AWSServiceRoleForOrganizations\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS\",\"AROA2IBR2EZTLCEX6UGGX\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"Allows Amazon RDS to manage AWS resources on your behalf\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS\",\"CreateDate\":\"2020-07-29T16:47:06Z\",\"RoleName\":\"AWSServiceRoleForRDS\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22rds.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Path\":\"/aws-service-role/rds.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTLCEX6UGGX\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS\",\"AROA2IBR2EZTLCEX6UGGX\"],\"name\":\"AWSServiceRoleForRDS\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer\",\"AROA2IBR2EZTMTIDEITAO\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-13T15:41:39Z\",\"RoleName\":\"AWSServiceRoleForResourceExplorer\",\"Description\":null,\"RoleLastUsed\":null,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer\",\"Path\":\"/aws-service-role/resource-explorer-2.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTMTIDEITAO\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22resource-explorer-2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer\",\"AROA2IBR2EZTMTIDEITAO\"],\"name\":\"AWSServiceRoleForResourceExplorer\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/rolesanywhere.amazonaws.com/AWSServiceRoleForRolesAnywhere\",\"AROA2IBR2EZTBLHVW55BC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/rolesanywhere.amazonaws.com/AWSServiceRoleForRolesAnywhere\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2024-10-10T12:55:42Z\",\"Path\":\"/aws-service-role/rolesanywhere.amazonaws.com/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22rolesanywhere.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/rolesanywhere.amazonaws.com/AWSServiceRoleForRolesAnywhere\",\"RoleId\":\"AROA2IBR2EZTBLHVW55BC\",\"RoleName\":\"AWSServiceRoleForRolesAnywhere\",\"Description\":\"SLR created with Nile Trust Anchor creation.\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/rolesanywhere.amazonaws.com/AWSServiceRoleForRolesAnywhere\",\"AROA2IBR2EZTBLHVW55BC\"],\"name\":\"AWSServiceRoleForRolesAnywhere\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/route53resolver.amazonaws.com/AWSServiceRoleForRoute53Resolver\",\"AROA2IBR2EZTEE7WWEWLG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/route53resolver.amazonaws.com/AWSServiceRoleForRoute53Resolver\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/route53resolver.amazonaws.com/AWSServiceRoleForRoute53Resolver\",\"AROA2IBR2EZTEE7WWEWLG\"],\"name\":\"AWSServiceRoleForRoute53Resolver\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/route53resolver.amazonaws.com/AWSServiceRoleForRoute53Resolver\",\"CreateDate\":\"2024-10-08T11:42:04Z\",\"Path\":\"/aws-service-role/route53resolver.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTEE7WWEWLG\",\"RoleName\":\"AWSServiceRoleForRoute53Resolver\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22route53resolver.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"}},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/securityhub.amazonaws.com/AWSServiceRoleForSecurityHub\",\"AROA2IBR2EZTHT5IAJKCK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/securityhub.amazonaws.com/AWSServiceRoleForSecurityHub\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"Tags\":null,\"Path\":\"/aws-service-role/securityhub.amazonaws.com/\",\"RoleName\":\"AWSServiceRoleForSecurityHub\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22securityhub.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"A service-linked role required for AWS Security Hub to access your resources.\",\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/securityhub.amazonaws.com/AWSServiceRoleForSecurityHub\",\"CreateDate\":\"2021-12-16T19:28:02Z\",\"RoleId\":\"AROA2IBR2EZTHT5IAJKCK\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/securityhub.amazonaws.com/AWSServiceRoleForSecurityHub\",\"AROA2IBR2EZTHT5IAJKCK\"],\"name\":\"AWSServiceRoleForSecurityHub\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.086+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas\",\"AROA2IBR2EZTEW76IYZU3\"],\"name\":\"AWSServiceRoleForServiceQuotas\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"AWSServiceRoleForServiceQuotas\",\"Description\":\"A service-linked role is required for Service Quotas to access your service limits.\",\"Tags\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas\",\"CreateDate\":\"2021-01-03T12:53:49Z\",\"Path\":\"/aws-service-role/servicequotas.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTEW76IYZU3\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22servicequotas.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas\",\"AROA2IBR2EZTEW76IYZU3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-02-05T15:28:56Z\",\"RoleName\":\"AWSServiceRoleForSupport\",\"Description\":\"Enables resource access for AWS to provide billing, administrative and support services\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport\",\"Path\":\"/aws-service-role/support.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTHBCJMEMUT\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22support.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport\",\"AROA2IBR2EZTHBCJMEMUT\"],\"name\":\"AWSServiceRoleForSupport\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport\",\"AROA2IBR2EZTHBCJMEMUT\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor\",\"AROA2IBR2EZTCIK7YJG3E\"],\"name\":\"AWSServiceRoleForTrustedAdvisor\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-02-05T15:28:56Z\",\"RoleLastUsed\":null,\"Tags\":null,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22trustedadvisor.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Access for the AWS Trusted Advisor Service to help reduce cost, increase performance, and improve security of your AWS environment.\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor\",\"Path\":\"/aws-service-role/trustedadvisor.amazonaws.com/\",\"RoleId\":\"AROA2IBR2EZTCIK7YJG3E\",\"RoleName\":\"AWSServiceRoleForTrustedAdvisor\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor\",\"AROA2IBR2EZTCIK7YJG3E\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/aws_support_iam_role\",\"AROA2IBR2EZTAKLIVXD5C\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/aws_support_iam_role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-04-19T09:14:06Z\",\"Path\":\"/\",\"RoleName\":\"aws_support_iam_role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Forestis.floros%40elastic.co%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/aws_support_iam_role\",\"RoleId\":\"AROA2IBR2EZTAKLIVXD5C\",\"Description\":null,\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/aws_support_iam_role\",\"AROA2IBR2EZTAKLIVXD5C\"],\"name\":\"aws_support_iam_role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/BedrockAccess\",\"AROA2IBR2EZTO5JCT6MPY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/BedrockAccess\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-05-27T13:47:50Z\",\"Path\":\"/\",\"RoleName\":\"BedrockAccess\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/BedrockAccess\",\"RoleId\":\"AROA2IBR2EZTO5JCT6MPY\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows to call AWS Bedrock services on your behalf.\"},\"id\":[\"arn:aws:iam::704479110758:role/BedrockAccess\",\"AROA2IBR2EZTO5JCT6MPY\"],\"name\":\"BedrockAccess\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/benchmark-rules-1-eks-node-group-20240530133042997300000008\",\"AROA2IBR2EZTJWV5A4MED\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/benchmark-rules-1-eks-node-group-20240530133042997300000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/benchmark-rules-1-eks-node-group-20240530133042997300000008\",\"AROA2IBR2EZTJWV5A4MED\"],\"name\":\"benchmark-rules-1-eks-node-group-20240530133042997300000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-05-30T13:30:43Z\",\"RoleId\":\"AROA2IBR2EZTJWV5A4MED\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/benchmark-rules-1-eks-node-group-20240530133042997300000008\",\"RoleName\":\"benchmark-rules-1-eks-node-group-20240530133042997300000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Path\":\"/\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/benchmark-rules-cluster-20240530133027043600000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/benchmark-rules-cluster-20240530133027043600000001\",\"AROA2IBR2EZTBH75CSOFK\"],\"name\":\"benchmark-rules-cluster-20240530133027043600000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-05-30T13:30:27Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTBH75CSOFK\",\"Description\":null,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/benchmark-rules-cluster-20240530133027043600000001\",\"RoleName\":\"benchmark-rules-cluster-20240530133027043600000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/benchmark-rules-cluster-20240530133027043600000001\",\"AROA2IBR2EZTBH75CSOFK\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/benchmark-rules-cnvm-sanity-test-s-ElasticAgentRole-LLLynEavUM6d\",\"AROA2IBR2EZTIAX6IKWMK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/benchmark-rules-cnvm-sanity-test-s-ElasticAgentRole-LLLynEavUM6d\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/benchmark-rules-cnvm-sanity-test-s-ElasticAgentRole-LLLynEavUM6d\",\"CreateDate\":\"2024-05-30T13:49:13Z\",\"RoleName\":\"benchmark-rules-cnvm-sanity-test-s-ElasticAgentRole-LLLynEavUM6d\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTIAX6IKWMK\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/benchmark-rules-cnvm-sanity-test-s-ElasticAgentRole-LLLynEavUM6d\",\"AROA2IBR2EZTIAX6IKWMK\"],\"name\":\"benchmark-rules-cnvm-sanity-test-s-ElasticAgentRole-LLLynEavUM6d\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/ChimeEC2ClientRole\",\"AROA2IBR2EZTGDM65XIHF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ChimeEC2ClientRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2021-06-29T11:23:42Z\",\"RoleId\":\"AROA2IBR2EZTGDM65XIHF\",\"RoleName\":\"ChimeEC2ClientRole\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ChimeEC2ClientRole\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/ChimeEC2ClientRole\",\"AROA2IBR2EZTGDM65XIHF\"],\"name\":\"ChimeEC2ClientRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ChimeEC2Role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/ChimeEC2Role\",\"Path\":\"/\",\"RoleName\":\"ChimeEC2Role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2021-06-29T08:01:56Z\",\"RoleId\":\"AROA2IBR2EZTOG264PXMR\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/ChimeEC2Role\",\"AROA2IBR2EZTOG264PXMR\"],\"name\":\"ChimeEC2Role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/ChimeEC2Role\",\"AROA2IBR2EZTOG264PXMR\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloud-trail-role\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"CreateDate\":\"2024-01-20T20:51:15Z\",\"RoleId\":\"AROA2IBR2EZTBGIKOYDZ7\",\"RoleName\":\"cloud-trail-role\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloud-trail-role\",\"AROA2IBR2EZTBGIKOYDZ7\"],\"name\":\"cloud-trail-role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloud-trail-role\",\"AROA2IBR2EZTBGIKOYDZ7\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloud-trail-role\":{\"type\":\"role\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-eks-role\",\"AROA2IBR2EZTHXDLKPZO3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-eks-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-eks-role\",\"AROA2IBR2EZTHXDLKPZO3\"],\"name\":\"cloudbeat-eks-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-eks-role\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-eks-role\",\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2022-07-31T11:25:37Z\",\"RoleId\":\"AROA2IBR2EZTHXDLKPZO3\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22AROA2IBR2EZTGM6UTGKU5%3Ai-085cd34200c1b52d9%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%5D%7D\",\"Description\":\"Role to grant cloudbeat the required eks permissions when developing.\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-root\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Tags\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTK2WTOQ3JX\",\"RoleName\":\"cloudbeat-root\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2FElastic-Cloud-Security-Posture-Man-ElasticAgentRole-Wa1vI54DVbla%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-root\",\"CreateDate\":\"2024-10-13T13:59:59Z\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-root\",\"AROA2IBR2EZTK2WTOQ3JX\"],\"name\":\"cloudbeat-root\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-root\",\"AROA2IBR2EZTK2WTOQ3JX\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-1-eks-node-group-20230213101355932500000009\",\"AROA2IBR2EZTHGZVINX2A\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-1-eks-node-group-20230213101355932500000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTHGZVINX2A\",\"MaxSessionDuration\":3600,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-1-eks-node-group-20230213101355932500000009\",\"CreateDate\":\"2023-02-13T10:13:55Z\",\"RoleName\":\"cloudbeat-tf-5Fb-1-eks-node-group-20230213101355932500000009\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-1-eks-node-group-20230213101355932500000009\",\"AROA2IBR2EZTHGZVINX2A\"],\"name\":\"cloudbeat-tf-5Fb-1-eks-node-group-20230213101355932500000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-2-eks-node-group-20230213101355118500000008\",\"AROA2IBR2EZTPOUHWFKYV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-2-eks-node-group-20230213101355118500000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPOUHWFKYV\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-2-eks-node-group-20230213101355118500000008\",\"CreateDate\":\"2023-02-13T10:13:55Z\",\"RoleName\":\"cloudbeat-tf-5Fb-2-eks-node-group-20230213101355118500000008\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-2-eks-node-group-20230213101355118500000008\",\"AROA2IBR2EZTPOUHWFKYV\"],\"name\":\"cloudbeat-tf-5Fb-2-eks-node-group-20230213101355118500000008\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-cluster-20230213101334304500000001\",\"CreateDate\":\"2023-02-13T10:13:34Z\",\"RoleName\":\"cloudbeat-tf-5Fb-cluster-20230213101334304500000001\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPZZNPU7V5\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-cluster-20230213101334304500000001\",\"AROA2IBR2EZTPZZNPU7V5\"],\"name\":\"cloudbeat-tf-5Fb-cluster-20230213101334304500000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-cluster-20230213101334304500000001\",\"AROA2IBR2EZTPZZNPU7V5\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-5Fb-cluster-20230213101334304500000001\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-01-11T11:18:04Z\",\"Path\":\"/\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA\",\"RoleId\":\"AROA2IBR2EZTLNOJEG2RL\",\"RoleName\":\"cloudbeat-tf-5jA\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-5jA%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F3945DE649122836139CD49572887BAFE%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F3945DE649122836139CD49572887BAFE%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"MaxSessionDuration\":43200,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA\",\"AROA2IBR2EZTLNOJEG2RL\"],\"name\":\"cloudbeat-tf-5jA\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA\",\"AROA2IBR2EZTLNOJEG2RL\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-1-eks-node-group-20230111100435922900000008\",\"AROA2IBR2EZTHXF2LAL7A\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-1-eks-node-group-20230111100435922900000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-5jA-1-eks-node-group-20230111100435922900000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-01-11T10:04:36Z\",\"RoleName\":\"cloudbeat-tf-5jA-1-eks-node-group-20230111100435922900000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-1-eks-node-group-20230111100435922900000008\",\"RoleId\":\"AROA2IBR2EZTHXF2LAL7A\",\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-1-eks-node-group-20230111100435922900000008\",\"AROA2IBR2EZTHXF2LAL7A\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-2-eks-node-group-20230111100435922900000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2023-01-11T10:04:36Z\",\"RoleId\":\"AROA2IBR2EZTCFX2HQE3S\",\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-2-eks-node-group-20230111100435922900000009\",\"RoleName\":\"cloudbeat-tf-5jA-2-eks-node-group-20230111100435922900000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-2-eks-node-group-20230111100435922900000009\",\"AROA2IBR2EZTCFX2HQE3S\"],\"name\":\"cloudbeat-tf-5jA-2-eks-node-group-20230111100435922900000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-2-eks-node-group-20230111100435922900000009\",\"AROA2IBR2EZTCFX2HQE3S\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-cluster-20230111100421770100000001\",\"AROA2IBR2EZTAUYIBQQOE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-cluster-20230111100421770100000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-cluster-20230111100421770100000001\",\"CreateDate\":\"2023-01-11T10:04:22Z\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-5jA-cluster-20230111100421770100000001\",\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTAUYIBQQOE\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA-cluster-20230111100421770100000001\",\"AROA2IBR2EZTAUYIBQQOE\"],\"name\":\"cloudbeat-tf-5jA-cluster-20230111100421770100000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-6mv-cluster-20230205161836512000000001\",\"AROA2IBR2EZTDTF34MHLQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-6mv-cluster-20230205161836512000000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"Description\":null,\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-6mv-cluster-20230205161836512000000001\",\"CreateDate\":\"2023-02-05T16:18:36Z\",\"RoleId\":\"AROA2IBR2EZTDTF34MHLQ\",\"RoleName\":\"cloudbeat-tf-6mv-cluster-20230205161836512000000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-6mv-cluster-20230205161836512000000001\",\"AROA2IBR2EZTDTF34MHLQ\"],\"name\":\"cloudbeat-tf-6mv-cluster-20230205161836512000000001\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-1-eks-node-group-20230203171352113400000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-1-eks-node-group-20230203171352113400000009\",\"Path\":\"/\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-02-03T17:13:52Z\",\"RoleId\":\"AROA2IBR2EZTNYOSTXPMJ\",\"RoleName\":\"cloudbeat-tf-9g8-1-eks-node-group-20230203171352113400000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-1-eks-node-group-20230203171352113400000009\",\"AROA2IBR2EZTNYOSTXPMJ\"],\"name\":\"cloudbeat-tf-9g8-1-eks-node-group-20230203171352113400000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-1-eks-node-group-20230203171352113400000009\",\"AROA2IBR2EZTNYOSTXPMJ\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.340Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-2-eks-node-group-20230203171352108600000008\",\"AROA2IBR2EZTDUMPS7L5Q\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-2-eks-node-group-20230203171352108600000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-2-eks-node-group-20230203171352108600000008\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTDUMPS7L5Q\",\"RoleName\":\"cloudbeat-tf-9g8-2-eks-node-group-20230203171352108600000008\",\"Description\":\"EKS managed node group IAM role\",\"CreateDate\":\"2023-02-03T17:13:52Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-2-eks-node-group-20230203171352108600000008\",\"AROA2IBR2EZTDUMPS7L5Q\"],\"name\":\"cloudbeat-tf-9g8-2-eks-node-group-20230203171352108600000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-cluster-20230203171329063000000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTDGMJMJT5J\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-cluster-20230203171329063000000001\",\"CreateDate\":\"2023-02-03T17:13:29Z\",\"RoleName\":\"cloudbeat-tf-9g8-cluster-20230203171329063000000001\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-cluster-20230203171329063000000001\",\"AROA2IBR2EZTDGMJMJT5J\"],\"name\":\"cloudbeat-tf-9g8-cluster-20230203171329063000000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-9g8-cluster-20230203171329063000000001\",\"AROA2IBR2EZTDGMJMJT5J\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS\",\"AROA2IBR2EZTLSHP7FT5X\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS\",\"AROA2IBR2EZTLSHP7FT5X\"],\"name\":\"cloudbeat-tf-AeS\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-02T11:55:51Z\",\"Path\":\"/\",\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS\",\"RoleId\":\"AROA2IBR2EZTLSHP7FT5X\",\"RoleName\":\"cloudbeat-tf-AeS\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-AeS%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F9F2E0B2309A34804B768A5BBB2649996%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F9F2E0B2309A34804B768A5BBB2649996%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"RoleLastUsed\":null}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-1-eks-node-group-20230202113643032900000008\",\"AROA2IBR2EZTIZNOEVT3O\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-1-eks-node-group-20230202113643032900000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-1-eks-node-group-20230202113643032900000008\",\"AROA2IBR2EZTIZNOEVT3O\"],\"name\":\"cloudbeat-tf-AeS-1-eks-node-group-20230202113643032900000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-1-eks-node-group-20230202113643032900000008\",\"CreateDate\":\"2023-02-02T11:36:43Z\",\"RoleId\":\"AROA2IBR2EZTIZNOEVT3O\",\"RoleName\":\"cloudbeat-tf-AeS-1-eks-node-group-20230202113643032900000008\",\"MaxSessionDuration\":3600}},\"cloud\":{\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-2-eks-node-group-20230202113643035600000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTBAP72PSE7\",\"RoleName\":\"cloudbeat-tf-AeS-2-eks-node-group-20230202113643035600000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-2-eks-node-group-20230202113643035600000009\",\"CreateDate\":\"2023-02-02T11:36:43Z\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-2-eks-node-group-20230202113643035600000009\",\"AROA2IBR2EZTBAP72PSE7\"],\"name\":\"cloudbeat-tf-AeS-2-eks-node-group-20230202113643035600000009\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-2-eks-node-group-20230202113643035600000009\",\"AROA2IBR2EZTBAP72PSE7\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-cluster-20230202113628935000000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTDYMYUKQ3I\",\"Description\":null,\"PermissionsBoundary\":null,\"CreateDate\":\"2023-02-02T11:36:28Z\",\"RoleName\":\"cloudbeat-tf-AeS-cluster-20230202113628935000000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-cluster-20230202113628935000000001\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-cluster-20230202113628935000000001\",\"AROA2IBR2EZTDYMYUKQ3I\"],\"name\":\"cloudbeat-tf-AeS-cluster-20230202113628935000000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AeS-cluster-20230202113628935000000001\",\"AROA2IBR2EZTDYMYUKQ3I\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-1-eks-node-group-20230125095543380500000003\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Tags\":null,\"CreateDate\":\"2023-01-25T09:55:44Z\",\"RoleName\":\"cloudbeat-tf-AhU-1-eks-node-group-20230125095543380500000003\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-1-eks-node-group-20230125095543380500000003\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGT5I5VI2S\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-1-eks-node-group-20230125095543380500000003\",\"AROA2IBR2EZTGT5I5VI2S\"],\"name\":\"cloudbeat-tf-AhU-1-eks-node-group-20230125095543380500000003\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-1-eks-node-group-20230125095543380500000003\",\"AROA2IBR2EZTGT5I5VI2S\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-2-eks-node-group-20230125095543380400000002\",\"AROA2IBR2EZTMEN4WCJW5\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-2-eks-node-group-20230125095543380400000002\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"cloudbeat-tf-AhU-2-eks-node-group-20230125095543380400000002\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-2-eks-node-group-20230125095543380400000002\",\"CreateDate\":\"2023-01-25T09:55:44Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTMEN4WCJW5\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-2-eks-node-group-20230125095543380400000002\",\"AROA2IBR2EZTMEN4WCJW5\"],\"name\":\"cloudbeat-tf-AhU-2-eks-node-group-20230125095543380400000002\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-cluster-20230125095543377400000001\",\"AROA2IBR2EZTNEDM7B4KH\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-cluster-20230125095543377400000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-AhU-cluster-20230125095543377400000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"PermissionsBoundary\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-cluster-20230125095543377400000001\",\"CreateDate\":\"2023-01-25T09:55:44Z\",\"RoleId\":\"AROA2IBR2EZTNEDM7B4KH\",\"RoleName\":\"cloudbeat-tf-AhU-cluster-20230125095543377400000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-AhU-cluster-20230125095543377400000001\",\"AROA2IBR2EZTNEDM7B4KH\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn\",\"AROA2IBR2EZTAL7TPCXSG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2023-02-03T08:58:42Z\",\"Path\":\"/\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn\",\"RoleId\":\"AROA2IBR2EZTAL7TPCXSG\",\"RoleName\":\"cloudbeat-tf-APn\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-APn%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2FBB17729EBCB93C10B6A584231598736A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2FBB17729EBCB93C10B6A584231598736A%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":43200,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn\",\"AROA2IBR2EZTAL7TPCXSG\"],\"name\":\"cloudbeat-tf-APn\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-1-eks-node-group-20230203084119495500000008\",\"AROA2IBR2EZTANKCR2JZM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-1-eks-node-group-20230203084119495500000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-03T08:41:19Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTANKCR2JZM\",\"RoleName\":\"cloudbeat-tf-APn-1-eks-node-group-20230203084119495500000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-1-eks-node-group-20230203084119495500000008\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-1-eks-node-group-20230203084119495500000008\",\"AROA2IBR2EZTANKCR2JZM\"],\"name\":\"cloudbeat-tf-APn-1-eks-node-group-20230203084119495500000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-2-eks-node-group-20230203084119496300000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-2-eks-node-group-20230203084119496300000009\",\"AROA2IBR2EZTFQMIWSQ4X\"],\"name\":\"cloudbeat-tf-APn-2-eks-node-group-20230203084119496300000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-2-eks-node-group-20230203084119496300000009\",\"RoleName\":\"cloudbeat-tf-APn-2-eks-node-group-20230203084119496300000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-02-03T08:41:19Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTFQMIWSQ4X\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null}},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-2-eks-node-group-20230203084119496300000009\",\"AROA2IBR2EZTFQMIWSQ4X\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-cluster-20230203084104662700000001\",\"AROA2IBR2EZTNG5H2OJOO\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-cluster-20230203084104662700000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleName\":\"cloudbeat-tf-APn-cluster-20230203084104662700000001\",\"CreateDate\":\"2023-02-03T08:41:04Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTNG5H2OJOO\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-cluster-20230203084104662700000001\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-APn-cluster-20230203084104662700000001\",\"AROA2IBR2EZTNG5H2OJOO\"],\"name\":\"cloudbeat-tf-APn-cluster-20230203084104662700000001\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H\",\"AROA2IBR2EZTKXCBBFFFC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2023-02-05T19:27:10Z\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKXCBBFFFC\",\"RoleName\":\"cloudbeat-tf-c2H\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-c2H%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2FAD26076455FD6D9AA42EB46ABD6BB99C%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2FAD26076455FD6D9AA42EB46ABD6BB99C%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H\",\"AROA2IBR2EZTKXCBBFFFC\"],\"name\":\"cloudbeat-tf-c2H\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-1-eks-node-group-20230205190957142600000009\",\"AROA2IBR2EZTOCQPY3DRE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-1-eks-node-group-20230205190957142600000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Tags\":null,\"CreateDate\":\"2023-02-05T19:09:57Z\",\"RoleId\":\"AROA2IBR2EZTOCQPY3DRE\",\"RoleName\":\"cloudbeat-tf-c2H-1-eks-node-group-20230205190957142600000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-1-eks-node-group-20230205190957142600000009\",\"Path\":\"/\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-1-eks-node-group-20230205190957142600000009\",\"AROA2IBR2EZTOCQPY3DRE\"],\"name\":\"cloudbeat-tf-c2H-1-eks-node-group-20230205190957142600000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-2-eks-node-group-20230205190956339700000008\",\"AROA2IBR2EZTHM7K6SNOF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-2-eks-node-group-20230205190956339700000008\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-2-eks-node-group-20230205190956339700000008\",\"CreateDate\":\"2023-02-05T19:09:56Z\",\"Path\":\"/\",\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTHM7K6SNOF\",\"RoleName\":\"cloudbeat-tf-c2H-2-eks-node-group-20230205190956339700000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-2-eks-node-group-20230205190956339700000008\",\"AROA2IBR2EZTHM7K6SNOF\"],\"name\":\"cloudbeat-tf-c2H-2-eks-node-group-20230205190956339700000008\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-cluster-20230205190935863700000001\",\"AROA2IBR2EZTHBSAX5SJ2\"],\"name\":\"cloudbeat-tf-c2H-cluster-20230205190935863700000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTHBSAX5SJ2\",\"RoleName\":\"cloudbeat-tf-c2H-cluster-20230205190935863700000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-cluster-20230205190935863700000001\",\"CreateDate\":\"2023-02-05T19:09:36Z\",\"Path\":\"/\",\"Description\":null}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-cluster-20230205190935863700000001\",\"AROA2IBR2EZTHBSAX5SJ2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-c2H-cluster-20230205190935863700000001\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-1-eks-node-group-20230131132830278100000009\",\"AROA2IBR2EZTKCI64ZRNO\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-1-eks-node-group-20230131132830278100000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"RoleName\":\"cloudbeat-tf-c7T-1-eks-node-group-20230131132830278100000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-1-eks-node-group-20230131132830278100000009\",\"CreateDate\":\"2023-01-31T13:28:30Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKCI64ZRNO\",\"Tags\":null,\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-1-eks-node-group-20230131132830278100000009\",\"AROA2IBR2EZTKCI64ZRNO\"],\"name\":\"cloudbeat-tf-c7T-1-eks-node-group-20230131132830278100000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"tags\":null,\"raw\":{\"CreateDate\":\"2023-01-31T13:28:29Z\",\"RoleId\":\"AROA2IBR2EZTGKKR75B5G\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-2-eks-node-group-20230131132829482200000008\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-c7T-2-eks-node-group-20230131132829482200000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-2-eks-node-group-20230131132829482200000008\",\"AROA2IBR2EZTGKKR75B5G\"],\"name\":\"cloudbeat-tf-c7T-2-eks-node-group-20230131132829482200000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-2-eks-node-group-20230131132829482200000008\",\"AROA2IBR2EZTGKKR75B5G\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-2-eks-node-group-20230131132829482200000008\":{\"type\":\"role\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-cluster-20230131132810680600000001\",\"AROA2IBR2EZTGELQQ4MZN\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-cluster-20230131132810680600000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-cluster-20230131132810680600000001\",\"AROA2IBR2EZTGELQQ4MZN\"],\"name\":\"cloudbeat-tf-c7T-cluster-20230131132810680600000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-c7T-cluster-20230131132810680600000001\",\"Path\":\"/\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-01-31T13:28:10Z\",\"RoleId\":\"AROA2IBR2EZTGELQQ4MZN\",\"RoleName\":\"cloudbeat-tf-c7T-cluster-20230131132810680600000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp\",\"RoleId\":\"AROA2IBR2EZTG2K26XHJF\",\"RoleName\":\"cloudbeat-tf-Gfp\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-Gfp%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2F403E01B47017C83C16F8168497420E2E%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2F403E01B47017C83C16F8168497420E2E%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"CreateDate\":\"2022-12-28T16:02:45Z\",\"Path\":\"/\",\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp\",\"AROA2IBR2EZTG2K26XHJF\"],\"name\":\"cloudbeat-tf-Gfp\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp\",\"AROA2IBR2EZTG2K26XHJF\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-1-eks-node-group-20221228133514686700000002\",\"AROA2IBR2EZTDTOQOID6F\"],\"name\":\"cloudbeat-tf-Gfp-1-eks-node-group-20221228133514686700000002\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTDTOQOID6F\",\"RoleName\":\"cloudbeat-tf-Gfp-1-eks-node-group-20221228133514686700000002\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-1-eks-node-group-20221228133514686700000002\",\"CreateDate\":\"2022-12-28T13:35:15Z\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-1-eks-node-group-20221228133514686700000002\",\"AROA2IBR2EZTDTOQOID6F\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-1-eks-node-group-20221228133514686700000002\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-2-eks-node-group-20221228133514686700000003\",\"AROA2IBR2EZTFLDTKLYFT\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-2-eks-node-group-20221228133514686700000003\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-2-eks-node-group-20221228133514686700000003\",\"CreateDate\":\"2022-12-28T13:35:15Z\",\"RoleId\":\"AROA2IBR2EZTFLDTKLYFT\",\"RoleName\":\"cloudbeat-tf-Gfp-2-eks-node-group-20221228133514686700000003\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-2-eks-node-group-20221228133514686700000003\",\"AROA2IBR2EZTFLDTKLYFT\"],\"name\":\"cloudbeat-tf-Gfp-2-eks-node-group-20221228133514686700000003\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-cluster-20221228133514684700000001\",\"AROA2IBR2EZTIUXENXQ2F\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-cluster-20221228133514684700000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-cluster-20221228133514684700000001\",\"CreateDate\":\"2022-12-28T13:35:15Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTIUXENXQ2F\",\"Description\":null,\"RoleLastUsed\":null,\"RoleName\":\"cloudbeat-tf-Gfp-cluster-20221228133514684700000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Gfp-cluster-20221228133514684700000001\",\"AROA2IBR2EZTIUXENXQ2F\"],\"name\":\"cloudbeat-tf-Gfp-cluster-20221228133514684700000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb\",\"AROA2IBR2EZTN7RCP7DSF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-Glb\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-Glb%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2F44528EC37B5F0D1D6775094AE001CD68%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2F44528EC37B5F0D1D6775094AE001CD68%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-02-05T12:08:21Z\",\"RoleId\":\"AROA2IBR2EZTN7RCP7DSF\",\"Description\":null,\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb\",\"AROA2IBR2EZTN7RCP7DSF\"],\"name\":\"cloudbeat-tf-Glb\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-1-eks-node-group-20230205115106111500000008\",\"AROA2IBR2EZTCZ4XMJRES\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-1-eks-node-group-20230205115106111500000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTCZ4XMJRES\",\"RoleName\":\"cloudbeat-tf-Glb-1-eks-node-group-20230205115106111500000008\",\"Description\":\"EKS managed node group IAM role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-1-eks-node-group-20230205115106111500000008\",\"CreateDate\":\"2023-02-05T11:51:06Z\",\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-1-eks-node-group-20230205115106111500000008\",\"AROA2IBR2EZTCZ4XMJRES\"],\"name\":\"cloudbeat-tf-Glb-1-eks-node-group-20230205115106111500000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-2-eks-node-group-20230205115106112400000009\",\"AROA2IBR2EZTCHF2YRIHU\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-2-eks-node-group-20230205115106112400000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-02-05T11:51:06Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTCHF2YRIHU\",\"RoleName\":\"cloudbeat-tf-Glb-2-eks-node-group-20230205115106112400000009\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-2-eks-node-group-20230205115106112400000009\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-2-eks-node-group-20230205115106112400000009\",\"AROA2IBR2EZTCHF2YRIHU\"],\"name\":\"cloudbeat-tf-Glb-2-eks-node-group-20230205115106112400000009\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-cluster-20230205115046134200000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"raw\":{\"PermissionsBoundary\":null,\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleName\":\"cloudbeat-tf-Glb-cluster-20230205115046134200000001\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-cluster-20230205115046134200000001\",\"CreateDate\":\"2023-02-05T11:50:46Z\",\"RoleId\":\"AROA2IBR2EZTPVOU7VH2F\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-cluster-20230205115046134200000001\",\"AROA2IBR2EZTPVOU7VH2F\"],\"name\":\"cloudbeat-tf-Glb-cluster-20230205115046134200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Glb-cluster-20230205115046134200000001\",\"AROA2IBR2EZTPVOU7VH2F\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-GnA-cluster-20230202123720918500000001\",\"AROA2IBR2EZTIA7QIXCJL\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-GnA-cluster-20230202123720918500000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-GnA-cluster-20230202123720918500000001\",\"AROA2IBR2EZTIA7QIXCJL\"],\"name\":\"cloudbeat-tf-GnA-cluster-20230202123720918500000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"cloudbeat-tf-GnA-cluster-20230202123720918500000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-GnA-cluster-20230202123720918500000001\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTIA7QIXCJL\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-02T12:37:21Z\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-1-eks-node-group-20230203181427044400000009\",\"AROA2IBR2EZTGE4NPJS6F\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-1-eks-node-group-20230203181427044400000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-1-eks-node-group-20230203181427044400000009\",\"CreateDate\":\"2023-02-03T18:14:27Z\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTGE4NPJS6F\",\"RoleName\":\"cloudbeat-tf-gwk-1-eks-node-group-20230203181427044400000009\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-1-eks-node-group-20230203181427044400000009\",\"AROA2IBR2EZTGE4NPJS6F\"],\"name\":\"cloudbeat-tf-gwk-1-eks-node-group-20230203181427044400000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-2-eks-node-group-20230203181427030800000008\",\"AROA2IBR2EZTF7BJATID3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-2-eks-node-group-20230203181427030800000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-2-eks-node-group-20230203181427030800000008\",\"CreateDate\":\"2023-02-03T18:14:27Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTF7BJATID3\",\"RoleName\":\"cloudbeat-tf-gwk-2-eks-node-group-20230203181427030800000008\",\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-2-eks-node-group-20230203181427030800000008\",\"AROA2IBR2EZTF7BJATID3\"],\"name\":\"cloudbeat-tf-gwk-2-eks-node-group-20230203181427030800000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-cluster-20230203181411291200000001\",\"AROA2IBR2EZTBIPKK33DC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-cluster-20230203181411291200000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"PermissionsBoundary\":null,\"CreateDate\":\"2023-02-03T18:14:11Z\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-gwk-cluster-20230203181411291200000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-cluster-20230203181411291200000001\",\"RoleId\":\"AROA2IBR2EZTBIPKK33DC\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-gwk-cluster-20230203181411291200000001\",\"AROA2IBR2EZTBIPKK33DC\"],\"name\":\"cloudbeat-tf-gwk-cluster-20230203181411291200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97\",\"AROA2IBR2EZTG4IJCYYPD\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":43200,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97\",\"CreateDate\":\"2023-02-06T11:55:33Z\",\"RoleName\":\"cloudbeat-tf-H97\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-H97%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2FCB465FD9E3C0093252AE5E09C2B4C889%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2FCB465FD9E3C0093252AE5E09C2B4C889%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTG4IJCYYPD\",\"Description\":null,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97\",\"AROA2IBR2EZTG4IJCYYPD\"],\"name\":\"cloudbeat-tf-H97\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTMTJ2TNFMI\",\"RoleName\":\"cloudbeat-tf-H97-1-eks-node-group-20230206113840818800000009\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-1-eks-node-group-20230206113840818800000009\",\"CreateDate\":\"2023-02-06T11:38:40Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-1-eks-node-group-20230206113840818800000009\",\"AROA2IBR2EZTMTJ2TNFMI\"],\"name\":\"cloudbeat-tf-H97-1-eks-node-group-20230206113840818800000009\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-1-eks-node-group-20230206113840818800000009\",\"AROA2IBR2EZTMTJ2TNFMI\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-1-eks-node-group-20230206113840818800000009\":{\"type\":\"role\",\"category\":\"identity\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-2-eks-node-group-20230206113840053500000008\",\"AROA2IBR2EZTLLGMYYJXT\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-2-eks-node-group-20230206113840053500000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-H97-2-eks-node-group-20230206113840053500000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"cloudbeat-tf-H97-2-eks-node-group-20230206113840053500000008\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-2-eks-node-group-20230206113840053500000008\",\"CreateDate\":\"2023-02-06T11:38:40Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTLLGMYYJXT\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-2-eks-node-group-20230206113840053500000008\",\"AROA2IBR2EZTLLGMYYJXT\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-cluster-20230206113819414300000001\",\"AROA2IBR2EZTJGNANFUUA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-cluster-20230206113819414300000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-06T11:38:19Z\",\"RoleName\":\"cloudbeat-tf-H97-cluster-20230206113819414300000001\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-cluster-20230206113819414300000001\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTJGNANFUUA\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-H97-cluster-20230206113819414300000001\",\"AROA2IBR2EZTJGNANFUUA\"],\"name\":\"cloudbeat-tf-H97-cluster-20230206113819414300000001\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO\",\"AROA2IBR2EZTAUEMVMYXK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTAUEMVMYXK\",\"Description\":null,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO\",\"CreateDate\":\"2023-02-06T14:33:02Z\",\"Path\":\"/\",\"RoleLastUsed\":null,\"RoleName\":\"cloudbeat-tf-hpO\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-hpO%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2F13E2BE742FA1F4A89EF05083127F7ED1%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2F13E2BE742FA1F4A89EF05083127F7ED1%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"MaxSessionDuration\":43200},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO\",\"AROA2IBR2EZTAUEMVMYXK\"],\"name\":\"cloudbeat-tf-hpO\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-06T14:15:27Z\",\"RoleId\":\"AROA2IBR2EZTMKKUMWV6E\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-1-eks-node-group-20230206141527771100000008\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-hpO-1-eks-node-group-20230206141527771100000008\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-1-eks-node-group-20230206141527771100000008\",\"AROA2IBR2EZTMKKUMWV6E\"],\"name\":\"cloudbeat-tf-hpO-1-eks-node-group-20230206141527771100000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-1-eks-node-group-20230206141527771100000008\",\"AROA2IBR2EZTMKKUMWV6E\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-1-eks-node-group-20230206141527771100000008\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-2-eks-node-group-20230206141527774400000009\",\"AROA2IBR2EZTACKZKVOVI\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-2-eks-node-group-20230206141527774400000009\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"tags\":null,\"raw\":{\"RoleName\":\"cloudbeat-tf-hpO-2-eks-node-group-20230206141527774400000009\",\"PermissionsBoundary\":null,\"CreateDate\":\"2023-02-06T14:15:27Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-2-eks-node-group-20230206141527774400000009\",\"RoleId\":\"AROA2IBR2EZTACKZKVOVI\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-2-eks-node-group-20230206141527774400000009\",\"AROA2IBR2EZTACKZKVOVI\"],\"name\":\"cloudbeat-tf-hpO-2-eks-node-group-20230206141527774400000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-cluster-20230206141507259900000001\",\"AROA2IBR2EZTATWL6SK3W\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-cluster-20230206141507259900000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"CreateDate\":\"2023-02-06T14:15:07Z\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-hpO-cluster-20230206141507259900000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-cluster-20230206141507259900000001\",\"RoleId\":\"AROA2IBR2EZTATWL6SK3W\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-hpO-cluster-20230206141507259900000001\",\"AROA2IBR2EZTATWL6SK3W\"],\"name\":\"cloudbeat-tf-hpO-cluster-20230206141507259900000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z\",\"AROA2IBR2EZTJPOWUISC2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-02-05T10:43:22Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTJPOWUISC2\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-I0z%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2F23B465F9E9B8FA6E99BC946EC09774AC%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2F23B465F9E9B8FA6E99BC946EC09774AC%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z\",\"RoleName\":\"cloudbeat-tf-I0z\",\"Description\":null,\"MaxSessionDuration\":43200},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z\",\"AROA2IBR2EZTJPOWUISC2\"],\"name\":\"cloudbeat-tf-I0z\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-1-eks-node-group-20230205102555835000000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-1-eks-node-group-20230205102555835000000009\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTELGMHWJ7S\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-05T10:25:55Z\",\"RoleName\":\"cloudbeat-tf-I0z-1-eks-node-group-20230205102555835000000009\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-1-eks-node-group-20230205102555835000000009\",\"AROA2IBR2EZTELGMHWJ7S\"],\"name\":\"cloudbeat-tf-I0z-1-eks-node-group-20230205102555835000000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-1-eks-node-group-20230205102555835000000009\",\"AROA2IBR2EZTELGMHWJ7S\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-2-eks-node-group-20230205102555835000000008\",\"AROA2IBR2EZTKKQZQ7NLT\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-2-eks-node-group-20230205102555835000000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-2-eks-node-group-20230205102555835000000008\",\"AROA2IBR2EZTKKQZQ7NLT\"],\"name\":\"cloudbeat-tf-I0z-2-eks-node-group-20230205102555835000000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-05T10:25:55Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-2-eks-node-group-20230205102555835000000008\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKKQZQ7NLT\",\"RoleName\":\"cloudbeat-tf-I0z-2-eks-node-group-20230205102555835000000008\",\"PermissionsBoundary\":null}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-cluster-20230205102533206000000001\",\"AROA2IBR2EZTICCOU2U2H\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-cluster-20230205102533206000000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-I0z-cluster-20230205102533206000000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-cluster-20230205102533206000000001\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTICCOU2U2H\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-05T10:25:33Z\",\"RoleName\":\"cloudbeat-tf-I0z-cluster-20230205102533206000000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I0z-cluster-20230205102533206000000001\",\"AROA2IBR2EZTICCOU2U2H\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V\",\"AROA2IBR2EZTFQ6ACBCNB\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V\",\"CreateDate\":\"2023-02-04T17:30:04Z\",\"RoleLastUsed\":null,\"PermissionsBoundary\":null,\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTFQ6ACBCNB\",\"RoleName\":\"cloudbeat-tf-I8V\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-I8V%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2F4F261713B73F25C76936B2D4F57AD9E8%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2F4F261713B73F25C76936B2D4F57AD9E8%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":43200},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V\",\"AROA2IBR2EZTFQ6ACBCNB\"],\"name\":\"cloudbeat-tf-I8V\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-1-eks-node-group-20230204171122529000000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-I8V-1-eks-node-group-20230204171122529000000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTLN3M6O674\",\"RoleName\":\"cloudbeat-tf-I8V-1-eks-node-group-20230204171122529000000009\",\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-02-04T17:11:22Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-1-eks-node-group-20230204171122529000000009\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-1-eks-node-group-20230204171122529000000009\",\"AROA2IBR2EZTLN3M6O674\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-1-eks-node-group-20230204171122529000000009\",\"AROA2IBR2EZTLN3M6O674\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-2-eks-node-group-20230204171122524000000008\",\"AROA2IBR2EZTPS43L2SE4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-2-eks-node-group-20230204171122524000000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-04T17:11:22Z\",\"Path\":\"/\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-2-eks-node-group-20230204171122524000000008\",\"RoleName\":\"cloudbeat-tf-I8V-2-eks-node-group-20230204171122524000000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTPS43L2SE4\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-2-eks-node-group-20230204171122524000000008\",\"AROA2IBR2EZTPS43L2SE4\"],\"name\":\"cloudbeat-tf-I8V-2-eks-node-group-20230204171122524000000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-cluster-20230204171100595400000001\",\"AROA2IBR2EZTMIEFB4JNY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-cluster-20230204171100595400000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-I8V-cluster-20230204171100595400000001\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-cluster-20230204171100595400000001\",\"CreateDate\":\"2023-02-04T17:11:00Z\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTMIEFB4JNY\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-I8V-cluster-20230204171100595400000001\",\"AROA2IBR2EZTMIEFB4JNY\"],\"name\":\"cloudbeat-tf-I8V-cluster-20230204171100595400000001\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-jOB-cluster-20230206113823050300000001\",\"AROA2IBR2EZTLKGHOAXFQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-jOB-cluster-20230206113823050300000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-jOB-cluster-20230206113823050300000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-jOB-cluster-20230206113823050300000001\",\"CreateDate\":\"2023-02-06T11:38:23Z\",\"Tags\":null,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTLKGHOAXFQ\",\"RoleName\":\"cloudbeat-tf-jOB-cluster-20230206113823050300000001\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-jOB-cluster-20230206113823050300000001\",\"AROA2IBR2EZTLKGHOAXFQ\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj\",\"AROA2IBR2EZTN5GRFA7UZ\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTN5GRFA7UZ\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-Jzj%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2F2E7861BE9DDEB28F9FC8E1E751AC80E1%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2F2E7861BE9DDEB28F9FC8E1E751AC80E1%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj\",\"Path\":\"/\",\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-02-04T10:04:14Z\",\"RoleName\":\"cloudbeat-tf-Jzj\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj\",\"AROA2IBR2EZTN5GRFA7UZ\"],\"name\":\"cloudbeat-tf-Jzj\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-1-eks-node-group-2023020409430074240000000b\",\"AROA2IBR2EZTEUAFWRKE6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-1-eks-node-group-2023020409430074240000000b\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-02-04T09:43:00Z\",\"RoleId\":\"AROA2IBR2EZTEUAFWRKE6\",\"Description\":\"EKS managed node group IAM role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-1-eks-node-group-2023020409430074240000000b\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-Jzj-1-eks-node-group-2023020409430074240000000b\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-1-eks-node-group-2023020409430074240000000b\",\"AROA2IBR2EZTEUAFWRKE6\"],\"name\":\"cloudbeat-tf-Jzj-1-eks-node-group-2023020409430074240000000b\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-2-eks-node-group-2023020409430038010000000a\",\"AROA2IBR2EZTLKKXSDA3S\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-2-eks-node-group-2023020409430038010000000a\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-04T09:43:00Z\",\"Path\":\"/\",\"PermissionsBoundary\":null,\"Tags\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-2-eks-node-group-2023020409430038010000000a\",\"RoleId\":\"AROA2IBR2EZTLKKXSDA3S\",\"RoleName\":\"cloudbeat-tf-Jzj-2-eks-node-group-2023020409430038010000000a\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-2-eks-node-group-2023020409430038010000000a\",\"AROA2IBR2EZTLKKXSDA3S\"],\"name\":\"cloudbeat-tf-Jzj-2-eks-node-group-2023020409430038010000000a\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-cluster-20230204094238528200000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-cluster-20230204094238528200000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-04T09:42:38Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGSLN5KQGP\",\"RoleName\":\"cloudbeat-tf-Jzj-cluster-20230204094238528200000001\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-cluster-20230204094238528200000001\",\"AROA2IBR2EZTGSLN5KQGP\"],\"name\":\"cloudbeat-tf-Jzj-cluster-20230204094238528200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-Jzj-cluster-20230204094238528200000001\",\"AROA2IBR2EZTGSLN5KQGP\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9\",\"AROA2IBR2EZTBVHU6LHMH\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2023-02-02T13:38:33Z\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-LF9\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-LF9%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2FB4134E3237B36EF39F5A9EA951413ECB%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2FB4134E3237B36EF39F5A9EA951413ECB%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9\",\"RoleId\":\"AROA2IBR2EZTBVHU6LHMH\",\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9\",\"AROA2IBR2EZTBVHU6LHMH\"],\"name\":\"cloudbeat-tf-LF9\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-1-eks-node-group-20230202131956541900000009\",\"AROA2IBR2EZTL6G7XQIM3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-1-eks-node-group-20230202131956541900000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"raw\":{\"Description\":\"EKS managed node group IAM role\",\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTL6G7XQIM3\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-LF9-1-eks-node-group-20230202131956541900000009\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-1-eks-node-group-20230202131956541900000009\",\"CreateDate\":\"2023-02-02T13:19:56Z\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-1-eks-node-group-20230202131956541900000009\",\"AROA2IBR2EZTL6G7XQIM3\"],\"name\":\"cloudbeat-tf-LF9-1-eks-node-group-20230202131956541900000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-2-eks-node-group-20230202131956540600000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-2-eks-node-group-20230202131956540600000008\",\"AROA2IBR2EZTO36L2JR4B\"],\"name\":\"cloudbeat-tf-LF9-2-eks-node-group-20230202131956540600000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-2-eks-node-group-20230202131956540600000008\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-LF9-2-eks-node-group-20230202131956540600000008\",\"RoleLastUsed\":null,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-02-02T13:19:56Z\",\"RoleId\":\"AROA2IBR2EZTO36L2JR4B\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-2-eks-node-group-20230202131956540600000008\",\"AROA2IBR2EZTO36L2JR4B\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-cluster-20230202131939924200000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-cluster-20230202131939924200000001\",\"CreateDate\":\"2023-02-02T13:19:40Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTO6K6JLN7B\",\"Description\":null,\"RoleLastUsed\":null,\"RoleName\":\"cloudbeat-tf-LF9-cluster-20230202131939924200000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-cluster-20230202131939924200000001\",\"AROA2IBR2EZTO6K6JLN7B\"],\"name\":\"cloudbeat-tf-LF9-cluster-20230202131939924200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-LF9-cluster-20230202131939924200000001\",\"AROA2IBR2EZTO6K6JLN7B\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf\",\"AROA2IBR2EZTNAS3RYIJ4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf\",\"AROA2IBR2EZTNAS3RYIJ4\"],\"name\":\"cloudbeat-tf-lyf\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-lyf%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2F6A0C1992A60A643D7B7BDDD3D01E09EB%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2F6A0C1992A60A643D7B7BDDD3D01E09EB%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTNAS3RYIJ4\",\"RoleName\":\"cloudbeat-tf-lyf\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf\",\"CreateDate\":\"2023-02-05T15:10:49Z\",\"MaxSessionDuration\":43200}},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-1-eks-node-group-20230205145206789400000009\",\"AROA2IBR2EZTBUR4YDVRU\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-1-eks-node-group-20230205145206789400000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTBUR4YDVRU\",\"RoleName\":\"cloudbeat-tf-lyf-1-eks-node-group-20230205145206789400000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-1-eks-node-group-20230205145206789400000009\",\"Path\":\"/\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"CreateDate\":\"2023-02-05T14:52:06Z\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-1-eks-node-group-20230205145206789400000009\",\"AROA2IBR2EZTBUR4YDVRU\"],\"name\":\"cloudbeat-tf-lyf-1-eks-node-group-20230205145206789400000009\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-2-eks-node-group-20230205145206786500000008\",\"AROA2IBR2EZTMTOIMAFEI\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-2-eks-node-group-20230205145206786500000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTMTOIMAFEI\",\"RoleName\":\"cloudbeat-tf-lyf-2-eks-node-group-20230205145206786500000008\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-2-eks-node-group-20230205145206786500000008\",\"CreateDate\":\"2023-02-05T14:52:06Z\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-2-eks-node-group-20230205145206786500000008\",\"AROA2IBR2EZTMTOIMAFEI\"],\"name\":\"cloudbeat-tf-lyf-2-eks-node-group-20230205145206786500000008\",\"category\":\"identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-cluster-20230205145151053100000001\",\"AROA2IBR2EZTBDC7WJG7W\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-cluster-20230205145151053100000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTBDC7WJG7W\",\"RoleName\":\"cloudbeat-tf-lyf-cluster-20230205145151053100000001\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-cluster-20230205145151053100000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-05T14:51:51Z\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-lyf-cluster-20230205145151053100000001\",\"AROA2IBR2EZTBDC7WJG7W\"],\"name\":\"cloudbeat-tf-lyf-cluster-20230205145151053100000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr\",\"AROA2IBR2EZTGA6Z7U2FO\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-mKr\",\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr\",\"CreateDate\":\"2023-02-12T13:45:26Z\",\"RoleId\":\"AROA2IBR2EZTGA6Z7U2FO\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-mKr%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2FCDEC1FD92EAE085AA9CFCA478A71402C%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2FCDEC1FD92EAE085AA9CFCA478A71402C%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr\",\"AROA2IBR2EZTGA6Z7U2FO\"],\"name\":\"cloudbeat-tf-mKr\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-1-eks-node-group-20230212132718669400000009\",\"AROA2IBR2EZTHAC3NXCEQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-1-eks-node-group-20230212132718669400000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-1-eks-node-group-20230212132718669400000009\",\"CreateDate\":\"2023-02-12T13:27:18Z\",\"RoleId\":\"AROA2IBR2EZTHAC3NXCEQ\",\"PermissionsBoundary\":null,\"Tags\":null,\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-mKr-1-eks-node-group-20230212132718669400000009\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-1-eks-node-group-20230212132718669400000009\",\"AROA2IBR2EZTHAC3NXCEQ\"],\"name\":\"cloudbeat-tf-mKr-1-eks-node-group-20230212132718669400000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-2-eks-node-group-20230212132718657500000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-2-eks-node-group-20230212132718657500000008\",\"AROA2IBR2EZTK5GVFSD5O\"],\"name\":\"cloudbeat-tf-mKr-2-eks-node-group-20230212132718657500000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-2-eks-node-group-20230212132718657500000008\",\"CreateDate\":\"2023-02-12T13:27:18Z\",\"RoleId\":\"AROA2IBR2EZTK5GVFSD5O\",\"RoleName\":\"cloudbeat-tf-mKr-2-eks-node-group-20230212132718657500000008\",\"Description\":\"EKS managed node group IAM role\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-2-eks-node-group-20230212132718657500000008\",\"AROA2IBR2EZTK5GVFSD5O\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-cluster-20230212132703412200000001\",\"AROA2IBR2EZTKW26XCD7L\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-cluster-20230212132703412200000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-mKr-cluster-20230212132703412200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-cluster-20230212132703412200000001\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKW26XCD7L\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-02-12T13:27:03Z\",\"RoleName\":\"cloudbeat-tf-mKr-cluster-20230212132703412200000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-mKr-cluster-20230212132703412200000001\",\"AROA2IBR2EZTKW26XCD7L\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-1-eks-node-group-20230202100008969100000008\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"name\":\"cloudbeat-tf-MSh-1-eks-node-group-20230202100008969100000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-1-eks-node-group-20230202100008969100000008\",\"CreateDate\":\"2023-02-02T10:00:09Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGVTNNVR5O\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleName\":\"cloudbeat-tf-MSh-1-eks-node-group-20230202100008969100000008\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-1-eks-node-group-20230202100008969100000008\",\"AROA2IBR2EZTGVTNNVR5O\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-1-eks-node-group-20230202100008969100000008\",\"AROA2IBR2EZTGVTNNVR5O\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-2-eks-node-group-20230202100008971200000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-02T10:00:09Z\",\"RoleId\":\"AROA2IBR2EZTE7W6J7EXJ\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-2-eks-node-group-20230202100008971200000009\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-MSh-2-eks-node-group-20230202100008971200000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-2-eks-node-group-20230202100008971200000009\",\"AROA2IBR2EZTE7W6J7EXJ\"],\"name\":\"cloudbeat-tf-MSh-2-eks-node-group-20230202100008971200000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-2-eks-node-group-20230202100008971200000009\",\"AROA2IBR2EZTE7W6J7EXJ\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-cluster-20230202095954389900000001\",\"AROA2IBR2EZTPNSBSQWSI\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-cluster-20230202095954389900000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2023-02-02T09:59:54Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPNSBSQWSI\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-cluster-20230202095954389900000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"RoleName\":\"cloudbeat-tf-MSh-cluster-20230202095954389900000001\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-MSh-cluster-20230202095954389900000001\",\"AROA2IBR2EZTPNSBSQWSI\"],\"name\":\"cloudbeat-tf-MSh-cluster-20230202095954389900000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B\",\"AROA2IBR2EZTJDKIVEUJM\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-N1B%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2FDA4DBEB0FA8EBDC773A3C6FE0A36D751%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2FDA4DBEB0FA8EBDC773A3C6FE0A36D751%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B\",\"RoleId\":\"AROA2IBR2EZTJDKIVEUJM\",\"RoleName\":\"cloudbeat-tf-N1B\",\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"CreateDate\":\"2023-02-02T20:42:21Z\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B\",\"AROA2IBR2EZTJDKIVEUJM\"],\"name\":\"cloudbeat-tf-N1B\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-1-eks-node-group-20230202202311634100000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-1-eks-node-group-20230202202311634100000009\",\"CreateDate\":\"2023-02-02T20:23:11Z\",\"RoleId\":\"AROA2IBR2EZTOWZG7KN2J\",\"RoleName\":\"cloudbeat-tf-N1B-1-eks-node-group-20230202202311634100000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Path\":\"/\",\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-1-eks-node-group-20230202202311634100000009\",\"AROA2IBR2EZTOWZG7KN2J\"],\"name\":\"cloudbeat-tf-N1B-1-eks-node-group-20230202202311634100000009\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-1-eks-node-group-20230202202311634100000009\",\"AROA2IBR2EZTOWZG7KN2J\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-2-eks-node-group-20230202202311605800000008\",\"AROA2IBR2EZTAHGMZSQYR\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-2-eks-node-group-20230202202311605800000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-2-eks-node-group-20230202202311605800000008\",\"AROA2IBR2EZTAHGMZSQYR\"],\"name\":\"cloudbeat-tf-N1B-2-eks-node-group-20230202202311605800000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-2-eks-node-group-20230202202311605800000008\",\"CreateDate\":\"2023-02-02T20:23:11Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTAHGMZSQYR\",\"RoleName\":\"cloudbeat-tf-N1B-2-eks-node-group-20230202202311605800000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-cluster-20230202202248676000000001\",\"AROA2IBR2EZTGD3TQVSQ6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-cluster-20230202202248676000000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTGD3TQVSQ6\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-cluster-20230202202248676000000001\",\"CreateDate\":\"2023-02-02T20:22:48Z\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-N1B-cluster-20230202202248676000000001\",\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-N1B-cluster-20230202202248676000000001\",\"AROA2IBR2EZTGD3TQVSQ6\"],\"name\":\"cloudbeat-tf-N1B-cluster-20230202202248676000000001\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ\",\"AROA2IBR2EZTHRAGBMEDJ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-nsZ%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F84FF61628092322C43C68407C84521F3%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F84FF61628092322C43C68407C84521F3%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"CreateDate\":\"2023-02-14T08:40:38Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTHRAGBMEDJ\",\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ\",\"RoleName\":\"cloudbeat-tf-nsZ\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ\",\"AROA2IBR2EZTHRAGBMEDJ\"],\"name\":\"cloudbeat-tf-nsZ\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-1-eks-node-group-20230214081033252100000008\",\"AROA2IBR2EZTMD5FYT72P\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-1-eks-node-group-20230214081033252100000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-02-14T08:10:33Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTMD5FYT72P\",\"RoleName\":\"cloudbeat-tf-nsZ-1-eks-node-group-20230214081033252100000008\",\"Description\":\"EKS managed node group IAM role\",\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-1-eks-node-group-20230214081033252100000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-1-eks-node-group-20230214081033252100000008\",\"AROA2IBR2EZTMD5FYT72P\"],\"name\":\"cloudbeat-tf-nsZ-1-eks-node-group-20230214081033252100000008\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-2-eks-node-group-20230214081034128400000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-2-eks-node-group-20230214081034128400000009\",\"CreateDate\":\"2023-02-14T08:10:34Z\",\"RoleId\":\"AROA2IBR2EZTJQUQYH6CD\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-nsZ-2-eks-node-group-20230214081034128400000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-2-eks-node-group-20230214081034128400000009\",\"AROA2IBR2EZTJQUQYH6CD\"],\"name\":\"cloudbeat-tf-nsZ-2-eks-node-group-20230214081034128400000009\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-2-eks-node-group-20230214081034128400000009\",\"AROA2IBR2EZTJQUQYH6CD\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTBOZ3FD62P\",\"RoleName\":\"cloudbeat-tf-nsZ-cluster-20230214081013066100000001\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-02-14T08:10:14Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-cluster-20230214081013066100000001\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-cluster-20230214081013066100000001\",\"AROA2IBR2EZTBOZ3FD62P\"],\"name\":\"cloudbeat-tf-nsZ-cluster-20230214081013066100000001\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-cluster-20230214081013066100000001\",\"AROA2IBR2EZTBOZ3FD62P\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-nsZ-cluster-20230214081013066100000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-nzc-cluster-20230213114710149700000001\",\"AROA2IBR2EZTJUH3CEV3T\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-nzc-cluster-20230213114710149700000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-nzc-cluster-20230213114710149700000001\",\"AROA2IBR2EZTJUH3CEV3T\"],\"name\":\"cloudbeat-tf-nzc-cluster-20230213114710149700000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-13T11:47:10Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTJUH3CEV3T\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-nzc-cluster-20230213114710149700000001\",\"RoleName\":\"cloudbeat-tf-nzc-cluster-20230213114710149700000001\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN\",\"AROA2IBR2EZTEYUA2RYMM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"CreateDate\":\"2022-12-26T08:15:17Z\",\"RoleId\":\"AROA2IBR2EZTEYUA2RYMM\",\"RoleName\":\"cloudbeat-tf-pEN\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-pEN%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F3DC1D2CD3311C1B4D026B31F502A7F23%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F3DC1D2CD3311C1B4D026B31F502A7F23%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN\",\"Path\":\"/\",\"Description\":null,\"MaxSessionDuration\":43200,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN\",\"AROA2IBR2EZTEYUA2RYMM\"],\"name\":\"cloudbeat-tf-pEN\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-1-eks-node-group-20221226075538105800000009\",\"AROA2IBR2EZTEK4NQUAHS\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-1-eks-node-group-20221226075538105800000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-1-eks-node-group-20221226075538105800000009\",\"CreateDate\":\"2022-12-26T07:55:38Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTEK4NQUAHS\",\"RoleName\":\"cloudbeat-tf-pEN-1-eks-node-group-20221226075538105800000009\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-1-eks-node-group-20221226075538105800000009\",\"AROA2IBR2EZTEK4NQUAHS\"],\"name\":\"cloudbeat-tf-pEN-1-eks-node-group-20221226075538105800000009\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-2-eks-node-group-20221226075538105700000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-pEN-2-eks-node-group-20221226075538105700000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2022-12-26T07:55:38Z\",\"RoleName\":\"cloudbeat-tf-pEN-2-eks-node-group-20221226075538105700000008\",\"RoleLastUsed\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-2-eks-node-group-20221226075538105700000008\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTE5IJ5VFUI\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-2-eks-node-group-20221226075538105700000008\",\"AROA2IBR2EZTE5IJ5VFUI\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-2-eks-node-group-20221226075538105700000008\",\"AROA2IBR2EZTE5IJ5VFUI\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-cluster-20221226075524331200000001\",\"AROA2IBR2EZTMSIOQMA55\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-cluster-20221226075524331200000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-pEN-cluster-20221226075524331200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-cluster-20221226075524331200000001\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-pEN-cluster-20221226075524331200000001\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2022-12-26T07:55:24Z\",\"RoleId\":\"AROA2IBR2EZTMSIOQMA55\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pEN-cluster-20221226075524331200000001\",\"AROA2IBR2EZTMSIOQMA55\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-1-eks-node-group-20230203172140085900000009\",\"AROA2IBR2EZTCVW5ZZ7TI\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-1-eks-node-group-20230203172140085900000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-1-eks-node-group-20230203172140085900000009\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-pNX-1-eks-node-group-20230203172140085900000009\",\"CreateDate\":\"2023-02-03T17:21:40Z\",\"RoleId\":\"AROA2IBR2EZTCVW5ZZ7TI\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-1-eks-node-group-20230203172140085900000009\",\"AROA2IBR2EZTCVW5ZZ7TI\"],\"name\":\"cloudbeat-tf-pNX-1-eks-node-group-20230203172140085900000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-2-eks-node-group-20230203172140084400000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-2-eks-node-group-20230203172140084400000008\",\"AROA2IBR2EZTHNDOI5YKQ\"],\"name\":\"cloudbeat-tf-pNX-2-eks-node-group-20230203172140084400000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-2-eks-node-group-20230203172140084400000008\",\"CreateDate\":\"2023-02-03T17:21:40Z\",\"RoleId\":\"AROA2IBR2EZTHNDOI5YKQ\",\"RoleName\":\"cloudbeat-tf-pNX-2-eks-node-group-20230203172140084400000008\",\"MaxSessionDuration\":3600,\"Tags\":null}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-2-eks-node-group-20230203172140084400000008\",\"AROA2IBR2EZTHNDOI5YKQ\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-cluster-20230203172118962700000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"cloudbeat-tf-pNX-cluster-20230203172118962700000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-cluster-20230203172118962700000001\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPG4MWEQBF\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-03T17:21:19Z\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-cluster-20230203172118962700000001\",\"AROA2IBR2EZTPG4MWEQBF\"],\"name\":\"cloudbeat-tf-pNX-cluster-20230203172118962700000001\",\"category\":\"identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-pNX-cluster-20230203172118962700000001\",\"AROA2IBR2EZTPG4MWEQBF\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ\",\"AROA2IBR2EZTAWZPISYA3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ\",\"AROA2IBR2EZTAWZPISYA3\"],\"name\":\"cloudbeat-tf-qtJ\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTAWZPISYA3\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-qtJ%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2F10565C559D971020DF9C2DE149287C0B%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2F10565C559D971020DF9C2DE149287C0B%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ\",\"CreateDate\":\"2023-02-03T13:18:56Z\",\"RoleName\":\"cloudbeat-tf-qtJ\",\"RoleLastUsed\":null}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"name\":\"cloudbeat-tf-qtJ-1-eks-node-group-20230203130037028400000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"Path\":\"/\",\"CreateDate\":\"2023-02-03T13:00:37Z\",\"RoleId\":\"AROA2IBR2EZTI5GHZQCJI\",\"RoleName\":\"cloudbeat-tf-qtJ-1-eks-node-group-20230203130037028400000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-1-eks-node-group-20230203130037028400000008\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-1-eks-node-group-20230203130037028400000008\",\"AROA2IBR2EZTI5GHZQCJI\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-1-eks-node-group-20230203130037028400000008\",\"AROA2IBR2EZTI5GHZQCJI\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-1-eks-node-group-20230203130037028400000008\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-2-eks-node-group-20230203130037029200000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-qtJ-2-eks-node-group-20230203130037029200000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"RoleName\":\"cloudbeat-tf-qtJ-2-eks-node-group-20230203130037029200000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Description\":\"EKS managed node group IAM role\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-2-eks-node-group-20230203130037029200000009\",\"CreateDate\":\"2023-02-03T13:00:37Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTDJDRIPL3H\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-2-eks-node-group-20230203130037029200000009\",\"AROA2IBR2EZTDJDRIPL3H\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-2-eks-node-group-20230203130037029200000009\",\"AROA2IBR2EZTDJDRIPL3H\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-cluster-20230203130021172200000001\",\"AROA2IBR2EZTKKCZUZAUE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-cluster-20230203130021172200000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKKCZUZAUE\",\"RoleName\":\"cloudbeat-tf-qtJ-cluster-20230203130021172200000001\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-cluster-20230203130021172200000001\",\"CreateDate\":\"2023-02-03T13:00:21Z\",\"Tags\":null,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-qtJ-cluster-20230203130021172200000001\",\"AROA2IBR2EZTKKCZUZAUE\"],\"name\":\"cloudbeat-tf-qtJ-cluster-20230203130021172200000001\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn\",\"AROA2IBR2EZTKCGQNFPSA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"MaxSessionDuration\":43200,\"Tags\":null,\"RoleName\":\"cloudbeat-tf-QZn\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-QZn%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2FA33100A5EBC85375C4B666DB99AFF419%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2FA33100A5EBC85375C4B666DB99AFF419%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn\",\"CreateDate\":\"2023-02-04T16:33:59Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKCGQNFPSA\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn\",\"AROA2IBR2EZTKCGQNFPSA\"],\"name\":\"cloudbeat-tf-QZn\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-1-eks-node-group-20230204160826165500000009\",\"AROA2IBR2EZTHYSNCIQJC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-1-eks-node-group-20230204160826165500000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTHYSNCIQJC\",\"RoleName\":\"cloudbeat-tf-QZn-1-eks-node-group-20230204160826165500000009\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-1-eks-node-group-20230204160826165500000009\",\"CreateDate\":\"2023-02-04T16:08:26Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-1-eks-node-group-20230204160826165500000009\",\"AROA2IBR2EZTHYSNCIQJC\"],\"name\":\"cloudbeat-tf-QZn-1-eks-node-group-20230204160826165500000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-2-eks-node-group-2023020416082625020000000b\",\"AROA2IBR2EZTOLH5Y6TDA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-2-eks-node-group-2023020416082625020000000b\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-2-eks-node-group-2023020416082625020000000b\",\"AROA2IBR2EZTOLH5Y6TDA\"],\"name\":\"cloudbeat-tf-QZn-2-eks-node-group-2023020416082625020000000b\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-04T16:08:26Z\",\"Description\":\"EKS managed node group IAM role\",\"RoleId\":\"AROA2IBR2EZTOLH5Y6TDA\",\"RoleName\":\"cloudbeat-tf-QZn-2-eks-node-group-2023020416082625020000000b\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-2-eks-node-group-2023020416082625020000000b\",\"Path\":\"/\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-cluster-20230204160802277200000001\",\"AROA2IBR2EZTPVF4FDK6P\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-cluster-20230204160802277200000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-QZn-cluster-20230204160802277200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-cluster-20230204160802277200000001\",\"CreateDate\":\"2023-02-04T16:08:02Z\",\"RoleId\":\"AROA2IBR2EZTPVF4FDK6P\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-QZn-cluster-20230204160802277200000001\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-QZn-cluster-20230204160802277200000001\",\"AROA2IBR2EZTPVF4FDK6P\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-01-31T15:21:06Z\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-sAZ\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-sAZ%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F6AE1B3B1D158A34314E000EE258850A5%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F6AE1B3B1D158A34314E000EE258850A5%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ\",\"RoleLastUsed\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTA3Z46INOG\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ\",\"AROA2IBR2EZTA3Z46INOG\"],\"name\":\"cloudbeat-tf-sAZ\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ\",\"AROA2IBR2EZTA3Z46INOG\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-1-eks-node-group-20230131150240257800000009\",\"AROA2IBR2EZTGW36NJ63B\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-1-eks-node-group-20230131150240257800000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-1-eks-node-group-20230131150240257800000009\",\"CreateDate\":\"2023-01-31T15:02:40Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGW36NJ63B\",\"RoleName\":\"cloudbeat-tf-sAZ-1-eks-node-group-20230131150240257800000009\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-1-eks-node-group-20230131150240257800000009\",\"AROA2IBR2EZTGW36NJ63B\"],\"name\":\"cloudbeat-tf-sAZ-1-eks-node-group-20230131150240257800000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-2-eks-node-group-20230131150239435500000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTLJWDY6ZRX\",\"RoleName\":\"cloudbeat-tf-sAZ-2-eks-node-group-20230131150239435500000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-2-eks-node-group-20230131150239435500000008\",\"CreateDate\":\"2023-01-31T15:02:39Z\",\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-2-eks-node-group-20230131150239435500000008\",\"AROA2IBR2EZTLJWDY6ZRX\"],\"name\":\"cloudbeat-tf-sAZ-2-eks-node-group-20230131150239435500000008\",\"category\":\"identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-2-eks-node-group-20230131150239435500000008\",\"AROA2IBR2EZTLJWDY6ZRX\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-cluster-20230131150220255300000001\",\"AROA2IBR2EZTKZ2PDGEMC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-cluster-20230131150220255300000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-cluster-20230131150220255300000001\",\"CreateDate\":\"2023-01-31T15:02:20Z\",\"Description\":null,\"MaxSessionDuration\":3600,\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKZ2PDGEMC\",\"RoleName\":\"cloudbeat-tf-sAZ-cluster-20230131150220255300000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-sAZ-cluster-20230131150220255300000001\",\"AROA2IBR2EZTKZ2PDGEMC\"],\"name\":\"cloudbeat-tf-sAZ-cluster-20230131150220255300000001\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-1-eks-node-group-20230502222559589700000009\",\"AROA2IBR2EZTBB5SOAAUT\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-1-eks-node-group-20230502222559589700000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-1-eks-node-group-20230502222559589700000009\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"Tags\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2023-05-02T22:25:59Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTBB5SOAAUT\",\"RoleName\":\"cloudbeat-tf-SXE-1-eks-node-group-20230502222559589700000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-1-eks-node-group-20230502222559589700000009\",\"AROA2IBR2EZTBB5SOAAUT\"],\"name\":\"cloudbeat-tf-SXE-1-eks-node-group-20230502222559589700000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-2-eks-node-group-20230502222559589700000008\",\"AROA2IBR2EZTEYNLVQXM6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-2-eks-node-group-20230502222559589700000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"Tags\":null,\"CreateDate\":\"2023-05-02T22:25:59Z\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-SXE-2-eks-node-group-20230502222559589700000008\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-2-eks-node-group-20230502222559589700000008\",\"RoleId\":\"AROA2IBR2EZTEYNLVQXM6\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-2-eks-node-group-20230502222559589700000008\",\"AROA2IBR2EZTEYNLVQXM6\"],\"name\":\"cloudbeat-tf-SXE-2-eks-node-group-20230502222559589700000008\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.087+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-cluster-20230502222545746800000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-05-02T22:25:46Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTIX75JXPOT\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-cluster-20230502222545746800000001\",\"RoleName\":\"cloudbeat-tf-SXE-cluster-20230502222545746800000001\",\"Description\":null,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-cluster-20230502222545746800000001\",\"AROA2IBR2EZTIX75JXPOT\"],\"name\":\"cloudbeat-tf-SXE-cluster-20230502222545746800000001\",\"category\":\"identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-SXE-cluster-20230502222545746800000001\",\"AROA2IBR2EZTIX75JXPOT\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi\",\"AROA2IBR2EZTL5QNEUZYL\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi\",\"CreateDate\":\"2023-02-05T13:50:40Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTL5QNEUZYL\",\"PermissionsBoundary\":null,\"Tags\":null,\"RoleName\":\"cloudbeat-tf-szi\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-szi%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2FA8431B8A55733F32AD67F462EE4D1ADC%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2FA8431B8A55733F32AD67F462EE4D1ADC%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":43200,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi\",\"AROA2IBR2EZTL5QNEUZYL\"],\"name\":\"cloudbeat-tf-szi\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-1-eks-node-group-20230205133122998200000009\",\"AROA2IBR2EZTDMAKVLZRH\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-1-eks-node-group-20230205133122998200000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-05T13:31:23Z\",\"Path\":\"/\",\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-1-eks-node-group-20230205133122998200000009\",\"RoleId\":\"AROA2IBR2EZTDMAKVLZRH\",\"RoleName\":\"cloudbeat-tf-szi-1-eks-node-group-20230205133122998200000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-1-eks-node-group-20230205133122998200000009\",\"AROA2IBR2EZTDMAKVLZRH\"],\"name\":\"cloudbeat-tf-szi-1-eks-node-group-20230205133122998200000009\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-2-eks-node-group-20230205133122996700000008\",\"AROA2IBR2EZTG7DEAPQRQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-2-eks-node-group-20230205133122996700000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-02-05T13:31:23Z\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"Tags\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-2-eks-node-group-20230205133122996700000008\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTG7DEAPQRQ\",\"RoleName\":\"cloudbeat-tf-szi-2-eks-node-group-20230205133122996700000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-2-eks-node-group-20230205133122996700000008\",\"AROA2IBR2EZTG7DEAPQRQ\"],\"name\":\"cloudbeat-tf-szi-2-eks-node-group-20230205133122996700000008\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-cluster-20230205133106192000000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"raw\":{\"RoleId\":\"AROA2IBR2EZTHBLLT6243\",\"RoleName\":\"cloudbeat-tf-szi-cluster-20230205133106192000000001\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-02-05T13:31:06Z\",\"Path\":\"/\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-cluster-20230205133106192000000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-cluster-20230205133106192000000001\",\"AROA2IBR2EZTHBLLT6243\"],\"name\":\"cloudbeat-tf-szi-cluster-20230205133106192000000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-szi-cluster-20230205133106192000000001\",\"AROA2IBR2EZTHBLLT6243\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-1-eks-node-group-20230125192539175500000005\",\"AROA2IBR2EZTLPCUTVCYP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-1-eks-node-group-20230125192539175500000005\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-1-eks-node-group-20230125192539175500000005\",\"AROA2IBR2EZTLPCUTVCYP\"],\"name\":\"cloudbeat-tf-T5Z-1-eks-node-group-20230125192539175500000005\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTLPCUTVCYP\",\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-1-eks-node-group-20230125192539175500000005\",\"CreateDate\":\"2023-01-25T19:25:39Z\",\"RoleName\":\"cloudbeat-tf-T5Z-1-eks-node-group-20230125192539175500000005\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-2-eks-node-group-20230125192539175500000006\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-T5Z-2-eks-node-group-20230125192539175500000006\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKMFMTGXBO\",\"RoleName\":\"cloudbeat-tf-T5Z-2-eks-node-group-20230125192539175500000006\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-2-eks-node-group-20230125192539175500000006\",\"CreateDate\":\"2023-01-25T19:25:39Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-2-eks-node-group-20230125192539175500000006\",\"AROA2IBR2EZTKMFMTGXBO\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-2-eks-node-group-20230125192539175500000006\",\"AROA2IBR2EZTKMFMTGXBO\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-cluster-20230125192852909900000001\",\"AROA2IBR2EZTBHOHVMCVZ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-cluster-20230125192852909900000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-cluster-20230125192852909900000001\",\"CreateDate\":\"2023-01-25T19:28:53Z\",\"RoleId\":\"AROA2IBR2EZTBHOHVMCVZ\",\"RoleName\":\"cloudbeat-tf-T5Z-cluster-20230125192852909900000001\",\"Path\":\"/\",\"Description\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-T5Z-cluster-20230125192852909900000001\",\"AROA2IBR2EZTBHOHVMCVZ\"],\"name\":\"cloudbeat-tf-T5Z-cluster-20230125192852909900000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm\",\"AROA2IBR2EZTCF7YXUXA5\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Path\":\"/\",\"MaxSessionDuration\":43200,\"Tags\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm\",\"CreateDate\":\"2023-02-06T11:14:01Z\",\"RoleId\":\"AROA2IBR2EZTCF7YXUXA5\",\"RoleName\":\"cloudbeat-tf-tAm\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-tAm%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2FD0D4F6F04E0F8EEF192ED32F963539D4%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2FD0D4F6F04E0F8EEF192ED32F963539D4%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm\",\"AROA2IBR2EZTCF7YXUXA5\"],\"name\":\"cloudbeat-tf-tAm\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-1-eks-node-group-20230206105514286800000008\",\"AROA2IBR2EZTCO4KI5JCE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-1-eks-node-group-20230206105514286800000008\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-1-eks-node-group-20230206105514286800000008\",\"RoleId\":\"AROA2IBR2EZTCO4KI5JCE\",\"RoleName\":\"cloudbeat-tf-tAm-1-eks-node-group-20230206105514286800000008\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-06T10:55:14Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-1-eks-node-group-20230206105514286800000008\",\"AROA2IBR2EZTCO4KI5JCE\"],\"name\":\"cloudbeat-tf-tAm-1-eks-node-group-20230206105514286800000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-2-eks-node-group-20230206105514289300000009\",\"AROA2IBR2EZTLUYJF5CGU\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-2-eks-node-group-20230206105514289300000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-2-eks-node-group-20230206105514289300000009\",\"Path\":\"/\",\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-06T10:55:14Z\",\"RoleId\":\"AROA2IBR2EZTLUYJF5CGU\",\"RoleName\":\"cloudbeat-tf-tAm-2-eks-node-group-20230206105514289300000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-2-eks-node-group-20230206105514289300000009\",\"AROA2IBR2EZTLUYJF5CGU\"],\"name\":\"cloudbeat-tf-tAm-2-eks-node-group-20230206105514289300000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-cluster-20230206105458756900000001\",\"AROA2IBR2EZTOAYB4YPCW\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-cluster-20230206105458756900000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-tAm-cluster-20230206105458756900000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-tAm-cluster-20230206105458756900000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-cluster-20230206105458756900000001\",\"CreateDate\":\"2023-02-06T10:54:58Z\",\"RoleId\":\"AROA2IBR2EZTOAYB4YPCW\",\"Description\":null,\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tAm-cluster-20230206105458756900000001\",\"AROA2IBR2EZTOAYB4YPCW\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF\",\"AROA2IBR2EZTHJFNR5Y4W\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF\",\"AROA2IBR2EZTHJFNR5Y4W\"],\"name\":\"cloudbeat-tf-tTF\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"cloudbeat-tf-tTF\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-tTF%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-north-1.amazonaws.com%2Fid%2F7489D4288B16B89C504DB60FB60AE431%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-north-1.amazonaws.com%2Fid%2F7489D4288B16B89C504DB60FB60AE431%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTHJFNR5Y4W\",\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF\",\"CreateDate\":\"2023-02-05T19:27:31Z\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-1-eks-node-group-20230205190952727100000008\",\"AROA2IBR2EZTKBRCDTSF6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-1-eks-node-group-20230205190952727100000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-tTF-1-eks-node-group-20230205190952727100000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"Tags\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-1-eks-node-group-20230205190952727100000008\",\"CreateDate\":\"2023-02-05T19:09:52Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKBRCDTSF6\",\"RoleName\":\"cloudbeat-tf-tTF-1-eks-node-group-20230205190952727100000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-1-eks-node-group-20230205190952727100000008\",\"AROA2IBR2EZTKBRCDTSF6\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-2-eks-node-group-20230205190952727900000009\",\"AROA2IBR2EZTCFOIJRWUC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-2-eks-node-group-20230205190952727900000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTCFOIJRWUC\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-02-05T19:09:52Z\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-tTF-2-eks-node-group-20230205190952727900000009\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-2-eks-node-group-20230205190952727900000009\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-2-eks-node-group-20230205190952727900000009\",\"AROA2IBR2EZTCFOIJRWUC\"],\"name\":\"cloudbeat-tf-tTF-2-eks-node-group-20230205190952727900000009\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-cluster-20230205190936869600000001\",\"AROA2IBR2EZTJ3S5EPYWU\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-cluster-20230205190936869600000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTJ3S5EPYWU\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-cluster-20230205190936869600000001\",\"CreateDate\":\"2023-02-05T19:09:37Z\",\"PermissionsBoundary\":null,\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-tTF-cluster-20230205190936869600000001\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-tTF-cluster-20230205190936869600000001\",\"AROA2IBR2EZTJ3S5EPYWU\"],\"name\":\"cloudbeat-tf-tTF-cluster-20230205190936869600000001\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ\",\"AROA2IBR2EZTGF4YTWFRS\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ\",\"AROA2IBR2EZTGF4YTWFRS\"],\"name\":\"cloudbeat-tf-WWZ\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"cloudbeat-tf-WWZ\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-WWZ%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F9C51E6FAE3842EB4B11EE2E78468C7B8%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F9C51E6FAE3842EB4B11EE2E78468C7B8%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2022-12-29T08:59:08Z\",\"RoleId\":\"AROA2IBR2EZTGF4YTWFRS\",\"Description\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ\",\"Path\":\"/\"}},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"CreateDate\":\"2022-12-29T08:41:30Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTN5TSYJ47V\",\"RoleName\":\"cloudbeat-tf-WWZ-1-eks-node-group-20221229084130107900000009\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-1-eks-node-group-20221229084130107900000009\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-1-eks-node-group-20221229084130107900000009\",\"AROA2IBR2EZTN5TSYJ47V\"],\"name\":\"cloudbeat-tf-WWZ-1-eks-node-group-20221229084130107900000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-1-eks-node-group-20221229084130107900000009\",\"AROA2IBR2EZTN5TSYJ47V\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-1-eks-node-group-20221229084130107900000009\":{\"type\":\"role\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-2-eks-node-group-20221229084130107800000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"cloudbeat-tf-WWZ-2-eks-node-group-20221229084130107800000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"Tags\":null,\"CreateDate\":\"2022-12-29T08:41:30Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGI6JZJ2MY\",\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-2-eks-node-group-20221229084130107800000008\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-2-eks-node-group-20221229084130107800000008\",\"AROA2IBR2EZTGI6JZJ2MY\"],\"name\":\"cloudbeat-tf-WWZ-2-eks-node-group-20221229084130107800000008\",\"category\":\"identity\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-2-eks-node-group-20221229084130107800000008\",\"AROA2IBR2EZTGI6JZJ2MY\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-cluster-20221229084111995500000001\",\"AROA2IBR2EZTARAYM5YHP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-cluster-20221229084111995500000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-WWZ-cluster-20221229084111995500000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-cluster-20221229084111995500000001\",\"CreateDate\":\"2022-12-29T08:41:12Z\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTARAYM5YHP\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-WWZ-cluster-20221229084111995500000001\",\"AROA2IBR2EZTARAYM5YHP\"],\"name\":\"cloudbeat-tf-WWZ-cluster-20221229084111995500000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"cloudbeat-tf-X9k\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-02-02T09:49:19Z\",\"RoleId\":\"AROA2IBR2EZTHFHYUU4O4\",\"RoleName\":\"cloudbeat-tf-X9k\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fcloudbeat-tf-X9k%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F6DB0C4EF8215AA123BD7051DDE464109%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F6DB0C4EF8215AA123BD7051DDE464109%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k\",\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k\",\"AROA2IBR2EZTHFHYUU4O4\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k\",\"AROA2IBR2EZTHFHYUU4O4\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTCH4WFQPTE\",\"RoleName\":\"cloudbeat-tf-X9k-1-eks-node-group-20230202093000978100000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-1-eks-node-group-20230202093000978100000008\",\"CreateDate\":\"2023-02-02T09:30:01Z\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-1-eks-node-group-20230202093000978100000008\",\"AROA2IBR2EZTCH4WFQPTE\"],\"name\":\"cloudbeat-tf-X9k-1-eks-node-group-20230202093000978100000008\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-1-eks-node-group-20230202093000978100000008\",\"AROA2IBR2EZTCH4WFQPTE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-1-eks-node-group-20230202093000978100000008\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-2-eks-node-group-20230202093000980200000009\",\"AROA2IBR2EZTJCYOCL76U\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-2-eks-node-group-20230202093000980200000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTJCYOCL76U\",\"RoleName\":\"cloudbeat-tf-X9k-2-eks-node-group-20230202093000980200000009\",\"Tags\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-2-eks-node-group-20230202093000980200000009\",\"CreateDate\":\"2023-02-02T09:30:01Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\"},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-2-eks-node-group-20230202093000980200000009\",\"AROA2IBR2EZTJCYOCL76U\"],\"name\":\"cloudbeat-tf-X9k-2-eks-node-group-20230202093000980200000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-cluster-20230202092945780800000001\",\"AROA2IBR2EZTFPMN4LMF2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-cluster-20230202092945780800000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-02T09:29:46Z\",\"RoleId\":\"AROA2IBR2EZTFPMN4LMF2\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-cluster-20230202092945780800000001\",\"Path\":\"/\",\"RoleName\":\"cloudbeat-tf-X9k-cluster-20230202092945780800000001\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-X9k-cluster-20230202092945780800000001\",\"AROA2IBR2EZTFPMN4LMF2\"],\"name\":\"cloudbeat-tf-X9k-cluster-20230202092945780800000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/CloudTrailRole_test-aws-file-validation-on-pass\",\"AROA2IBR2EZTNHTE6PAUR\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/CloudTrailRole_test-aws-file-validation-on-pass\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/service-role/CloudTrailRole_test-aws-file-validation-on-pass\",\"RoleId\":\"AROA2IBR2EZTNHTE6PAUR\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22cloudtrail.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"CreateDate\":\"2023-03-21T09:52:38Z\",\"Path\":\"/service-role/\",\"RoleName\":\"CloudTrailRole_test-aws-file-validation-on-pass\",\"Description\":null,\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/CloudTrailRole_test-aws-file-validation-on-pass\",\"AROA2IBR2EZTNHTE6PAUR\"],\"name\":\"CloudTrailRole_test-aws-file-validation-on-pass\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/CloudWatchEvents\",\"AROA2IBR2EZTA4RGIQGY3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/CloudWatchEvents\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"Allows CloudWatch Events to invoke targets and perform actions in built-in targets on your behalf.\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/CloudWatchEvents\",\"CreateDate\":\"2020-10-20T09:40:35Z\",\"RoleId\":\"AROA2IBR2EZTA4RGIQGY3\",\"RoleName\":\"CloudWatchEvents\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22events.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Path\":\"/\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/CloudWatchEvents\",\"AROA2IBR2EZTA4RGIQGY3\"],\"name\":\"CloudWatchEvents\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cnvm-deploy-2-ElasticAgentRole-m1kGMmd7Jg6F\",\"AROA2IBR2EZTBRJOYMA2Q\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cnvm-deploy-2-ElasticAgentRole-m1kGMmd7Jg6F\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cnvm-deploy-2-ElasticAgentRole-m1kGMmd7Jg6F\",\"CreateDate\":\"2024-10-18T15:41:10Z\",\"RoleId\":\"AROA2IBR2EZTBRJOYMA2Q\",\"RoleName\":\"cnvm-deploy-2-ElasticAgentRole-m1kGMmd7Jg6F\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Path\":\"/\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/cnvm-deploy-2-ElasticAgentRole-m1kGMmd7Jg6F\",\"AROA2IBR2EZTBRJOYMA2Q\"],\"name\":\"cnvm-deploy-2-ElasticAgentRole-m1kGMmd7Jg6F\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"cnvm-eah-demo-deploy-ElasticAgentRole-dzeUoU3D6WKw\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2024-11-06T13:40:44Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGHULR3L3H\",\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cnvm-eah-demo-deploy-ElasticAgentRole-dzeUoU3D6WKw\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\"},\"id\":[\"arn:aws:iam::704479110758:role/cnvm-eah-demo-deploy-ElasticAgentRole-dzeUoU3D6WKw\",\"AROA2IBR2EZTGHULR3L3H\"],\"name\":\"cnvm-eah-demo-deploy-ElasticAgentRole-dzeUoU3D6WKw\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cnvm-eah-demo-deploy-ElasticAgentRole-dzeUoU3D6WKw\",\"AROA2IBR2EZTGHULR3L3H\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cnvm-eah-demo-deploy-ElasticAgentRole-dzeUoU3D6WKw\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cnvm-region-BC1-ElasticAgentRole-LltemSVwwnWA\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/cnvm-region-BC1-ElasticAgentRole-LltemSVwwnWA\",\"AROA2IBR2EZTBEC324FEA\"],\"name\":\"cnvm-region-BC1-ElasticAgentRole-LltemSVwwnWA\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2024-04-26T18:25:09Z\",\"RoleName\":\"cnvm-region-BC1-ElasticAgentRole-LltemSVwwnWA\",\"RoleId\":\"AROA2IBR2EZTBEC324FEA\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cnvm-region-BC1-ElasticAgentRole-LltemSVwwnWA\",\"Path\":\"/\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cnvm-region-BC1-ElasticAgentRole-LltemSVwwnWA\",\"AROA2IBR2EZTBEC324FEA\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/csp-cross-account-role\",\"AROA2IBR2EZTKK2EUCRI7\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/csp-cross-account-role\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"csp-cross-account-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%5B%22arn%3Aaws%3Aiam%3A%3A946960629917%3Arole%2FElasticDeveloper%22%2C%22arn%3Aaws%3Aiam%3A%3A946960629917%3Aroot%22%5D%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%5D%7D\",\"Description\":\"account role to be assumed by entities in elastic-dev account.\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/csp-cross-account-role\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKK2EUCRI7\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2022-12-22T12:14:36Z\"},\"id\":[\"arn:aws:iam::704479110758:role/csp-cross-account-role\",\"AROA2IBR2EZTKK2EUCRI7\"],\"name\":\"csp-cross-account-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/csp-demo-eks-cluster-mng-cluster-20220131232001237800000002\",\"AROA2IBR2EZTPLSJXKHLR\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/csp-demo-eks-cluster-mng-cluster-20220131232001237800000002\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":null,\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/csp-demo-eks-cluster-mng-cluster-20220131232001237800000002\",\"CreateDate\":\"2022-01-31T23:20:01Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPLSJXKHLR\",\"RoleName\":\"csp-demo-eks-cluster-mng-cluster-20220131232001237800000002\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/csp-demo-eks-cluster-mng-cluster-20220131232001237800000002\",\"AROA2IBR2EZTPLSJXKHLR\"],\"name\":\"csp-demo-eks-cluster-mng-cluster-20220131232001237800000002\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/csp-demo-eks-cluster-mng-ng1-role\",\"AROA2IBR2EZTAVVNTIP3V\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/csp-demo-eks-cluster-mng-ng1-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"csp-demo-eks-cluster-mng-ng1-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2022-01-31T23:20:32Z\",\"RoleName\":\"csp-demo-eks-cluster-mng-ng1-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/csp-demo-eks-cluster-mng-ng1-role\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTAVVNTIP3V\",\"Description\":\"csp-demo-eks-cluster-mng-ng1 instance role\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/csp-demo-eks-cluster-mng-ng1-role\",\"AROA2IBR2EZTAVVNTIP3V\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/CSP-Paulo-QA-813-BC1-ElasticAgentRole-5TwSFPQH4M4J\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTB76UHIU2D\",\"RoleName\":\"CSP-Paulo-QA-813-BC1-ElasticAgentRole-5TwSFPQH4M4J\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/CSP-Paulo-QA-813-BC1-ElasticAgentRole-5TwSFPQH4M4J\",\"CreateDate\":\"2024-04-25T17:19:08Z\",\"Tags\":null,\"Description\":\"\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/CSP-Paulo-QA-813-BC1-ElasticAgentRole-5TwSFPQH4M4J\",\"AROA2IBR2EZTB76UHIU2D\"],\"name\":\"CSP-Paulo-QA-813-BC1-ElasticAgentRole-5TwSFPQH4M4J\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/CSP-Paulo-QA-813-BC1-ElasticAgentRole-5TwSFPQH4M4J\",\"AROA2IBR2EZTB76UHIU2D\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/CSPM-DEMO-ROLE\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-05-11T20:58:44Z\",\"RoleName\":\"CSPM-DEMO-ROLE\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/CSPM-DEMO-ROLE\",\"RoleId\":\"AROA2IBR2EZTJN5OXKCTD\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/CSPM-DEMO-ROLE\",\"AROA2IBR2EZTJN5OXKCTD\"],\"name\":\"CSPM-DEMO-ROLE\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/CSPM-DEMO-ROLE\",\"AROA2IBR2EZTJN5OXKCTD\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cspm-demo-role-tin\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-04-12T19:54:29Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPXJSBVV37\",\"RoleName\":\"cspm-demo-role-tin\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/cspm-demo-role-tin\",\"AROA2IBR2EZTPXJSBVV37\"],\"name\":\"cspm-demo-role-tin\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cspm-demo-role-tin\",\"AROA2IBR2EZTPXJSBVV37\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cspm-demo-role-tin\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cspm-sdh\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTKHB7OR54Y\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cspm-sdh\",\"CreateDate\":\"2023-11-07T18:51:08Z\",\"Path\":\"/\",\"RoleName\":\"cspm-sdh\"},\"id\":[\"arn:aws:iam::704479110758:role/cspm-sdh\",\"AROA2IBR2EZTKHB7OR54Y\"],\"name\":\"cspm-sdh\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cspm-sdh\",\"AROA2IBR2EZTKHB7OR54Y\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cspm-single-account-ElasticAgentRole-8OSxbmwWkwkt\",\"AROA2IBR2EZTK4ZKKSVUS\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cspm-single-account-ElasticAgentRole-8OSxbmwWkwkt\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cspm-single-account-ElasticAgentRole-8OSxbmwWkwkt\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTK4ZKKSVUS\",\"RoleName\":\"cspm-single-account-ElasticAgentRole-8OSxbmwWkwkt\",\"CreateDate\":\"2024-10-30T17:03:26Z\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/cspm-single-account-ElasticAgentRole-8OSxbmwWkwkt\",\"AROA2IBR2EZTK4ZKKSVUS\"],\"name\":\"cspm-single-account-ElasticAgentRole-8OSxbmwWkwkt\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/datadog-forwarder-ForwarderRole-hPjuNknNMemQ\",\"CreateDate\":\"2024-04-19T21:37:25Z\",\"Path\":\"/\",\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTM6G6ZJ2JR\",\"RoleName\":\"datadog-forwarder-ForwarderRole-hPjuNknNMemQ\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/datadog-forwarder-ForwarderRole-hPjuNknNMemQ\",\"AROA2IBR2EZTM6G6ZJ2JR\"],\"name\":\"datadog-forwarder-ForwarderRole-hPjuNknNMemQ\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/datadog-forwarder-ForwarderRole-hPjuNknNMemQ\",\"AROA2IBR2EZTM6G6ZJ2JR\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/datadog-forwarder-ForwarderRole-hPjuNknNMemQ\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/delete--ess-prod-1-eks-node-group-20240307122015473100000008\",\"CreateDate\":\"2024-03-07T12:20:15Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKHWMFNBQJ\",\"RoleName\":\"delete--ess-prod-1-eks-node-group-20240307122015473100000008\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/delete--ess-prod-1-eks-node-group-20240307122015473100000008\",\"AROA2IBR2EZTKHWMFNBQJ\"],\"name\":\"delete--ess-prod-1-eks-node-group-20240307122015473100000008\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/delete--ess-prod-1-eks-node-group-20240307122015473100000008\",\"AROA2IBR2EZTKHWMFNBQJ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/delete--ess-prod-1-eks-node-group-20240307122015473100000008\":{\"type\":\"role\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/delete--ess-prod-cluster-20240307121957550000000001\",\"AROA2IBR2EZTFKYVKBNJ3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/delete--ess-prod-cluster-20240307121957550000000001\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"name\":\"delete--ess-prod-cluster-20240307121957550000000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/delete--ess-prod-cluster-20240307121957550000000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2024-03-07T12:19:57Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTFKYVKBNJ3\",\"RoleName\":\"delete--ess-prod-cluster-20240307121957550000000001\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/delete--ess-prod-cluster-20240307121957550000000001\",\"AROA2IBR2EZTFKYVKBNJ3\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/DEMO_FOR_STUART\",\"AROA2IBR2EZTN7MUJVWDI\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/DEMO_FOR_STUART\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTN7MUJVWDI\",\"RoleName\":\"DEMO_FOR_STUART\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/DEMO_FOR_STUART\",\"CreateDate\":\"2023-05-09T15:18:16Z\"},\"id\":[\"arn:aws:iam::704479110758:role/DEMO_FOR_STUART\",\"AROA2IBR2EZTN7MUJVWDI\"],\"name\":\"DEMO_FOR_STUART\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev-chatbot-cloudwatchRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"name\":\"dev-chatbot-cloudwatchRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/dev-chatbot-cloudwatchRole\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTFTP5A5M3O\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2020-10-30T07:12:57Z\",\"RoleName\":\"dev-chatbot-cloudwatchRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22chatbot.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/dev-chatbot-cloudwatchRole\",\"AROA2IBR2EZTFTP5A5M3O\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dev-chatbot-cloudwatchRole\",\"AROA2IBR2EZTFTP5A5M3O\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-09-07T14:33:33Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTCO4XRQ27R\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dev-ecsTaskExecutionRole\",\"PermissionsBoundary\":null,\"Tags\":null,\"RoleName\":\"dev-ecsTaskExecutionRole\"},\"id\":[\"arn:aws:iam::704479110758:role/dev-ecsTaskExecutionRole\",\"AROA2IBR2EZTCO4XRQ27R\"],\"name\":\"dev-ecsTaskExecutionRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dev-ecsTaskExecutionRole\",\"AROA2IBR2EZTCO4XRQ27R\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev-ecsTaskExecutionRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/dev-ecsTaskRole\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Description\":\"Allows dev ECS tasks to call AWS services on your behalf\",\"CreateDate\":\"2020-09-07T14:33:33Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTCPX2OO2M2\",\"RoleName\":\"dev-ecsTaskRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/dev-ecsTaskRole\",\"AROA2IBR2EZTCPX2OO2M2\"],\"name\":\"dev-ecsTaskRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dev-ecsTaskRole\",\"AROA2IBR2EZTCPX2OO2M2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev-ecsTaskRole\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dev-ecsTaskRole-prometheus\",\"AROA2IBR2EZTOOHU27HZE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev-ecsTaskRole-prometheus\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dev-ecsTaskRole-prometheus\",\"CreateDate\":\"2021-03-04T06:38:05Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleId\":\"AROA2IBR2EZTOOHU27HZE\",\"RoleName\":\"dev-ecsTaskRole-prometheus\",\"Description\":\"Allows dev ECS tasks to call AWS services on your behalf\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/dev-ecsTaskRole-prometheus\",\"AROA2IBR2EZTOOHU27HZE\"],\"name\":\"dev-ecsTaskRole-prometheus\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPVZ7IB2MS\",\"RoleName\":\"dev-eks20210519150801482300000002\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dev-eks20210519150801482300000002\",\"CreateDate\":\"2021-05-19T15:08:02Z\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/dev-eks20210519150801482300000002\",\"AROA2IBR2EZTPVZ7IB2MS\"],\"name\":\"dev-eks20210519150801482300000002\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dev-eks20210519150801482300000002\",\"AROA2IBR2EZTPVZ7IB2MS\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev-eks20210519150801482300000002\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/dev-eks20210519174057192700000002\",\"AROA2IBR2EZTJRCHUOWC7\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev-eks20210519174057192700000002\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/dev-eks20210519174057192700000002\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTJRCHUOWC7\",\"RoleName\":\"dev-eks20210519174057192700000002\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2021-05-19T17:40:57Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/dev-eks20210519174057192700000002\",\"AROA2IBR2EZTJRCHUOWC7\"],\"name\":\"dev-eks20210519174057192700000002\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev-eks2021051917521219100000000b\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"RoleName\":\"dev-eks2021051917521219100000000b\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dev-eks2021051917521219100000000b\",\"CreateDate\":\"2021-05-19T17:52:12Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTFOTY3FAPJ\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSWorkerAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%2C%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/dev-eks2021051917521219100000000b\",\"AROA2IBR2EZTFOTY3FAPJ\"],\"name\":\"dev-eks2021051917521219100000000b\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dev-eks2021051917521219100000000b\",\"AROA2IBR2EZTFOTY3FAPJ\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dev-Lambda_run_query_inside_vpc_Role\",\"AROA2IBR2EZTGE7GNEQ5Z\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev-Lambda_run_query_inside_vpc_Role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dev-Lambda_run_query_inside_vpc_Role\",\"RoleName\":\"dev-Lambda_run_query_inside_vpc_Role\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2020-12-03T15:11:56Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGE7GNEQ5Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%5B%22es.amazonaws.com%22%2C%22lambda.amazonaws.com%22%2C%22ec2.amazonaws.com%22%5D%7D%2C%22Action%22%3A%5B%22sts%3AAssumeRole%22%2C%22sts%3AAssumeRoleWithWebIdentity%22%5D%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/dev-Lambda_run_query_inside_vpc_Role\",\"AROA2IBR2EZTGE7GNEQ5Z\"],\"name\":\"dev-Lambda_run_query_inside_vpc_Role\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTLVYFAKL56\",\"RoleName\":\"Developer_eks\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%5B%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Furi.weisman%40elastic.co%22%2C%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aroot%22%5D%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Ftoken.actions.githubusercontent.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringLike%22%3A%7B%22token.actions.githubusercontent.com%3Asub%22%3A%22repo%3Aelastic%2Fcloudbeat%3Aref%3Arefs%2Fheads%2F%2A%22%7D%7D%7D%5D%7D\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/Developer_eks\",\"Path\":\"/\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2021-06-29T10:23:37Z\",\"Description\":\"EKS role for developers to access the kube-api\"},\"id\":[\"arn:aws:iam::704479110758:role/Developer_eks\",\"AROA2IBR2EZTLVYFAKL56\"],\"name\":\"Developer_eks\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/Developer_eks\",\"AROA2IBR2EZTLVYFAKL56\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Developer_eks\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/devops-chatbot-cloudwatchRole\",\"AROA2IBR2EZTN3UIXIRLF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/devops-chatbot-cloudwatchRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"Tags\":null,\"CreateDate\":\"2021-02-24T11:24:16Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22chatbot.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleId\":\"AROA2IBR2EZTN3UIXIRLF\",\"RoleName\":\"devops-chatbot-cloudwatchRole\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/devops-chatbot-cloudwatchRole\",\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/devops-chatbot-cloudwatchRole\",\"AROA2IBR2EZTN3UIXIRLF\"],\"name\":\"devops-chatbot-cloudwatchRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Tags\":null,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/devops-ecsTaskExecutionRole\",\"CreateDate\":\"2021-02-24T11:43:13Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTD6B2QKUDV\",\"RoleName\":\"devops-ecsTaskExecutionRole\",\"Description\":null,\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/devops-ecsTaskExecutionRole\",\"AROA2IBR2EZTD6B2QKUDV\"],\"name\":\"devops-ecsTaskExecutionRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/devops-ecsTaskExecutionRole\",\"AROA2IBR2EZTD6B2QKUDV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/devops-ecsTaskExecutionRole\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/devops-ecsTaskRole\",\"AROA2IBR2EZTDLDBQRFEI\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/devops-ecsTaskRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/devops-ecsTaskRole\",\"CreateDate\":\"2021-02-24T11:43:13Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTDLDBQRFEI\",\"RoleName\":\"devops-ecsTaskRole\",\"Description\":\"Allows devops ECS tasks to call AWS services on your behalf\",\"Tags\":null,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/devops-ecsTaskRole\",\"AROA2IBR2EZTDLDBQRFEI\"],\"name\":\"devops-ecsTaskRole\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2021-02-24T11:43:13Z\",\"RoleId\":\"AROA2IBR2EZTKCWWMWW2I\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/devops-ecsTaskRole-prometheus\",\"Path\":\"/\",\"RoleName\":\"devops-ecsTaskRole-prometheus\",\"Description\":\"Allows devops ECS tasks to call AWS services on your behalf\"},\"id\":[\"arn:aws:iam::704479110758:role/devops-ecsTaskRole-prometheus\",\"AROA2IBR2EZTKCWWMWW2I\"],\"name\":\"devops-ecsTaskRole-prometheus\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/devops-ecsTaskRole-prometheus\",\"AROA2IBR2EZTKCWWMWW2I\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/devops-ecsTaskRole-prometheus\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/devops-eks20210518163643138900000002\",\"AROA2IBR2EZTDILYIOCXH\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/devops-eks20210518163643138900000002\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"devops-eks20210518163643138900000002\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/\",\"CreateDate\":\"2021-05-18T16:36:43Z\",\"RoleId\":\"AROA2IBR2EZTDILYIOCXH\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"Arn\":\"arn:aws:iam::704479110758:role/devops-eks20210518163643138900000002\"},\"id\":[\"arn:aws:iam::704479110758:role/devops-eks20210518163643138900000002\",\"AROA2IBR2EZTDILYIOCXH\"],\"name\":\"devops-eks20210518163643138900000002\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"name\":\"devops-eks2021051816461251270000000a\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/devops-eks2021051816461251270000000a\",\"CreateDate\":\"2021-05-18T16:46:13Z\",\"Path\":\"/\",\"RoleName\":\"devops-eks2021051816461251270000000a\",\"RoleId\":\"AROA2IBR2EZTJ23FNBRIR\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSWorkerAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/devops-eks2021051816461251270000000a\",\"AROA2IBR2EZTJ23FNBRIR\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/devops-eks2021051816461251270000000a\",\"AROA2IBR2EZTJ23FNBRIR\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/devops-eks2021051816461251270000000a\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/devops-Lambda_run_query_inside_vpc_Role\",\"AROA2IBR2EZTCJ34EVJ6W\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/devops-Lambda_run_query_inside_vpc_Role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2021-02-24T11:22:36Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTCJ34EVJ6W\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%5B%22es.amazonaws.com%22%2C%22lambda.amazonaws.com%22%2C%22ec2.amazonaws.com%22%5D%7D%2C%22Action%22%3A%5B%22sts%3AAssumeRole%22%2C%22sts%3AAssumeRoleWithWebIdentity%22%5D%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/devops-Lambda_run_query_inside_vpc_Role\",\"RoleName\":\"devops-Lambda_run_query_inside_vpc_Role\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/devops-Lambda_run_query_inside_vpc_Role\",\"AROA2IBR2EZTCJ34EVJ6W\"],\"name\":\"devops-Lambda_run_query_inside_vpc_Role\",\"category\":\"identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/devops_bsec_eks\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2021-06-10T11:09:40Z\",\"RoleName\":\"devops_bsec_eks\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F40D1FB00912B57975DADDBFFFFF150B4%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F40D1FB00912B57975DADDBFFFFF150B4%3Aaud%22%3A%22sts.amazonaws.com%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/devops_bsec_eks\",\"RoleId\":\"AROA2IBR2EZTOXVK27XUG\",\"Description\":\"Allows devops Eks pods to call AWS services on your behalf\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/devops_bsec_eks\",\"AROA2IBR2EZTOXVK27XUG\"],\"name\":\"devops_bsec_eks\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/devops_bsec_eks\",\"AROA2IBR2EZTOXVK27XUG\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/devops_cluster_asg\",\"CreateDate\":\"2021-06-10T11:09:40Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F40D1FB00912B57975DADDBFFFFF150B4%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F40D1FB00912B57975DADDBFFFFF150B4%3Aaud%22%3A%22sts.amazonaws.com%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTHMDYGPDZF\",\"RoleName\":\"devops_cluster_asg\",\"Description\":\"Allows devops cluster autoscaler pods to call AWS services on your behalf\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/devops_cluster_asg\",\"AROA2IBR2EZTHMDYGPDZF\"],\"name\":\"devops_cluster_asg\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/devops_cluster_asg\",\"AROA2IBR2EZTHMDYGPDZF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/devops_cluster_asg\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/devops_ext_dns\",\"AROA2IBR2EZTOTFY2ZOTK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/devops_ext_dns\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"CreateDate\":\"2021-06-10T11:09:40Z\",\"RoleId\":\"AROA2IBR2EZTOTFY2ZOTK\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/devops_ext_dns\",\"RoleName\":\"devops_ext_dns\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F40D1FB00912B57975DADDBFFFFF150B4%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F40D1FB00912B57975DADDBFFFFF150B4%3Aaud%22%3A%22sts.amazonaws.com%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows devops ext_dns pods to call AWS services on your behalf\",\"PermissionsBoundary\":null,\"Tags\":null,\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/devops_ext_dns\",\"AROA2IBR2EZTOTFY2ZOTK\"],\"name\":\"devops_ext_dns\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dev_bsec_eks\",\"AROA2IBR2EZTPRWS6XWVX\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev_bsec_eks\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"Description\":\"Allows dev Eks pods to call AWS services on your behalf\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2021-06-28T15:48:17Z\",\"RoleId\":\"AROA2IBR2EZTPRWS6XWVX\",\"RoleName\":\"dev_bsec_eks\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2FA6A57439D0EE0FF2216935BC4AA5584A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2FA6A57439D0EE0FF2216935BC4AA5584A%3Aaud%22%3A%22sts.amazonaws.com%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dev_bsec_eks\"},\"id\":[\"arn:aws:iam::704479110758:role/dev_bsec_eks\",\"AROA2IBR2EZTPRWS6XWVX\"],\"name\":\"dev_bsec_eks\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dev_cluster_asg\",\"AROA2IBR2EZTLGN2FHXMS\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev_cluster_asg\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"dev_cluster_asg\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2021-06-28T15:48:16Z\",\"RoleName\":\"dev_cluster_asg\",\"MaxSessionDuration\":3600,\"Tags\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dev_cluster_asg\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTLGN2FHXMS\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2FA6A57439D0EE0FF2216935BC4AA5584A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2FA6A57439D0EE0FF2216935BC4AA5584A%3Aaud%22%3A%22sts.amazonaws.com%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows dev cluster autoscaler pods to call AWS services on your behalf\"},\"id\":[\"arn:aws:iam::704479110758:role/dev_cluster_asg\",\"AROA2IBR2EZTLGN2FHXMS\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"name\":\"dev_ext_dns\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"dev_ext_dns\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2FA6A57439D0EE0FF2216935BC4AA5584A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2FA6A57439D0EE0FF2216935BC4AA5584A%3Aaud%22%3A%22sts.amazonaws.com%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"CreateDate\":\"2021-06-28T15:48:17Z\",\"Path\":\"/\",\"Description\":\"Allows dev ext_dns pods to call AWS services on your behalf\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dev_ext_dns\",\"RoleId\":\"AROA2IBR2EZTAGOYLHZIX\"},\"id\":[\"arn:aws:iam::704479110758:role/dev_ext_dns\",\"AROA2IBR2EZTAGOYLHZIX\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dev_ext_dns\",\"AROA2IBR2EZTAGOYLHZIX\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dev_ext_dns\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dg-6-1-eks-node-group-20230614132716747200000008\",\"AROA2IBR2EZTASQUAKVQQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dg-6-1-eks-node-group-20230614132716747200000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Tags\":null,\"CreateDate\":\"2023-06-14T13:27:16Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dg-6-1-eks-node-group-20230614132716747200000008\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTASQUAKVQQ\",\"RoleName\":\"dg-6-1-eks-node-group-20230614132716747200000008\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/dg-6-1-eks-node-group-20230614132716747200000008\",\"AROA2IBR2EZTASQUAKVQQ\"],\"name\":\"dg-6-1-eks-node-group-20230614132716747200000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"raw\":{\"Tags\":null,\"CreateDate\":\"2023-06-14T13:27:01Z\",\"Path\":\"/\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dg-6-cluster-20230614132701425400000001\",\"RoleId\":\"AROA2IBR2EZTGFT5AANL5\",\"RoleName\":\"dg-6-cluster-20230614132701425400000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/dg-6-cluster-20230614132701425400000001\",\"AROA2IBR2EZTGFT5AANL5\"],\"name\":\"dg-6-cluster-20230614132701425400000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dg-6-cluster-20230614132701425400000001\",\"AROA2IBR2EZTGFT5AANL5\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dg-6-cluster-20230614132701425400000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dg-cis-1-eks-node-group-20241110123328982900000008\",\"AROA2IBR2EZTJGNKP6IXQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dg-cis-1-eks-node-group-20241110123328982900000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTJGNKP6IXQ\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dg-cis-1-eks-node-group-20241110123328982900000008\",\"CreateDate\":\"2024-11-10T12:33:29Z\",\"RoleName\":\"dg-cis-1-eks-node-group-20241110123328982900000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\"},\"id\":[\"arn:aws:iam::704479110758:role/dg-cis-1-eks-node-group-20241110123328982900000008\",\"AROA2IBR2EZTJGNKP6IXQ\"],\"name\":\"dg-cis-1-eks-node-group-20241110123328982900000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dg-cis-cluster-20241110123313183100000001\",\"AROA2IBR2EZTMP43DPVFK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dg-cis-cluster-20241110123313183100000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/dg-cis-cluster-20241110123313183100000001\",\"RoleId\":\"AROA2IBR2EZTMP43DPVFK\",\"RoleName\":\"dg-cis-cluster-20241110123313183100000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"CreateDate\":\"2024-11-10T12:33:13Z\",\"Path\":\"/\",\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/dg-cis-cluster-20241110123313183100000001\",\"AROA2IBR2EZTMP43DPVFK\"],\"name\":\"dg-cis-cluster-20241110123313183100000001\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dima-8-8-0-May29-1-eks-node-group-20230529093422375300000008\",\"AROA2IBR2EZTL2CLWVFGQ\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dima-8-8-0-May29-1-eks-node-group-20230529093422375300000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTL2CLWVFGQ\",\"Description\":\"EKS managed node group IAM role\",\"Arn\":\"arn:aws:iam::704479110758:role/dima-8-8-0-May29-1-eks-node-group-20230529093422375300000008\",\"CreateDate\":\"2023-05-29T09:34:22Z\",\"Path\":\"/\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"RoleName\":\"dima-8-8-0-May29-1-eks-node-group-20230529093422375300000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/dima-8-8-0-May29-1-eks-node-group-20230529093422375300000008\",\"AROA2IBR2EZTL2CLWVFGQ\"],\"name\":\"dima-8-8-0-May29-1-eks-node-group-20230529093422375300000008\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dima-8-8-0-May29-cluster-20230529093407578500000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"dima-8-8-0-May29-cluster-20230529093407578500000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dima-8-8-0-May29-cluster-20230529093407578500000001\",\"CreateDate\":\"2023-05-29T09:34:07Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTCVVSJBXZB\",\"RoleName\":\"dima-8-8-0-May29-cluster-20230529093407578500000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/dima-8-8-0-May29-cluster-20230529093407578500000001\",\"AROA2IBR2EZTCVVSJBXZB\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dima-8-8-0-May29-cluster-20230529093407578500000001\",\"AROA2IBR2EZTCVVSJBXZB\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dima-8-9-1-eks-node-group-20230607094429813300000008\",\"AROA2IBR2EZTLZQKX46UY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dima-8-9-1-eks-node-group-20230607094429813300000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTLZQKX46UY\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"Arn\":\"arn:aws:iam::704479110758:role/dima-8-9-1-eks-node-group-20230607094429813300000008\",\"CreateDate\":\"2023-06-07T09:44:29Z\",\"Path\":\"/\",\"RoleName\":\"dima-8-9-1-eks-node-group-20230607094429813300000008\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/dima-8-9-1-eks-node-group-20230607094429813300000008\",\"AROA2IBR2EZTLZQKX46UY\"],\"name\":\"dima-8-9-1-eks-node-group-20230607094429813300000008\",\"category\":\"identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/dima-8-9-cluster-20230607094405186200000001\",\"AROA2IBR2EZTGGEILMQXK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dima-8-9-cluster-20230607094405186200000001\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"name\":\"dima-8-9-cluster-20230607094405186200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-06-07T09:44:05Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/dima-8-9-cluster-20230607094405186200000001\",\"RoleId\":\"AROA2IBR2EZTGGEILMQXK\",\"RoleName\":\"dima-8-9-cluster-20230607094405186200000001\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/dima-8-9-cluster-20230607094405186200000001\",\"AROA2IBR2EZTGGEILMQXK\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dima-pr-test-eks-1-eks-node-group-20230518093924281400000008\",\"AROA2IBR2EZTJJD44IONV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dima-pr-test-eks-1-eks-node-group-20230518093924281400000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/dima-pr-test-eks-1-eks-node-group-20230518093924281400000008\",\"AROA2IBR2EZTJJD44IONV\"],\"name\":\"dima-pr-test-eks-1-eks-node-group-20230518093924281400000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-05-18T09:39:24Z\",\"RoleId\":\"AROA2IBR2EZTJJD44IONV\",\"RoleName\":\"dima-pr-test-eks-1-eks-node-group-20230518093924281400000008\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dima-pr-test-eks-1-eks-node-group-20230518093924281400000008\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600}},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/dima-pr-test-eks-cluster-20230518093909706500000001\",\"AROA2IBR2EZTBOMXNZEJB\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/dima-pr-test-eks-cluster-20230518093909706500000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/dima-pr-test-eks-cluster-20230518093909706500000001\",\"CreateDate\":\"2023-05-18T09:39:10Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTBOMXNZEJB\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"RoleName\":\"dima-pr-test-eks-cluster-20230518093909706500000001\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/dima-pr-test-eks-cluster-20230518093909706500000001\",\"AROA2IBR2EZTBOMXNZEJB\"],\"name\":\"dima-pr-test-eks-cluster-20230518093909706500000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/DLM\",\"AROA2IBR2EZTHWLFQP3Z2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/DLM\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/DLM\",\"AROA2IBR2EZTHWLFQP3Z2\"],\"name\":\"DLM\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"DLM\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/DLM\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTHWLFQP3Z2\",\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-04-02T13:34:25Z\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/ebs-csi-controller-sa\",\"AROA2IBR2EZTAZU3RRCGK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ebs-csi-controller-sa\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTAZU3RRCGK\",\"Path\":\"/\",\"CreateDate\":\"2022-12-26T08:07:11Z\",\"RoleName\":\"ebs-csi-controller-sa\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F3DC1D2CD3311C1B4D026B31F502A7F23%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F3DC1D2CD3311C1B4D026B31F502A7F23%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aebs-csi-controller%22%7D%7D%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ebs-csi-controller-sa\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/ebs-csi-controller-sa\",\"AROA2IBR2EZTAZU3RRCGK\"],\"name\":\"ebs-csi-controller-sa\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/ebs-csi-driver-controller20221227125056160900000001\",\"AROA2IBR2EZTMWMZS2MW4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ebs-csi-driver-controller20221227125056160900000001\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"raw\":{\"Description\":\"EBS CSI Driver Role\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ebs-csi-driver-controller20221227125056160900000001\",\"Path\":\"/\",\"RoleName\":\"ebs-csi-driver-controller20221227125056160900000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F7C5A2FF7D21C25C52881E124C64F5C70%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F7C5A2FF7D21C25C52881E124C64F5C70%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aebs-csi-controller%22%7D%7D%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2022-12-27T12:50:56Z\",\"RoleId\":\"AROA2IBR2EZTMWMZS2MW4\"},\"id\":[\"arn:aws:iam::704479110758:role/ebs-csi-driver-controller20221227125056160900000001\",\"AROA2IBR2EZTMWMZS2MW4\"],\"name\":\"ebs-csi-driver-controller20221227125056160900000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"ec2-nodegroup-iam-role-d89169f\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ec2-nodegroup-iam-role-d89169f\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKLRJWSPU5\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2022-09-22T09:40:08Z\"},\"id\":[\"arn:aws:iam::704479110758:role/ec2-nodegroup-iam-role-d89169f\",\"AROA2IBR2EZTKLRJWSPU5\"],\"name\":\"ec2-nodegroup-iam-role-d89169f\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/ec2-nodegroup-iam-role-d89169f\",\"AROA2IBR2EZTKLRJWSPU5\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ec2-nodegroup-iam-role-d89169f\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/ec2-role-with-security-audit\",\"AROA2IBR2EZTGYAWX3ZPQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ec2-role-with-security-audit\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-03-23T07:37:00Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGYAWX3ZPQ\",\"RoleLastUsed\":null,\"Tags\":null,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ec2-role-with-security-audit\",\"RoleName\":\"ec2-role-with-security-audit\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf with security audit.\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/ec2-role-with-security-audit\",\"AROA2IBR2EZTGYAWX3ZPQ\"],\"name\":\"ec2-role-with-security-audit\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/EC2InstanceProfileForImageBuilder\",\"AROA2IBR2EZTL5VQ344QM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/EC2InstanceProfileForImageBuilder\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTL5VQ344QM\",\"Description\":null,\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/EC2InstanceProfileForImageBuilder\",\"RoleName\":\"EC2InstanceProfileForImageBuilder\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2024-05-28T08:15:34Z\"},\"id\":[\"arn:aws:iam::704479110758:role/EC2InstanceProfileForImageBuilder\",\"AROA2IBR2EZTL5VQ344QM\"],\"name\":\"EC2InstanceProfileForImageBuilder\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ec2_role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/ec2_role\",\"AROA2IBR2EZTJ637IZCUE\"],\"name\":\"ec2_role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-10-30T12:23:24Z\",\"Path\":\"/\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ec2_role\",\"RoleId\":\"AROA2IBR2EZTJ637IZCUE\",\"RoleName\":\"ec2_role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/ec2_role\",\"AROA2IBR2EZTJ637IZCUE\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/EcrRead-for-live-env-eyal\",\"AROA2IBR2EZTFIR25WKH6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/EcrRead-for-live-env-eyal\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2023-01-09T16:51:13Z\",\"RoleId\":\"AROA2IBR2EZTFIR25WKH6\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/EcrRead-for-live-env-eyal\",\"RoleName\":\"EcrRead-for-live-env-eyal\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/EcrRead-for-live-env-eyal\",\"AROA2IBR2EZTFIR25WKH6\"],\"name\":\"EcrRead-for-live-env-eyal\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"tags\":null,\"raw\":{\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ecsInstanceRole\",\"CreateDate\":\"2024-07-26T19:41:46Z\",\"RoleName\":\"ecsInstanceRole\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPDTD5NW3N\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222008-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/ecsInstanceRole\",\"AROA2IBR2EZTPDTD5NW3N\"],\"name\":\"ecsInstanceRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/ecsInstanceRole\",\"AROA2IBR2EZTPDTD5NW3N\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ecsInstanceRole\":{\"type\":\"role\",\"category\":\"identity\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/ecsTaskExecutionRole\",\"AROA2IBR2EZTKS247B7ST\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ecsTaskExecutionRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"CreateDate\":\"2020-07-29T13:55:29Z\",\"RoleName\":\"ecsTaskExecutionRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222008-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ecsTaskExecutionRole\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTKS247B7ST\",\"Description\":null,\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/ecsTaskExecutionRole\",\"AROA2IBR2EZTKS247B7ST\"],\"name\":\"ecsTaskExecutionRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/Eks-cluster-ofir\",\"AROA2IBR2EZTLXO7I2TXB\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Eks-cluster-ofir\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows access to other AWS service resources that are required to operate clusters managed by EKS.\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/Eks-cluster-ofir\",\"CreateDate\":\"2021-10-27T11:07:17Z\",\"RoleId\":\"AROA2IBR2EZTLXO7I2TXB\",\"RoleName\":\"Eks-cluster-ofir\"},\"id\":[\"arn:aws:iam::704479110758:role/Eks-cluster-ofir\",\"AROA2IBR2EZTLXO7I2TXB\"],\"name\":\"Eks-cluster-ofir\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/eks-config-2-eksRole-role-826b850\",\"AROA2IBR2EZTP3FQDDAML\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/eks-config-2-eksRole-role-826b850\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2022-09-22T15:53:46Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTP3FQDDAML\",\"Description\":\"Allows EKS to manage clusters on your behalf.\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/eks-config-2-eksRole-role-826b850\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"RoleName\":\"eks-config-2-eksRole-role-826b850\"},\"id\":[\"arn:aws:iam::704479110758:role/eks-config-2-eksRole-role-826b850\",\"AROA2IBR2EZTP3FQDDAML\"],\"name\":\"eks-config-2-eksRole-role-826b850\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/eks-config-2-instanceRole-role-6f0e34c\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPQ3YOFOAZ\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/eks-config-2-instanceRole-role-6f0e34c\",\"CreateDate\":\"2022-09-22T15:53:46Z\",\"RoleName\":\"eks-config-2-instanceRole-role-6f0e34c\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/eks-config-2-instanceRole-role-6f0e34c\",\"AROA2IBR2EZTPQ3YOFOAZ\"],\"name\":\"eks-config-2-instanceRole-role-6f0e34c\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/eks-config-2-instanceRole-role-6f0e34c\",\"AROA2IBR2EZTPQ3YOFOAZ\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/eks-dev-test-role\",\"AROA2IBR2EZTNSVAB3CBA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/eks-dev-test-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"eks-dev-test-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/eks-dev-test-role\",\"Path\":\"/\",\"RoleName\":\"eks-dev-test-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2022-07-31T09:48:09Z\",\"RoleId\":\"AROA2IBR2EZTNSVAB3CBA\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/eks-dev-test-role\",\"AROA2IBR2EZTNSVAB3CBA\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/eks-iam-role-164e5e1\",\"AROA2IBR2EZTBOZ3YFQUJ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/eks-iam-role-164e5e1\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"CreateDate\":\"2022-09-22T09:40:08Z\",\"RoleId\":\"AROA2IBR2EZTBOZ3YFQUJ\",\"RoleName\":\"eks-iam-role-164e5e1\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/eks-iam-role-164e5e1\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/eks-iam-role-164e5e1\",\"AROA2IBR2EZTBOZ3YFQUJ\"],\"name\":\"eks-iam-role-164e5e1\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/eksClusterPolicy\",\"AROA2IBR2EZTHMTMVKYXV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/eksClusterPolicy\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"Allows access to other AWS service resources that are required to operate clusters managed by EKS.\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/eksClusterPolicy\",\"CreateDate\":\"2020-06-22T08:19:35Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTHMTMVKYXV\",\"RoleName\":\"eksClusterPolicy\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/eksClusterPolicy\",\"AROA2IBR2EZTHMTMVKYXV\"],\"name\":\"eksClusterPolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/eksClusterRole\",\"AROA2IBR2EZTDWLSQBRW4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/eksClusterRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/eksClusterRole\",\"AROA2IBR2EZTDWLSQBRW4\"],\"name\":\"eksClusterRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2022-07-11T07:11:21Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTDWLSQBRW4\",\"Description\":null,\"Arn\":\"arn:aws:iam::704479110758:role/eksClusterRole\",\"RoleName\":\"eksClusterRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/eksctl-cluster-build-8-7-nodegrou-NodeInstanceRole-1SAMF1NSDAJ6O\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Feyal.kraft%40elastic.co%22%2C%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"CreateDate\":\"2023-03-06T13:02:18Z\",\"RoleId\":\"AROA2IBR2EZTNNR3DXFTZ\",\"RoleName\":\"eksctl-cluster-build-8-7-nodegrou-NodeInstanceRole-1SAMF1NSDAJ6O\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/eksctl-cluster-build-8-7-nodegrou-NodeInstanceRole-1SAMF1NSDAJ6O\",\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/eksctl-cluster-build-8-7-nodegrou-NodeInstanceRole-1SAMF1NSDAJ6O\",\"AROA2IBR2EZTNNR3DXFTZ\"],\"name\":\"eksctl-cluster-build-8-7-nodegrou-NodeInstanceRole-1SAMF1NSDAJ6O\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/eksctl-cluster-build-8-7-nodegrou-NodeInstanceRole-1SAMF1NSDAJ6O\",\"AROA2IBR2EZTNNR3DXFTZ\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/eksctl-ofir-cluster-nodegroup-ng-NodeInstanceRole-1PIY92G90Y6FE\",\"AROA2IBR2EZTLWZGN3FGZ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/eksctl-ofir-cluster-nodegroup-ng-NodeInstanceRole-1PIY92G90Y6FE\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/eksctl-ofir-cluster-nodegroup-ng-NodeInstanceRole-1PIY92G90Y6FE\",\"CreateDate\":\"2022-08-03T14:16:12Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTLWZGN3FGZ\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"RoleName\":\"eksctl-ofir-cluster-nodegroup-ng-NodeInstanceRole-1PIY92G90Y6FE\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\"},\"id\":[\"arn:aws:iam::704479110758:role/eksctl-ofir-cluster-nodegroup-ng-NodeInstanceRole-1PIY92G90Y6FE\",\"AROA2IBR2EZTLWZGN3FGZ\"],\"name\":\"eksctl-ofir-cluster-nodegroup-ng-NodeInstanceRole-1PIY92G90Y6FE\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/eksctl-QACycleApril-nodegroup-ng-NodeInstanceRole-IOFXKX5PFWV1\",\"AROA2IBR2EZTLDS2VB67O\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/eksctl-QACycleApril-nodegroup-ng-NodeInstanceRole-IOFXKX5PFWV1\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"eksctl-QACycleApril-nodegroup-ng-NodeInstanceRole-IOFXKX5PFWV1\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"eksctl-QACycleApril-nodegroup-ng-NodeInstanceRole-IOFXKX5PFWV1\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Description\":\"\",\"Arn\":\"arn:aws:iam::704479110758:role/eksctl-QACycleApril-nodegroup-ng-NodeInstanceRole-IOFXKX5PFWV1\",\"CreateDate\":\"2023-04-27T21:43:55Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTLDS2VB67O\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/eksctl-QACycleApril-nodegroup-ng-NodeInstanceRole-IOFXKX5PFWV1\",\"AROA2IBR2EZTLDS2VB67O\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-DfxJyH3Odx3k\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-DfxJyH3Odx3k\",\"CreateDate\":\"2024-05-07T08:33:11Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGUUDMHUQC\",\"RoleName\":\"Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-DfxJyH3Odx3k\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-DfxJyH3Odx3k\",\"AROA2IBR2EZTGUUDMHUQC\"],\"name\":\"Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-DfxJyH3Odx3k\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-DfxJyH3Odx3k\",\"AROA2IBR2EZTGUUDMHUQC\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-qS87HfaUzdVF\",\"AROA2IBR2EZTCHYABRY5S\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-qS87HfaUzdVF\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-qS87HfaUzdVF\",\"CreateDate\":\"2024-08-14T13:28:55Z\",\"RoleName\":\"Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-qS87HfaUzdVF\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTCHYABRY5S\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-qS87HfaUzdVF\",\"AROA2IBR2EZTCHYABRY5S\"],\"name\":\"Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-qS87HfaUzdVF\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-Wa1vI54DVbla\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTG7I6PU4GU\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"CreateDate\":\"2024-10-13T13:59:39Z\",\"RoleName\":\"Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-Wa1vI54DVbla\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-Wa1vI54DVbla\",\"AROA2IBR2EZTG7I6PU4GU\"],\"name\":\"Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-Wa1vI54DVbla\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-Wa1vI54DVbla\",\"AROA2IBR2EZTG7I6PU4GU\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Elastic-Cloud-Security-Posture-Man-ElasticAgentRole-Wa1vI54DVbla\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"raw\":{\"RoleName\":\"Elastic-Vulnerability-Management-8-ElasticAgentRole-8h4kTWLqmtws\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTAJGTKLVIK\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-8-ElasticAgentRole-8h4kTWLqmtws\",\"CreateDate\":\"2024-10-21T14:19:33Z\"},\"id\":[\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-8-ElasticAgentRole-8h4kTWLqmtws\",\"AROA2IBR2EZTAJGTKLVIK\"],\"name\":\"Elastic-Vulnerability-Management-8-ElasticAgentRole-8h4kTWLqmtws\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-8-ElasticAgentRole-8h4kTWLqmtws\",\"AROA2IBR2EZTAJGTKLVIK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-8-ElasticAgentRole-8h4kTWLqmtws\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-c-ElasticAgentRole-gWFuHW2lqYc0\",\"AROA2IBR2EZTF6JWC5JKE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-c-ElasticAgentRole-gWFuHW2lqYc0\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-c-ElasticAgentRole-gWFuHW2lqYc0\",\"CreateDate\":\"2024-09-23T22:28:17Z\",\"RoleId\":\"AROA2IBR2EZTF6JWC5JKE\",\"RoleName\":\"Elastic-Vulnerability-Management-c-ElasticAgentRole-gWFuHW2lqYc0\",\"PermissionsBoundary\":null,\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-c-ElasticAgentRole-gWFuHW2lqYc0\",\"AROA2IBR2EZTF6JWC5JKE\"],\"name\":\"Elastic-Vulnerability-Management-c-ElasticAgentRole-gWFuHW2lqYc0\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-ElasticAgentRole-0n4l5RiP640L\",\"AROA2IBR2EZTGNYEYWB7F\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-ElasticAgentRole-0n4l5RiP640L\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2024-10-25T08:39:48Z\",\"Path\":\"/\",\"RoleName\":\"Elastic-Vulnerability-Management-ElasticAgentRole-0n4l5RiP640L\",\"Arn\":\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-ElasticAgentRole-0n4l5RiP640L\",\"RoleId\":\"AROA2IBR2EZTGNYEYWB7F\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-ElasticAgentRole-0n4l5RiP640L\",\"AROA2IBR2EZTGNYEYWB7F\"],\"name\":\"Elastic-Vulnerability-Management-ElasticAgentRole-0n4l5RiP640L\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-T-ElasticAgentRole-kcHw6nxUHTbN\",\"AROA2IBR2EZTLZSTLHOW3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-T-ElasticAgentRole-kcHw6nxUHTbN\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-T-ElasticAgentRole-kcHw6nxUHTbN\",\"AROA2IBR2EZTLZSTLHOW3\"],\"name\":\"Elastic-Vulnerability-Management-T-ElasticAgentRole-kcHw6nxUHTbN\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/Elastic-Vulnerability-Management-T-ElasticAgentRole-kcHw6nxUHTbN\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"CreateDate\":\"2024-06-25T00:48:10Z\",\"RoleId\":\"AROA2IBR2EZTLZSTLHOW3\",\"RoleName\":\"Elastic-Vulnerability-Management-T-ElasticAgentRole-kcHw6nxUHTbN\",\"Description\":\"\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-cc-kostas-4\",\"AROA2IBR2EZTGPWGRACET\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-cc-kostas-4\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2024-08-29T11:25:46Z\",\"Path\":\"/\",\"RoleName\":\"ElasticAgentlessRole-cc-kostas-4\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A444732909647%3Arole%2Fcloud-connectors-poc%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22aws%3APrincipalTag%2Fkubernetes-namespace%22%3A%22tetetetete%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A444732909647%3Arole%2Fcloud-connectors-poc%22%7D%2C%22Action%22%3A%22sts%3ATagSession%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22aws%3APrincipalTag%2Fkubernetes-namespace%22%3A%22tetetetete%22%7D%2C%22ForAllValues%3AStringEquals%22%3A%7B%22sts%3ATransitiveTagKeys%22%3A%5B%22eks-cluster-arn%22%2C%22eks-cluster-name%22%2C%22kubernetes-namespace%22%2C%22kubernetes-service-account%22%2C%22kubernetes-pod-name%22%2C%22kubernetes-pod-uid%22%5D%7D%7D%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-cc-kostas-4\",\"RoleId\":\"AROA2IBR2EZTGPWGRACET\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-cc-kostas-4\",\"AROA2IBR2EZTGPWGRACET\"],\"name\":\"ElasticAgentlessRole-cc-kostas-4\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-cc-kostas-5\",\"AROA2IBR2EZTPQROQUUSA\"],\"name\":\"ElasticAgentlessRole-cc-kostas-5\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-08-29T13:34:23Z\",\"RoleId\":\"AROA2IBR2EZTPQROQUUSA\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A444732909647%3Arole%2Fcloud-connectors-poc%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22aws%3APrincipalTag%2Fkubernetes-namespace%22%3A%22project-fbc7da16f75e42b0bbb66dfa59002ae6%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A444732909647%3Arole%2Fcloud-connectors-poc%22%7D%2C%22Action%22%3A%22sts%3ATagSession%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22aws%3APrincipalTag%2Fkubernetes-namespace%22%3A%22project-fbc7da16f75e42b0bbb66dfa59002ae6%22%7D%2C%22ForAllValues%3AStringEquals%22%3A%7B%22sts%3ATransitiveTagKeys%22%3A%5B%22eks-cluster-arn%22%2C%22eks-cluster-name%22%2C%22kubernetes-namespace%22%2C%22kubernetes-service-account%22%2C%22kubernetes-pod-name%22%2C%22kubernetes-pod-uid%22%5D%7D%7D%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-cc-kostas-5\",\"Path\":\"/\",\"RoleName\":\"ElasticAgentlessRole-cc-kostas-5\",\"PermissionsBoundary\":null}},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-cc-kostas-5\",\"AROA2IBR2EZTPQROQUUSA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-cc-kostas-5\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-kostas-cc-5\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"ElasticAgentlessRole-kostas-cc-5\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A444732909647%3Arole%2Fcloud-connectors-poc%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22aws%3APrincipalTag%2Fkubernetes-namespace%22%3A%22project-b04229b6f7764d589663a998c5530119%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A444732909647%3Arole%2Fcloud-connectors-poc%22%7D%2C%22Action%22%3A%22sts%3ATagSession%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22aws%3APrincipalTag%2Fkubernetes-namespace%22%3A%22project-b04229b6f7764d589663a998c5530119%22%7D%2C%22ForAllValues%3AStringEquals%22%3A%7B%22sts%3ATransitiveTagKeys%22%3A%5B%22eks-cluster-arn%22%2C%22eks-cluster-name%22%2C%22kubernetes-namespace%22%2C%22kubernetes-service-account%22%2C%22kubernetes-pod-name%22%2C%22kubernetes-pod-uid%22%5D%7D%7D%7D%5D%7D\",\"PermissionsBoundary\":null,\"CreateDate\":\"2024-08-29T14:47:00Z\",\"Path\":\"/\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-kostas-cc-5\",\"RoleId\":\"AROA2IBR2EZTBC7LAVLEN\"},\"id\":[\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-kostas-cc-5\",\"AROA2IBR2EZTBC7LAVLEN\"],\"name\":\"ElasticAgentlessRole-kostas-cc-5\",\"category\":\"identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/ElasticAgentlessRole-kostas-cc-5\",\"AROA2IBR2EZTBC7LAVLEN\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/EntroRole\",\"AROA2IBR2EZTNNZELYQRM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/EntroRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"EntroRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTNNZELYQRM\",\"RoleName\":\"EntroRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A937217723901%3Auser%2Fliminal-saas-assume-role%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22sts%3AExternalId%22%3A%226144818b-07e0-4423-ba70-6b9eaac3a7f7%22%7D%7D%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/EntroRole\",\"CreateDate\":\"2024-09-04T13:09:21Z\",\"Path\":\"/\",\"Description\":\"\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/EntroRole\",\"AROA2IBR2EZTNNZELYQRM\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/ext_dns_test\",\"AROA2IBR2EZTGMQOSC75Y\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/ext_dns_test\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/ext_dns_test\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGMQOSC75Y\",\"RoleName\":\"ext_dns_test\",\"Description\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2021-06-02T08:02:00Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F40D1FB00912B57975DADDBFFFFF150B4%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F40D1FB00912B57975DADDBFFFFF150B4%3Aaud%22%3A%22sts.amazonaws.com%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/ext_dns_test\",\"AROA2IBR2EZTGMQOSC75Y\"],\"name\":\"ext_dns_test\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/eyal-cc-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/eyal-cc-role\",\"CreateDate\":\"2022-12-04T13:40:12Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTOWUTADVMS\",\"RoleName\":\"eyal-cc-role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Asts%3A%3A946960629917%3Afederated-user%2FEyal.Kraft%40elastic.co%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%5D%7D\",\"Description\":\"\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/eyal-cc-role\",\"AROA2IBR2EZTOWUTADVMS\"],\"name\":\"eyal-cc-role\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/eyal-cc-role\",\"AROA2IBR2EZTOWUTADVMS\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/EyalTestClusterAccess\",\"AROA2IBR2EZTBNQOZ6EGO\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/EyalTestClusterAccess\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%5B%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Feyal.kraft%40elastic.co%22%2C%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aroot%22%5D%2C%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/EyalTestClusterAccess\",\"CreateDate\":\"2023-05-12T06:51:45Z\",\"RoleId\":\"AROA2IBR2EZTBNQOZ6EGO\",\"RoleName\":\"EyalTestClusterAccess\",\"Path\":\"/\",\"Description\":\"\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/EyalTestClusterAccess\",\"AROA2IBR2EZTBNQOZ6EGO\"],\"name\":\"EyalTestClusterAccess\",\"category\":\"identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/FinoutMetricsReadOnlyRole\",\"AROA2IBR2EZTLI34HLKMQ\"],\"name\":\"FinoutMetricsReadOnlyRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"FinoutMetricsReadOnlyRole\",\"RoleLastUsed\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTLI34HLKMQ\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A277411487094%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22sts%3AExternalId%22%3A%22finout-be45c612%22%7D%7D%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/FinoutMetricsReadOnlyRole\",\"CreateDate\":\"2024-08-29T17:15:13Z\",\"Path\":\"/\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/FinoutMetricsReadOnlyRole\",\"AROA2IBR2EZTLI34HLKMQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/FinoutMetricsReadOnlyRole\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/FixAccess-tin-demo-FixCrossAccountAccessRole-ao3sbEmZ6eBM\",\"AROA2IBR2EZTBIVUIOOOZ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/FixAccess-tin-demo-FixCrossAccountAccessRole-ao3sbEmZ6eBM\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A639605712835%3Aroot%22%7D%2C%22Action%22%3A%5B%22sts%3AAssumeRole%22%2C%22sts%3ATagSession%22%5D%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22sts%3AExternalId%22%3A%22bad14163-bef5-4c90-ba64-6ee688c8d06b%22%7D%7D%7D%5D%7D\",\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/FixAccess-tin-demo-FixCrossAccountAccessRole-ao3sbEmZ6eBM\",\"RoleName\":\"FixAccess-tin-demo-FixCrossAccountAccessRole-ao3sbEmZ6eBM\",\"RoleId\":\"AROA2IBR2EZTBIVUIOOOZ\",\"Description\":\"\",\"MaxSessionDuration\":10800,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2024-05-22T01:40:16Z\",\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/FixAccess-tin-demo-FixCrossAccountAccessRole-ao3sbEmZ6eBM\",\"AROA2IBR2EZTBIVUIOOOZ\"],\"name\":\"FixAccess-tin-demo-FixCrossAccountAccessRole-ao3sbEmZ6eBM\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-49kykmqm\",\"RoleId\":\"AROA2IBR2EZTLQE67433Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"Tags\":null,\"CreateDate\":\"2022-04-14T19:12:41Z\",\"Path\":\"/service-role/\",\"RoleName\":\"gtback-test-function-role-49kykmqm\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-49kykmqm\",\"AROA2IBR2EZTLQE67433Z\"],\"name\":\"gtback-test-function-role-49kykmqm\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-49kykmqm\",\"AROA2IBR2EZTLQE67433Z\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-49kykmqm\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-lq7ft1nn\",\"AROA2IBR2EZTHOKFTZR56\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-lq7ft1nn\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2022-04-20T17:48:36Z\",\"RoleName\":\"gtback-test-function-role-lq7ft1nn\",\"Description\":null,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-lq7ft1nn\",\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTHOKFTZR56\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-lq7ft1nn\",\"AROA2IBR2EZTHOKFTZR56\"],\"name\":\"gtback-test-function-role-lq7ft1nn\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-vv8gtz40\",\"AROA2IBR2EZTBTJYYYB2S\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-vv8gtz40\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Path\":\"/service-role/\",\"RoleName\":\"gtback-test-function-role-vv8gtz40\",\"Description\":null,\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-vv8gtz40\",\"CreateDate\":\"2022-04-15T18:01:45Z\",\"RoleId\":\"AROA2IBR2EZTBTJYYYB2S\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/gtback-test-function-role-vv8gtz40\",\"AROA2IBR2EZTBTJYYYB2S\"],\"name\":\"gtback-test-function-role-vv8gtz40\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/infosec-view-only-and-audit\",\"AROA2IBR2EZTL6NLHUTHU\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/infosec-view-only-and-audit\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/infosec-view-only-and-audit\",\"CreateDate\":\"2024-04-04T07:38:11Z\",\"Path\":\"/\",\"Description\":\"\",\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTL6NLHUTHU\",\"RoleName\":\"infosec-view-only-and-audit\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22AssumeRoleFromElasticInfosec%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A887624222702%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/infosec-view-only-and-audit\",\"AROA2IBR2EZTL6NLHUTHU\"],\"name\":\"infosec-view-only-and-audit\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/InfosecCCMViewRole\",\"AROA2IBR2EZTE77GO3MMZ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/InfosecCCMViewRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22AssumeRoleFromElasticInfosec%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A887624222702%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/InfosecCCMViewRole\",\"CreateDate\":\"2024-04-04T07:38:11Z\",\"Path\":\"/\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTE77GO3MMZ\",\"RoleName\":\"InfosecCCMViewRole\",\"Description\":\"\"},\"id\":[\"arn:aws:iam::704479110758:role/InfosecCCMViewRole\",\"AROA2IBR2EZTE77GO3MMZ\"],\"name\":\"InfosecCCMViewRole\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/InfosecQualysCloudViewRole\",\"AROA2IBR2EZTPJJ56UUQ7\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/InfosecQualysCloudViewRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/InfosecQualysCloudViewRole\",\"AROA2IBR2EZTPJJ56UUQ7\"],\"name\":\"InfosecQualysCloudViewRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2024-04-04T07:38:11Z\",\"RoleName\":\"InfosecQualysCloudViewRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22AssumeRoleFromExternalQualysAccount%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A805950163170%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22sts%3AExternalId%22%3A%22US2-649982-1573200557772%22%7D%7D%7D%5D%7D\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/InfosecQualysCloudViewRole\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPJJ56UUQ7\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/infra-prod-iam-admin\",\"CreateDate\":\"2022-04-07T17:25:55Z\",\"Path\":\"/\",\"RoleName\":\"infra-prod-iam-admin\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A816604515500%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%5D%7D\",\"RoleId\":\"AROA2IBR2EZTONYYBY4GQ\",\"Description\":\"Role used for Infra team to manage all AWS accounts\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/infra-prod-iam-admin\",\"AROA2IBR2EZTONYYBY4GQ\"],\"name\":\"infra-prod-iam-admin\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/infra-prod-iam-admin\",\"AROA2IBR2EZTONYYBY4GQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/infra-prod-iam-admin\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/InfraTeamAdminAccess\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-04-04T07:38:11Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22AssumeRoleFromElasticProd%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A816604515500%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/InfraTeamAdminAccess\",\"RoleId\":\"AROA2IBR2EZTE2FBG62UC\",\"RoleName\":\"InfraTeamAdminAccess\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/InfraTeamAdminAccess\",\"AROA2IBR2EZTE2FBG62UC\"],\"name\":\"InfraTeamAdminAccess\",\"category\":\"identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/InfraTeamAdminAccess\",\"AROA2IBR2EZTE2FBG62UC\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-1-eks-node-group-20230608101853435900000009\",\"AROA2IBR2EZTDQBVONL72\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-1-eks-node-group-20230608101853435900000009\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-1-eks-node-group-20230608101853435900000009\",\"RoleName\":\"kfir-June8-8-8-0-1-eks-node-group-20230608101853435900000009\",\"Description\":\"EKS managed node group IAM role\",\"RoleLastUsed\":null,\"CreateDate\":\"2023-06-08T10:18:53Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTDQBVONL72\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-1-eks-node-group-20230608101853435900000009\",\"AROA2IBR2EZTDQBVONL72\"],\"name\":\"kfir-June8-8-8-0-1-eks-node-group-20230608101853435900000009\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-2-eks-node-group-20230608101853434600000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"name\":\"kfir-June8-8-8-0-2-eks-node-group-20230608101853434600000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-2-eks-node-group-20230608101853434600000008\",\"CreateDate\":\"2023-06-08T10:18:53Z\",\"Path\":\"/\",\"RoleName\":\"kfir-June8-8-8-0-2-eks-node-group-20230608101853434600000008\",\"Description\":\"EKS managed node group IAM role\",\"RoleId\":\"AROA2IBR2EZTHKEPXIRGI\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-2-eks-node-group-20230608101853434600000008\",\"AROA2IBR2EZTHKEPXIRGI\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-2-eks-node-group-20230608101853434600000008\",\"AROA2IBR2EZTHKEPXIRGI\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-cluster-20230608101838909300000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-cluster-20230608101838909300000001\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-06-08T10:18:39Z\",\"RoleId\":\"AROA2IBR2EZTLI6P67TKU\",\"RoleName\":\"kfir-June8-8-8-0-cluster-20230608101838909300000001\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-cluster-20230608101838909300000001\",\"AROA2IBR2EZTLI6P67TKU\"],\"name\":\"kfir-June8-8-8-0-cluster-20230608101838909300000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kfir-June8-8-8-0-cluster-20230608101838909300000001\",\"AROA2IBR2EZTLI6P67TKU\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kfir-qa-project-1-eks-node-group-20240404150212386700000008\",\"AROA2IBR2EZTLX5ZLE5TW\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kfir-qa-project-1-eks-node-group-20240404150212386700000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/kfir-qa-project-1-eks-node-group-20240404150212386700000008\",\"RoleId\":\"AROA2IBR2EZTLX5ZLE5TW\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Tags\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2024-04-04T15:02:12Z\",\"Path\":\"/\",\"RoleName\":\"kfir-qa-project-1-eks-node-group-20240404150212386700000008\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/kfir-qa-project-1-eks-node-group-20240404150212386700000008\",\"AROA2IBR2EZTLX5ZLE5TW\"],\"name\":\"kfir-qa-project-1-eks-node-group-20240404150212386700000008\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kfir-qa-project-cluster-20240404150155268600000001\",\"AROA2IBR2EZTPUCEXG4YG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kfir-qa-project-cluster-20240404150155268600000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/kfir-qa-project-cluster-20240404150155268600000001\",\"AROA2IBR2EZTPUCEXG4YG\"],\"name\":\"kfir-qa-project-cluster-20240404150155268600000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/kfir-qa-project-cluster-20240404150155268600000001\",\"RoleId\":\"AROA2IBR2EZTPUCEXG4YG\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"CreateDate\":\"2024-04-04T15:01:55Z\",\"Path\":\"/\",\"RoleName\":\"kfir-qa-project-cluster-20240404150155268600000001\",\"Tags\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleName\":\"kostas-eks-n13-1-eks-node-group-20240605165218807900000008\",\"MaxSessionDuration\":3600,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/kostas-eks-n13-1-eks-node-group-20240605165218807900000008\",\"CreateDate\":\"2024-06-05T16:52:18Z\",\"RoleId\":\"AROA2IBR2EZTOT364F4PD\"},\"id\":[\"arn:aws:iam::704479110758:role/kostas-eks-n13-1-eks-node-group-20240605165218807900000008\",\"AROA2IBR2EZTOT364F4PD\"],\"name\":\"kostas-eks-n13-1-eks-node-group-20240605165218807900000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kostas-eks-n13-1-eks-node-group-20240605165218807900000008\",\"AROA2IBR2EZTOT364F4PD\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kostas-eks-n13-1-eks-node-group-20240605165218807900000008\":{\"type\":\"role\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/kostas-eks-n13-cluster-20240605165203924800000001\",\"AROA2IBR2EZTCAWR3RAAP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kostas-eks-n13-cluster-20240605165203924800000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/kostas-eks-n13-cluster-20240605165203924800000001\",\"RoleId\":\"AROA2IBR2EZTCAWR3RAAP\",\"RoleName\":\"kostas-eks-n13-cluster-20240605165203924800000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"CreateDate\":\"2024-06-05T16:52:04Z\",\"Path\":\"/\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/kostas-eks-n13-cluster-20240605165203924800000001\",\"AROA2IBR2EZTCAWR3RAAP\"],\"name\":\"kostas-eks-n13-cluster-20240605165203924800000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.088+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kostas-elastic-gen\",\"AROA2IBR2EZTNSCP56C6Y\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kostas-elastic-gen\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Tags\":null,\"Path\":\"/\",\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTNSCP56C6Y\",\"RoleName\":\"kostas-elastic-gen\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22pods.eks.amazonaws.com%22%7D%2C%22Action%22%3A%5B%22sts%3AAssumeRole%22%2C%22sts%3ATagSession%22%5D%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/kostas-elastic-gen\",\"CreateDate\":\"2024-05-28T13:22:39Z\"},\"id\":[\"arn:aws:iam::704479110758:role/kostas-elastic-gen\",\"AROA2IBR2EZTNSCP56C6Y\"],\"name\":\"kostas-elastic-gen\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kostas-sample-internal\",\"AROA2IBR2EZTEMRBTYMU2\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kostas-sample-internal\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/kostas-sample-internal\",\"AROA2IBR2EZTEMRBTYMU2\"],\"name\":\"kostas-sample-internal\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/kostas-sample-internal\",\"CreateDate\":\"2024-06-06T09:04:21Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fkostas-elastic-gen%22%7D%2C%22Action%22%3A%5B%22sts%3AAssumeRole%22%2C%22sts%3ATagSession%22%5D%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTEMRBTYMU2\",\"RoleName\":\"kostas-sample-internal\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"Tags\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kostasEKSClusterServiceRole\",\"AROA2IBR2EZTMWL32WF2H\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kostasEKSClusterServiceRole\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/kostasEKSClusterServiceRole\",\"AROA2IBR2EZTMWL32WF2H\"],\"name\":\"kostasEKSClusterServiceRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-05-29T11:21:56Z\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/kostasEKSClusterServiceRole\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTMWL32WF2H\",\"RoleName\":\"kostasEKSClusterServiceRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows access to other AWS service resources that are required to operate clusters managed by EKS.\",\"MaxSessionDuration\":3600}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/kuba-logs-1-eks-node-group-20241119125211411600000008\",\"CreateDate\":\"2024-11-19T12:52:11Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleId\":\"AROA2IBR2EZTFISYGPFKH\",\"RoleName\":\"kuba-logs-1-eks-node-group-20241119125211411600000008\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/kuba-logs-1-eks-node-group-20241119125211411600000008\",\"AROA2IBR2EZTFISYGPFKH\"],\"name\":\"kuba-logs-1-eks-node-group-20241119125211411600000008\",\"category\":\"identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kuba-logs-1-eks-node-group-20241119125211411600000008\",\"AROA2IBR2EZTFISYGPFKH\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kuba-logs-1-eks-node-group-20241119125211411600000008\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/kuba-logs-cluster-20241119125144425700000001\",\"AROA2IBR2EZTIR5QKL522\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kuba-logs-cluster-20241119125144425700000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/kuba-logs-cluster-20241119125144425700000001\",\"CreateDate\":\"2024-11-19T12:51:44Z\",\"Path\":\"/\",\"RoleName\":\"kuba-logs-cluster-20241119125144425700000001\",\"RoleId\":\"AROA2IBR2EZTIR5QKL522\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/kuba-logs-cluster-20241119125144425700000001\",\"AROA2IBR2EZTIR5QKL522\"],\"name\":\"kuba-logs-cluster-20241119125144425700000001\",\"category\":\"identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/kuba-logs-cnvm-sanity-test-stack-ElasticAgentRole-OkFvz4aD3TA8\",\"AROA2IBR2EZTAFAOYXGAJ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/kuba-logs-cnvm-sanity-test-stack-ElasticAgentRole-OkFvz4aD3TA8\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/kuba-logs-cnvm-sanity-test-stack-ElasticAgentRole-OkFvz4aD3TA8\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTAFAOYXGAJ\",\"RoleName\":\"kuba-logs-cnvm-sanity-test-stack-ElasticAgentRole-OkFvz4aD3TA8\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2024-11-19T13:11:46Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/kuba-logs-cnvm-sanity-test-stack-ElasticAgentRole-OkFvz4aD3TA8\",\"AROA2IBR2EZTAFAOYXGAJ\"],\"name\":\"kuba-logs-cnvm-sanity-test-stack-ElasticAgentRole-OkFvz4aD3TA8\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/KubernetesAdmin\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/KubernetesAdmin\",\"AROA2IBR2EZTFMDDE75C4\"],\"name\":\"KubernetesAdmin\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/KubernetesAdmin\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTFMDDE75C4\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%5B%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%2C%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fkops%22%2C%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fgithub-ci%22%5D%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%5D%7D\",\"CreateDate\":\"2022-04-19T08:25:47Z\",\"RoleName\":\"KubernetesAdmin\",\"Description\":\"Kubernetes administrator role (for AWS IAM Authenticator for AWS).\",\"Tags\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/KubernetesAdmin\",\"AROA2IBR2EZTFMDDE75C4\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/lambda-cloudtrail-role\",\"AROA2IBR2EZTCYTGVXCPG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/lambda-cloudtrail-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-09-08T08:50:25Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTCYTGVXCPG\",\"RoleName\":\"lambda-cloudtrail-role\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/lambda-cloudtrail-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows Lambda functions to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/lambda-cloudtrail-role\",\"AROA2IBR2EZTCYTGVXCPG\"],\"name\":\"lambda-cloudtrail-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/LambdaRoleListEC2\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"LambdaRoleListEC2\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPDU5XYOGQ\",\"RoleName\":\"LambdaRoleListEC2\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/LambdaRoleListEC2\",\"CreateDate\":\"2024-03-31T10:16:46Z\"},\"id\":[\"arn:aws:iam::704479110758:role/LambdaRoleListEC2\",\"AROA2IBR2EZTPDU5XYOGQ\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/LambdaRoleListEC2\",\"AROA2IBR2EZTPDU5XYOGQ\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/LiveEnvironmentTracking-ElasticAgentRole-498WKBEF5D0X\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/LiveEnvironmentTracking-ElasticAgentRole-498WKBEF5D0X\",\"RoleId\":\"AROA2IBR2EZTIUNINKC7M\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-06-29T17:03:40Z\",\"Path\":\"/\",\"RoleName\":\"LiveEnvironmentTracking-ElasticAgentRole-498WKBEF5D0X\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/LiveEnvironmentTracking-ElasticAgentRole-498WKBEF5D0X\",\"AROA2IBR2EZTIUNINKC7M\"],\"name\":\"LiveEnvironmentTracking-ElasticAgentRole-498WKBEF5D0X\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/LiveEnvironmentTracking-ElasticAgentRole-498WKBEF5D0X\",\"AROA2IBR2EZTIUNINKC7M\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/Long-Lived-Env-CNVM-8-14-ElasticAgentRole-KYEN59X0ecj1\",\"AROA2IBR2EZTDIEIUWZAA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Long-Lived-Env-CNVM-8-14-ElasticAgentRole-KYEN59X0ecj1\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"Long-Lived-Env-CNVM-8-14-ElasticAgentRole-KYEN59X0ecj1\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/Long-Lived-Env-CNVM-8-14-ElasticAgentRole-KYEN59X0ecj1\",\"RoleId\":\"AROA2IBR2EZTDIEIUWZAA\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2024-06-12T09:40:22Z\",\"Path\":\"/\",\"RoleName\":\"Long-Lived-Env-CNVM-8-14-ElasticAgentRole-KYEN59X0ecj1\"},\"id\":[\"arn:aws:iam::704479110758:role/Long-Lived-Env-CNVM-8-14-ElasticAgentRole-KYEN59X0ecj1\",\"AROA2IBR2EZTDIEIUWZAA\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTFAU3OINNT\",\"RoleName\":\"long-running-project-1-eks-node-group-20231123175753965100000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/long-running-project-1-eks-node-group-20231123175753965100000008\",\"CreateDate\":\"2023-11-23T17:57:53Z\",\"Path\":\"/\",\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/long-running-project-1-eks-node-group-20231123175753965100000008\",\"AROA2IBR2EZTFAU3OINNT\"],\"name\":\"long-running-project-1-eks-node-group-20231123175753965100000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/long-running-project-1-eks-node-group-20231123175753965100000008\",\"AROA2IBR2EZTFAU3OINNT\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/long-running-project-1-eks-node-group-20231123175753965100000008\":{\"type\":\"role\",\"category\":\"identity\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/long-running-project-cluster-20231123175739907500000001\",\"CreateDate\":\"2023-11-23T17:57:39Z\",\"RoleId\":\"AROA2IBR2EZTJOEZFSQXE\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleName\":\"long-running-project-cluster-20231123175739907500000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/long-running-project-cluster-20231123175739907500000001\",\"AROA2IBR2EZTJOEZFSQXE\"],\"name\":\"long-running-project-cluster-20231123175739907500000001\",\"category\":\"identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/long-running-project-cluster-20231123175739907500000001\",\"AROA2IBR2EZTJOEZFSQXE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/long-running-project-cluster-20231123175739907500000001\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"Tags\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/MapCreatedEC2sLambda\",\"CreateDate\":\"2024-03-31T10:20:21Z\",\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTL5RAOSONL\",\"RoleName\":\"MapCreatedEC2sLambda\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/MapCreatedEC2sLambda\",\"AROA2IBR2EZTL5RAOSONL\"],\"name\":\"MapCreatedEC2sLambda\",\"category\":\"identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/MapCreatedEC2sLambda\",\"AROA2IBR2EZTL5RAOSONL\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/MapCreatedEC2sLambda\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/masters.kops-csp-demo-1.k8s.local\",\"AROA2IBR2EZTENCWEX5TH\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/masters.kops-csp-demo-1.k8s.local\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/masters.kops-csp-demo-1.k8s.local\",\"AROA2IBR2EZTENCWEX5TH\"],\"name\":\"masters.kops-csp-demo-1.k8s.local\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTENCWEX5TH\",\"RoleName\":\"masters.kops-csp-demo-1.k8s.local\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/masters.kops-csp-demo-1.k8s.local\",\"CreateDate\":\"2022-05-08T05:53:57Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/masters.kops-csp-demo-2.k8s.local\",\"AROA2IBR2EZTCMGUODJM6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/masters.kops-csp-demo-2.k8s.local\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTCMGUODJM6\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/masters.kops-csp-demo-2.k8s.local\",\"CreateDate\":\"2022-05-08T05:40:31Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"Path\":\"/\",\"RoleName\":\"masters.kops-csp-demo-2.k8s.local\"},\"id\":[\"arn:aws:iam::704479110758:role/masters.kops-csp-demo-2.k8s.local\",\"AROA2IBR2EZTCMGUODJM6\"],\"name\":\"masters.kops-csp-demo-2.k8s.local\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/masters.kops-csp-vanilla-2.k8s.local\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2022-04-19T08:26:51Z\",\"Path\":\"/\",\"RoleName\":\"masters.kops-csp-vanilla-2.k8s.local\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/masters.kops-csp-vanilla-2.k8s.local\",\"RoleId\":\"AROA2IBR2EZTNFS3YN7TN\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/masters.kops-csp-vanilla-2.k8s.local\",\"AROA2IBR2EZTNFS3YN7TN\"],\"name\":\"masters.kops-csp-vanilla-2.k8s.local\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/masters.kops-csp-vanilla-2.k8s.local\",\"AROA2IBR2EZTNFS3YN7TN\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/masters.mycluster.k8s.local\",\"Path\":\"/\",\"RoleName\":\"masters.mycluster.k8s.local\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2021-09-14T21:48:54Z\",\"RoleId\":\"AROA2IBR2EZTN2KEGHJUQ\"},\"id\":[\"arn:aws:iam::704479110758:role/masters.mycluster.k8s.local\",\"AROA2IBR2EZTN2KEGHJUQ\"],\"name\":\"masters.mycluster.k8s.local\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/masters.mycluster.k8s.local\",\"AROA2IBR2EZTN2KEGHJUQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/masters.mycluster.k8s.local\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/my-cluster-eksRole-role-8276044\",\"AROA2IBR2EZTKGQXNLQSG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/my-cluster-eksRole-role-8276044\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"my-cluster-eksRole-role-8276044\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTKGQXNLQSG\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EKS to manage clusters on your behalf.\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/my-cluster-eksRole-role-8276044\",\"CreateDate\":\"2022-08-17T07:27:07Z\",\"Path\":\"/\",\"RoleName\":\"my-cluster-eksRole-role-8276044\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/my-cluster-eksRole-role-8276044\",\"AROA2IBR2EZTKGQXNLQSG\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/my-cluster-instanceRole-role-6a28f70\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"Tags\":null,\"CreateDate\":\"2022-08-17T07:27:07Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTA2D42VVOD\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/my-cluster-instanceRole-role-6a28f70\",\"RoleName\":\"my-cluster-instanceRole-role-6a28f70\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/my-cluster-instanceRole-role-6a28f70\",\"AROA2IBR2EZTA2D42VVOD\"],\"name\":\"my-cluster-instanceRole-role-6a28f70\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/my-cluster-instanceRole-role-6a28f70\",\"AROA2IBR2EZTA2D42VVOD\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/myAmazonEKSNodeRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/myAmazonEKSNodeRole\",\"AROA2IBR2EZTN5WKL6VBI\"],\"name\":\"myAmazonEKSNodeRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"MaxSessionDuration\":3600,\"RoleId\":\"AROA2IBR2EZTN5WKL6VBI\",\"RoleName\":\"myAmazonEKSNodeRole\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/myAmazonEKSNodeRole\",\"CreateDate\":\"2022-11-08T14:57:08Z\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/myAmazonEKSNodeRole\",\"AROA2IBR2EZTN5WKL6VBI\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/nick-cspm-iam\",\"AROA2IBR2EZTFKJ5VXLGV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/nick-cspm-iam\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/nick-cspm-iam\",\"AROA2IBR2EZTFKJ5VXLGV\"],\"name\":\"nick-cspm-iam\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/nick-cspm-iam\",\"CreateDate\":\"2023-05-04T22:13:23Z\",\"RoleId\":\"AROA2IBR2EZTFKJ5VXLGV\",\"RoleName\":\"nick-cspm-iam\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Tags\":null}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/nodes.kops-csp-demo-1.k8s.local\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/nodes.kops-csp-demo-1.k8s.local\",\"AROA2IBR2EZTNEKXT5AC4\"],\"name\":\"nodes.kops-csp-demo-1.k8s.local\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/nodes.kops-csp-demo-1.k8s.local\",\"Path\":\"/\",\"RoleName\":\"nodes.kops-csp-demo-1.k8s.local\",\"PermissionsBoundary\":null,\"Tags\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2022-05-08T05:53:57Z\",\"RoleId\":\"AROA2IBR2EZTNEKXT5AC4\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/nodes.kops-csp-demo-1.k8s.local\",\"AROA2IBR2EZTNEKXT5AC4\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/nodes.kops-csp-demo-2.k8s.local\",\"AROA2IBR2EZTPHQCTLIZ2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/nodes.kops-csp-demo-2.k8s.local\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"CreateDate\":\"2022-05-08T05:40:31Z\",\"Path\":\"/\",\"RoleName\":\"nodes.kops-csp-demo-2.k8s.local\",\"Description\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/nodes.kops-csp-demo-2.k8s.local\",\"RoleId\":\"AROA2IBR2EZTPHQCTLIZ2\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/nodes.kops-csp-demo-2.k8s.local\",\"AROA2IBR2EZTPHQCTLIZ2\"],\"name\":\"nodes.kops-csp-demo-2.k8s.local\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/nodes.kops-csp-vanilla-2.k8s.local\",\"RoleId\":\"AROA2IBR2EZTGAP2FSWWY\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"CreateDate\":\"2022-04-19T08:26:51Z\",\"Path\":\"/\",\"RoleName\":\"nodes.kops-csp-vanilla-2.k8s.local\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/nodes.kops-csp-vanilla-2.k8s.local\",\"AROA2IBR2EZTGAP2FSWWY\"],\"name\":\"nodes.kops-csp-vanilla-2.k8s.local\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/nodes.kops-csp-vanilla-2.k8s.local\",\"AROA2IBR2EZTGAP2FSWWY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/nodes.kops-csp-vanilla-2.k8s.local\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/nodes.mycluster.k8s.local\",\"AROA2IBR2EZTJW5BPWMPN\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/nodes.mycluster.k8s.local\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/nodes.mycluster.k8s.local\",\"Path\":\"/\",\"RoleName\":\"nodes.mycluster.k8s.local\",\"Description\":null,\"MaxSessionDuration\":3600,\"Tags\":null,\"CreateDate\":\"2021-09-14T21:48:54Z\",\"RoleId\":\"AROA2IBR2EZTJW5BPWMPN\"},\"id\":[\"arn:aws:iam::704479110758:role/nodes.mycluster.k8s.local\",\"AROA2IBR2EZTJW5BPWMPN\"],\"name\":\"nodes.mycluster.k8s.local\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/NoPermissions-Eyal_EAH_Workshop\",\"AROA2IBR2EZTH7LNFYSHX\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/NoPermissions-Eyal_EAH_Workshop\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/NoPermissions-Eyal_EAH_Workshop\",\"CreateDate\":\"2024-02-07T16:20:00Z\",\"RoleId\":\"AROA2IBR2EZTH7LNFYSHX\",\"RoleName\":\"NoPermissions-Eyal_EAH_Workshop\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%5D%7D\",\"Description\":\"\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/NoPermissions-Eyal_EAH_Workshop\",\"AROA2IBR2EZTH7LNFYSHX\"],\"name\":\"NoPermissions-Eyal_EAH_Workshop\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/OlegAdmin\",\"AROA2IBR2EZTK7KQ3E5RN\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/OlegAdmin\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/OlegAdmin\",\"Path\":\"/\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-02-06T11:13:15Z\",\"RoleId\":\"AROA2IBR2EZTK7KQ3E5RN\",\"RoleName\":\"OlegAdmin\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2FCCE0DDF8B7400384B7C448D0573A0D28%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2FCCE0DDF8B7400384B7C448D0573A0D28%3Aaud%22%3A%22sts.amazonaws.com%22%2C%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2FCCE0DDF8B7400384B7C448D0573A0D28%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aoleg-admin%22%7D%7D%7D%5D%7D\",\"Description\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/OlegAdmin\",\"AROA2IBR2EZTK7KQ3E5RN\"],\"name\":\"OlegAdmin\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"name\":\"OlegAdmin2998\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-02T10:18:51Z\",\"RoleId\":\"AROA2IBR2EZTK264TPYN3\",\"RoleName\":\"OlegAdmin2998\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%5D%7D\",\"Description\":\"adding this policy to run test sdh issue\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/OlegAdmin2998\",\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/OlegAdmin2998\",\"AROA2IBR2EZTK264TPYN3\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/OlegAdmin2998\",\"AROA2IBR2EZTK264TPYN3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/OlegAdmin2998\":{\"type\":\"role\",\"category\":\"identity\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/opa-auth-role\",\"AROA2IBR2EZTFK7XD5HPY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/opa-auth-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/opa-auth-role\",\"Path\":\"/\",\"RoleName\":\"opa-auth-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%5B%22lambda.amazonaws.com%22%2C%22ec2.amazonaws.com%22%2C%22es.amazonaws.com%22%5D%7D%2C%22Action%22%3A%5B%22sts%3AAssumeRole%22%2C%22sts%3AAssumeRoleWithWebIdentity%22%5D%7D%5D%7D\",\"CreateDate\":\"2021-03-16T16:22:28Z\",\"RoleId\":\"AROA2IBR2EZTFK7XD5HPY\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/opa-auth-role\",\"AROA2IBR2EZTFK7XD5HPY\"],\"name\":\"opa-auth-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/opa-cloud-trail-demo-role\",\"AROA2IBR2EZTPATUWQQ2H\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/opa-cloud-trail-demo-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/opa-cloud-trail-demo-role\",\"AROA2IBR2EZTPATUWQQ2H\"],\"name\":\"opa-cloud-trail-demo-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"Allows Lambda functions to call AWS services on your behalf.\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/opa-cloud-trail-demo-role\",\"CreateDate\":\"2021-06-23T09:51:40Z\",\"RoleId\":\"AROA2IBR2EZTPATUWQQ2H\",\"RoleName\":\"opa-cloud-trail-demo-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Path\":\"/\",\"Tags\":null}},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/orestis-cloutrail-role\",\"AROA2IBR2EZTJ6MW3JJC4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/orestis-cloutrail-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/service-role/orestis-cloutrail-role\",\"CreateDate\":\"2024-02-20T15:37:19Z\",\"RoleName\":\"orestis-cloutrail-role\",\"Description\":null,\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTJ6MW3JJC4\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22cloudtrail.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/orestis-cloutrail-role\",\"AROA2IBR2EZTJ6MW3JJC4\"],\"name\":\"orestis-cloutrail-role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/orestis-trail-role\",\"AROA2IBR2EZTID37VUB7I\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/orestis-trail-role\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/service-role/orestis-trail-role\",\"AROA2IBR2EZTID37VUB7I\"],\"name\":\"orestis-trail-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-02-20T15:44:11Z\",\"RoleId\":\"AROA2IBR2EZTID37VUB7I\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/orestis-trail-role\",\"Path\":\"/service-role/\",\"RoleName\":\"orestis-trail-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22cloudtrail.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/OrganizationAccountAccessRole\",\"AROA2IBR2EZTK7TC5PWBK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/OrganizationAccountAccessRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/OrganizationAccountAccessRole\",\"AROA2IBR2EZTK7TC5PWBK\"],\"name\":\"OrganizationAccountAccessRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTK7TC5PWBK\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/OrganizationAccountAccessRole\",\"Path\":\"/\",\"RoleName\":\"OrganizationAccountAccessRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A885653174577%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"CreateDate\":\"2020-02-05T15:28:56Z\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/orz_811_sdh_role_test\",\"AROA2IBR2EZTDHMI4RJYV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/orz_811_sdh_role_test\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/orz_811_sdh_role_test\",\"CreateDate\":\"2024-06-05T09:40:20Z\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"PermissionsBoundary\":null,\"RoleId\":\"AROA2IBR2EZTDHMI4RJYV\",\"RoleName\":\"orz_811_sdh_role_test\",\"MaxSessionDuration\":3600,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/orz_811_sdh_role_test\",\"AROA2IBR2EZTDHMI4RJYV\"],\"name\":\"orz_811_sdh_role_test\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/poc-chatbot-cloudwatchRole\",\"AROA2IBR2EZTBQM4T6BYS\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/poc-chatbot-cloudwatchRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/poc-chatbot-cloudwatchRole\",\"AROA2IBR2EZTBQM4T6BYS\"],\"name\":\"poc-chatbot-cloudwatchRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"poc-chatbot-cloudwatchRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22chatbot.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Path\":\"/\",\"CreateDate\":\"2021-02-11T16:31:39Z\",\"RoleId\":\"AROA2IBR2EZTBQM4T6BYS\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/poc-chatbot-cloudwatchRole\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/poc-ecsTaskExecutionRole\",\"AROA2IBR2EZTMR4KIP5ZV\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/poc-ecsTaskExecutionRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/poc-ecsTaskExecutionRole\",\"RoleId\":\"AROA2IBR2EZTMR4KIP5ZV\",\"RoleName\":\"poc-ecsTaskExecutionRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"Tags\":null,\"CreateDate\":\"2021-02-11T20:07:05Z\",\"Path\":\"/\",\"Description\":null,\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/poc-ecsTaskExecutionRole\",\"AROA2IBR2EZTMR4KIP5ZV\"],\"name\":\"poc-ecsTaskExecutionRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/poc-ecsTaskRole\",\"AROA2IBR2EZTN37T6QMR4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/poc-ecsTaskRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"Description\":\"Allows poc ECS tasks to call AWS services on your behalf\",\"MaxSessionDuration\":3600,\"Tags\":null,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/poc-ecsTaskRole\",\"CreateDate\":\"2021-02-11T20:07:05Z\",\"RoleId\":\"AROA2IBR2EZTN37T6QMR4\",\"RoleName\":\"poc-ecsTaskRole\"},\"id\":[\"arn:aws:iam::704479110758:role/poc-ecsTaskRole\",\"AROA2IBR2EZTN37T6QMR4\"],\"name\":\"poc-ecsTaskRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/poc-ecsTaskRole-prometheus\",\"AROA2IBR2EZTKKA5G4YVE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/poc-ecsTaskRole-prometheus\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"Tags\":null,\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows poc ECS tasks to call AWS services on your behalf\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/poc-ecsTaskRole-prometheus\",\"CreateDate\":\"2021-02-11T20:07:05Z\",\"RoleId\":\"AROA2IBR2EZTKKA5G4YVE\",\"RoleName\":\"poc-ecsTaskRole-prometheus\"},\"id\":[\"arn:aws:iam::704479110758:role/poc-ecsTaskRole-prometheus\",\"AROA2IBR2EZTKKA5G4YVE\"],\"name\":\"poc-ecsTaskRole-prometheus\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/poc-eks20210523164253972300000002\",\"AROA2IBR2EZTJK3BMMR3N\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/poc-eks20210523164253972300000002\":{\"type\":\"role\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"name\":\"poc-eks20210523164253972300000002\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTJK3BMMR3N\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/poc-eks20210523164253972300000002\",\"CreateDate\":\"2021-05-23T16:42:54Z\",\"RoleName\":\"poc-eks20210523164253972300000002\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/poc-eks20210523164253972300000002\",\"AROA2IBR2EZTJK3BMMR3N\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/poc-eks2021052316515202740000000b\",\"AROA2IBR2EZTBJ3PEVO6I\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/poc-eks2021052316515202740000000b\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/poc-eks2021052316515202740000000b\",\"CreateDate\":\"2021-05-23T16:51:52Z\",\"Path\":\"/\",\"RoleName\":\"poc-eks2021052316515202740000000b\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTBJ3PEVO6I\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSWorkerAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/poc-eks2021052316515202740000000b\",\"AROA2IBR2EZTBJ3PEVO6I\"],\"name\":\"poc-eks2021052316515202740000000b\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Path\":\"/\",\"CreateDate\":\"2021-02-11T16:31:39Z\",\"RoleId\":\"AROA2IBR2EZTMQVA5BXQZ\",\"RoleName\":\"poc-Lambda_run_query_inside_vpc_Role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%5B%22lambda.amazonaws.com%22%2C%22ec2.amazonaws.com%22%2C%22es.amazonaws.com%22%5D%7D%2C%22Action%22%3A%5B%22sts%3AAssumeRole%22%2C%22sts%3AAssumeRoleWithWebIdentity%22%5D%7D%5D%7D\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/poc-Lambda_run_query_inside_vpc_Role\"},\"id\":[\"arn:aws:iam::704479110758:role/poc-Lambda_run_query_inside_vpc_Role\",\"AROA2IBR2EZTMQVA5BXQZ\"],\"name\":\"poc-Lambda_run_query_inside_vpc_Role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/poc-Lambda_run_query_inside_vpc_Role\",\"AROA2IBR2EZTMQVA5BXQZ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/poc-Lambda_run_query_inside_vpc_Role\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/poc_bsec_eks\",\"AROA2IBR2EZTPL5BHGCAX\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/poc_bsec_eks\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/poc_bsec_eks\",\"CreateDate\":\"2021-07-11T07:55:24Z\",\"RoleName\":\"poc_bsec_eks\",\"Description\":\"Allows poc Eks pods to call AWS services on your behalf\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPL5BHGCAX\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2FDE38503DD12D3949C3F007A65692D3F5%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2FDE38503DD12D3949C3F007A65692D3F5%3Aaud%22%3A%22sts.amazonaws.com%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/poc_bsec_eks\",\"AROA2IBR2EZTPL5BHGCAX\"],\"name\":\"poc_bsec_eks\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/poc_cluster_asg\",\"AROA2IBR2EZTPXAXLJKAG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/poc_cluster_asg\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPXAXLJKAG\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2FDE38503DD12D3949C3F007A65692D3F5%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2FDE38503DD12D3949C3F007A65692D3F5%3Aaud%22%3A%22sts.amazonaws.com%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows poc cluster autoscaler pods to call AWS services on your behalf\",\"MaxSessionDuration\":3600,\"Tags\":null,\"CreateDate\":\"2021-07-11T07:55:22Z\",\"RoleName\":\"poc_cluster_asg\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/poc_cluster_asg\"},\"id\":[\"arn:aws:iam::704479110758:role/poc_cluster_asg\",\"AROA2IBR2EZTPXAXLJKAG\"],\"name\":\"poc_cluster_asg\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/poc_ext_dns\",\"AROA2IBR2EZTKSXERJR2G\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/poc_ext_dns\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"poc_ext_dns\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/poc_ext_dns\",\"CreateDate\":\"2021-07-11T07:55:21Z\",\"Path\":\"/\",\"Description\":\"Allows poc ext_dns pods to call AWS services on your behalf\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTKSXERJR2G\",\"RoleName\":\"poc_ext_dns\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2FDE38503DD12D3949C3F007A65692D3F5%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2FDE38503DD12D3949C3F007A65692D3F5%3Aaud%22%3A%22sts.amazonaws.com%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Auser%2Fdavid%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/poc_ext_dns\",\"AROA2IBR2EZTKSXERJR2G\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/Postgres_ReadOnly_User_Creation-role-mx2l999p\",\"AROA2IBR2EZTANUJA6MXR\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/Postgres_ReadOnly_User_Creation-role-mx2l999p\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/Postgres_ReadOnly_User_Creation-role-mx2l999p\",\"Path\":\"/service-role/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2020-11-30T19:25:30Z\",\"RoleId\":\"AROA2IBR2EZTANUJA6MXR\",\"RoleName\":\"Postgres_ReadOnly_User_Creation-role-mx2l999p\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/service-role/Postgres_ReadOnly_User_Creation-role-mx2l999p\",\"AROA2IBR2EZTANUJA6MXR\"],\"name\":\"Postgres_ReadOnly_User_Creation-role-mx2l999p\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/PrismaCloudRole-1121575680308690944\",\"AROA2IBR2EZTGX6BW6JRM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/PrismaCloudRole-1121575680308690944\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2024-04-19T21:56:32Z\",\"Path\":\"/\",\"MaxSessionDuration\":43200,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/PrismaCloudRole-1121575680308690944\",\"RoleId\":\"AROA2IBR2EZTGX6BW6JRM\",\"RoleName\":\"PrismaCloudRole-1121575680308690944\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A188619942792%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22sts%3AExternalId%22%3A%220f9207ba-b61d-4c22-8918-02818bdee73b%22%7D%7D%7D%5D%7D\",\"Description\":\"\"},\"id\":[\"arn:aws:iam::704479110758:role/PrismaCloudRole-1121575680308690944\",\"AROA2IBR2EZTGX6BW6JRM\"],\"name\":\"PrismaCloudRole-1121575680308690944\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/qa-chatbot-cloudwatchRole\",\"AROA2IBR2EZTOZ4GI2OZV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/qa-chatbot-cloudwatchRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/qa-chatbot-cloudwatchRole\",\"AROA2IBR2EZTOZ4GI2OZV\"],\"name\":\"qa-chatbot-cloudwatchRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-10-28T07:33:42Z\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/qa-chatbot-cloudwatchRole\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTOZ4GI2OZV\",\"RoleName\":\"qa-chatbot-cloudwatchRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22chatbot.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"name\":\"qa-cspm-aws-org-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/qa-cspm-aws-org-role\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTAVMTFBXUY\",\"RoleName\":\"qa-cspm-aws-org-role\",\"Tags\":null,\"CreateDate\":\"2024-10-31T16:25:29Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/qa-cspm-aws-org-role\",\"AROA2IBR2EZTAVMTFBXUY\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/qa-cspm-aws-org-role\",\"AROA2IBR2EZTAVMTFBXUY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/qa-cspm-aws-org-role\":{\"type\":\"role\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/qa-ecsTaskExecutionRole\",\"AROA2IBR2EZTF57J3V5QP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/qa-ecsTaskExecutionRole\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"RoleName\":\"qa-ecsTaskExecutionRole\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/qa-ecsTaskExecutionRole\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTF57J3V5QP\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2020-10-28T07:46:03Z\"},\"id\":[\"arn:aws:iam::704479110758:role/qa-ecsTaskExecutionRole\",\"AROA2IBR2EZTF57J3V5QP\"],\"name\":\"qa-ecsTaskExecutionRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"name\":\"qa-ecsTaskRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/qa-ecsTaskRole\",\"CreateDate\":\"2020-10-28T07:46:03Z\",\"RoleName\":\"qa-ecsTaskRole\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTFSAS4WVZZ\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows qa ECS tasks to call AWS services on your behalf\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/qa-ecsTaskRole\",\"AROA2IBR2EZTFSAS4WVZZ\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/qa-ecsTaskRole\",\"AROA2IBR2EZTFSAS4WVZZ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/qa-ecsTaskRole\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/qa-ecsTaskRole-prometheus\",\"AROA2IBR2EZTAMZKNZAIC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/qa-ecsTaskRole-prometheus\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"Allows qa ECS tasks to call AWS services on your behalf\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/qa-ecsTaskRole-prometheus\",\"CreateDate\":\"2021-03-04T07:11:52Z\",\"Path\":\"/\",\"MaxSessionDuration\":3600,\"RoleId\":\"AROA2IBR2EZTAMZKNZAIC\",\"RoleName\":\"qa-ecsTaskRole-prometheus\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ecs-tasks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/qa-ecsTaskRole-prometheus\",\"AROA2IBR2EZTAMZKNZAIC\"],\"name\":\"qa-ecsTaskRole-prometheus\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/qa-eks20210519182911761700000002\",\"AROA2IBR2EZTPUVP45YL5\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/qa-eks20210519182911761700000002\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/qa-eks20210519182911761700000002\",\"CreateDate\":\"2021-05-19T18:29:12Z\",\"RoleId\":\"AROA2IBR2EZTPUVP45YL5\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleName\":\"qa-eks20210519182911761700000002\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/qa-eks20210519182911761700000002\",\"AROA2IBR2EZTPUVP45YL5\"],\"name\":\"qa-eks20210519182911761700000002\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTPOEG3QPK4\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/qa-eks2021051918405752590000000b\",\"RoleName\":\"qa-eks2021051918405752590000000b\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSWorkerAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"CreateDate\":\"2021-05-19T18:40:58Z\"},\"id\":[\"arn:aws:iam::704479110758:role/qa-eks2021051918405752590000000b\",\"AROA2IBR2EZTPOEG3QPK4\"],\"name\":\"qa-eks2021051918405752590000000b\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/qa-eks2021051918405752590000000b\",\"AROA2IBR2EZTPOEG3QPK4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/qa-eks2021051918405752590000000b\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/qa-Lambda_run_query_inside_vpc_Role\",\"AROA2IBR2EZTHUYTIY6UG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/qa-Lambda_run_query_inside_vpc_Role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-12-04T11:10:01Z\",\"Arn\":\"arn:aws:iam::704479110758:role/qa-Lambda_run_query_inside_vpc_Role\",\"RoleId\":\"AROA2IBR2EZTHUYTIY6UG\",\"RoleName\":\"qa-Lambda_run_query_inside_vpc_Role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%5B%22lambda.amazonaws.com%22%2C%22ec2.amazonaws.com%22%2C%22es.amazonaws.com%22%5D%7D%2C%22Action%22%3A%5B%22sts%3AAssumeRole%22%2C%22sts%3AAssumeRoleWithWebIdentity%22%5D%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/qa-Lambda_run_query_inside_vpc_Role\",\"AROA2IBR2EZTHUYTIY6UG\"],\"name\":\"qa-Lambda_run_query_inside_vpc_Role\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/rds-export\",\"AROA2IBR2EZTIHHMNUPKS\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/rds-export\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2024-10-10T15:46:55Z\",\"Path\":\"/\",\"Description\":\"\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/rds-export\",\"RoleId\":\"AROA2IBR2EZTIHHMNUPKS\",\"RoleName\":\"rds-export\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22Statement1%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22export.rds.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22rds.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/rds-export\",\"AROA2IBR2EZTIHHMNUPKS\"],\"name\":\"rds-export\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/rds-monitoring-role\",\"AROA2IBR2EZTNIFRYUT65\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/rds-monitoring-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"rds-monitoring-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22monitoring.rds.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/rds-monitoring-role\",\"CreateDate\":\"2023-01-31T07:45:20Z\",\"RoleId\":\"AROA2IBR2EZTNIFRYUT65\",\"Path\":\"/\",\"Description\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/rds-monitoring-role\",\"AROA2IBR2EZTNIFRYUT65\"],\"name\":\"rds-monitoring-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/rmf-asset-inventory-role\",\"AROA2IBR2EZTGQZYR4KZC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/rmf-asset-inventory-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-06-10T08:33:54Z\",\"PermissionsBoundary\":null,\"Tags\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/rmf-asset-inventory-role\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTGQZYR4KZC\",\"RoleName\":\"rmf-asset-inventory-role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/rmf-asset-inventory-role\",\"AROA2IBR2EZTGQZYR4KZC\"],\"name\":\"rmf-asset-inventory-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/rmf-cnvm-test\",\"AROA2IBR2EZTL4G5OOPYD\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/rmf-cnvm-test\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/rmf-cnvm-test\",\"AROA2IBR2EZTL4G5OOPYD\"],\"name\":\"rmf-cnvm-test\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTL4G5OOPYD\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\",\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/rmf-cnvm-test\",\"Path\":\"/\",\"RoleName\":\"rmf-cnvm-test\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"CreateDate\":\"2024-08-09T10:28:57Z\"}},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/RnD_TaggingCleanup\",\"AROA2IBR2EZTATIMC3KRA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/RnD_TaggingCleanup\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":\"\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/RnD_TaggingCleanup\",\"RoleName\":\"RnD_TaggingCleanup\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22AssumeRoleFromElasticProd%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A816604515500%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"CreateDate\":\"2024-04-04T07:38:11Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTATIMC3KRA\"},\"id\":[\"arn:aws:iam::704479110758:role/RnD_TaggingCleanup\",\"AROA2IBR2EZTATIMC3KRA\"],\"name\":\"RnD_TaggingCleanup\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Role-dima-pr-test-eks-C3B\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2FRole-dima-pr-test-eks-C3B%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2FB6BB4DA222D3D686B5C7FA734DD3831D%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2FB6BB4DA222D3D686B5C7FA734DD3831D%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleId\":\"AROA2IBR2EZTBYBRNYMGR\",\"RoleName\":\"Role-dima-pr-test-eks-C3B\",\"Path\":\"/\",\"Description\":null,\"MaxSessionDuration\":43200,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/Role-dima-pr-test-eks-C3B\",\"CreateDate\":\"2023-05-18T11:21:20Z\"},\"id\":[\"arn:aws:iam::704479110758:role/Role-dima-pr-test-eks-C3B\",\"AROA2IBR2EZTBYBRNYMGR\"],\"name\":\"Role-dima-pr-test-eks-C3B\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/Role-dima-pr-test-eks-C3B\",\"AROA2IBR2EZTBYBRNYMGR\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/Role-kfir-June8-8-8-0-3mF\",\"AROA2IBR2EZTAPA4O62LM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/Role-kfir-June8-8-8-0-3mF\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTAPA4O62LM\",\"RoleName\":\"Role-kfir-June8-8-8-0-3mF\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2FRole-kfir-June8-8-8-0-3mF%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F142A98295D509F59897113D24FAEBCA4%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F142A98295D509F59897113D24FAEBCA4%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":43200,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/Role-kfir-June8-8-8-0-3mF\",\"CreateDate\":\"2023-06-08T10:37:09Z\",\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/Role-kfir-June8-8-8-0-3mF\",\"AROA2IBR2EZTAPA4O62LM\"],\"name\":\"Role-kfir-June8-8-8-0-3mF\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/romulo-eks-test\",\"AROA2IBR2EZTECWIS535V\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/romulo-eks-test\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/romulo-eks-test\",\"CreateDate\":\"2024-02-13T14:23:32Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22ExplicitSelfRoleAssumption%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22ArnLike%22%3A%7B%22aws%3APrincipalArn%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Arole%2Fromulo-eks-test%22%7D%7D%7D%2C%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Federated%22%3A%22arn%3Aaws%3Aiam%3A%3A704479110758%3Aoidc-provider%2Foidc.eks.eu-west-1.amazonaws.com%2Fid%2F9F2F408FCB1E861F5BB276137DEF055D%22%7D%2C%22Action%22%3A%22sts%3AAssumeRoleWithWebIdentity%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22oidc.eks.eu-west-1.amazonaws.com%2Fid%2F9F2F408FCB1E861F5BB276137DEF055D%3Asub%22%3A%22system%3Aserviceaccount%3Akube-system%3Aelastic-agent%22%7D%7D%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTECWIS535V\",\"RoleName\":\"romulo-eks-test\"},\"id\":[\"arn:aws:iam::704479110758:role/romulo-eks-test\",\"AROA2IBR2EZTECWIS535V\"],\"name\":\"romulo-eks-test\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"raw\":{\"RoleName\":\"romulo-test-secret\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"RoleLastUsed\":null,\"Path\":\"/\",\"CreateDate\":\"2023-12-01T15:35:33Z\",\"RoleId\":\"AROA2IBR2EZTOD2VZHNQK\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/romulo-test-secret\"},\"id\":[\"arn:aws:iam::704479110758:role/romulo-test-secret\",\"AROA2IBR2EZTOD2VZHNQK\"],\"name\":\"romulo-test-secret\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/romulo-test-secret\",\"AROA2IBR2EZTOD2VZHNQK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/romulo-test-secret\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTC3WZGDAVE\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/s3_to_sqs_role\",\"CreateDate\":\"2024-10-30T12:23:24Z\",\"Path\":\"/\",\"PermissionsBoundary\":null,\"RoleName\":\"s3_to_sqs_role\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22s3.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/s3_to_sqs_role\",\"AROA2IBR2EZTC3WZGDAVE\"],\"name\":\"s3_to_sqs_role\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/s3_to_sqs_role\",\"AROA2IBR2EZTC3WZGDAVE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/s3_to_sqs_role\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/cross_account/secops\",\"AROA2IBR2EZTFF6FDHUAM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cross_account/secops\":{\"category\":\"identity\",\"type\":\"role\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTFF6FDHUAM\",\"RoleName\":\"secops\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22AssumeRoleFromEcsecuritySecops%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A284141849446%3Arole%2Fsaml%2Fsaml_cloud_seceng%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/cross_account/secops\",\"Path\":\"/cross_account/\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2024-07-10T16:58:02Z\"},\"id\":[\"arn:aws:iam::704479110758:role/cross_account/secops\",\"AROA2IBR2EZTFF6FDHUAM\"],\"name\":\"secops\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/security-audit\",\"AROA2IBR2EZTFCAUHQVD7\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/security-audit\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleLastUsed\":null,\"CreateDate\":\"2023-02-21T10:20:28Z\",\"RoleId\":\"AROA2IBR2EZTFCAUHQVD7\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22%2A%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/security-audit\",\"Path\":\"/\",\"RoleName\":\"security-audit\",\"Description\":\"\"},\"id\":[\"arn:aws:iam::704479110758:role/security-audit\",\"AROA2IBR2EZTFCAUHQVD7\"],\"name\":\"security-audit\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/serverlessrepo-tin-cdr-de-ApplicationElasticServerl-dZR6zL0oQpdU\",\"AROA2IBR2EZTMTCTI5BAV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/serverlessrepo-tin-cdr-de-ApplicationElasticServerl-dZR6zL0oQpdU\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/serverlessrepo-tin-cdr-de-ApplicationElasticServerl-dZR6zL0oQpdU\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTMTCTI5BAV\",\"RoleName\":\"serverlessrepo-tin-cdr-de-ApplicationElasticServerl-dZR6zL0oQpdU\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"CreateDate\":\"2024-10-23T22:05:15Z\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/serverlessrepo-tin-cdr-de-ApplicationElasticServerl-dZR6zL0oQpdU\",\"AROA2IBR2EZTMTCTI5BAV\"],\"name\":\"serverlessrepo-tin-cdr-de-ApplicationElasticServerl-dZR6zL0oQpdU\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/serverlessrepo-tin-cdr-de-MacroElasticServerlessFor-fTcq6OrLFaFm\",\"AROA2IBR2EZTFARPXIU35\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/serverlessrepo-tin-cdr-de-MacroElasticServerlessFor-fTcq6OrLFaFm\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/serverlessrepo-tin-cdr-de-MacroElasticServerlessFor-fTcq6OrLFaFm\",\"CreateDate\":\"2024-10-23T22:04:39Z\",\"RoleId\":\"AROA2IBR2EZTFARPXIU35\",\"RoleName\":\"serverlessrepo-tin-cdr-de-MacroElasticServerlessFor-fTcq6OrLFaFm\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/serverlessrepo-tin-cdr-de-MacroElasticServerlessFor-fTcq6OrLFaFm\",\"AROA2IBR2EZTFARPXIU35\"],\"name\":\"serverlessrepo-tin-cdr-de-MacroElasticServerlessFor-fTcq6OrLFaFm\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/SNSFailureFeedback\",\"AROA2IBR2EZTDSYGD6EAL\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/SNSFailureFeedback\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/SNSFailureFeedback\",\"RoleId\":\"AROA2IBR2EZTDSYGD6EAL\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22sns.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2021-06-24T17:05:49Z\",\"Path\":\"/\",\"RoleName\":\"SNSFailureFeedback\",\"Description\":null,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/SNSFailureFeedback\",\"AROA2IBR2EZTDSYGD6EAL\"],\"name\":\"SNSFailureFeedback\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/SNSSuccessFeedback\",\"AROA2IBR2EZTBBRUQ5PNW\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/SNSSuccessFeedback\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/SNSSuccessFeedback\",\"RoleName\":\"SNSSuccessFeedback\",\"RoleId\":\"AROA2IBR2EZTBBRUQ5PNW\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22sns.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"CreateDate\":\"2021-06-24T17:05:49Z\",\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:role/SNSSuccessFeedback\",\"AROA2IBR2EZTBBRUQ5PNW\"],\"name\":\"SNSSuccessFeedback\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/cross_account/sre\",\"AROA2IBR2EZTGFVRFNHIG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/cross_account/sre\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/cross_account/sre\",\"RoleId\":\"AROA2IBR2EZTGFVRFNHIG\",\"Description\":\"\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2024-07-10T16:58:02Z\",\"Path\":\"/cross_account/\",\"RoleName\":\"sre\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22AssumeRoleFromEcsecuritySre%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A284141849446%3Arole%2Fsaml%2Fsaml_cloud_sre%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/cross_account/sre\",\"AROA2IBR2EZTGFVRFNHIG\"],\"name\":\"sre\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/StackSet-entro-security-a8-EntroLambdaExecutionRole-BDxER6v2UNDr\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/StackSet-entro-security-a8-EntroLambdaExecutionRole-BDxER6v2UNDr\",\"AROA2IBR2EZTK3KIWUCEC\"],\"name\":\"StackSet-entro-security-a8-EntroLambdaExecutionRole-BDxER6v2UNDr\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleId\":\"AROA2IBR2EZTK3KIWUCEC\",\"RoleName\":\"StackSet-entro-security-a8-EntroLambdaExecutionRole-BDxER6v2UNDr\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Tags\":null,\"CreateDate\":\"2024-09-04T13:09:20Z\",\"Path\":\"/\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/StackSet-entro-security-a8-EntroLambdaExecutionRole-BDxER6v2UNDr\",\"Description\":\"\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/StackSet-entro-security-a8-EntroLambdaExecutionRole-BDxER6v2UNDr\",\"AROA2IBR2EZTK3KIWUCEC\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/stacksets-exec-bc5e26f0f3c7ebe9bacf6a476b7d763b\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/stacksets-exec-bc5e26f0f3c7ebe9bacf6a476b7d763b\",\"AROA2IBR2EZTFZRDCUOWU\"],\"name\":\"stacksets-exec-bc5e26f0f3c7ebe9bacf6a476b7d763b\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/stacksets-exec-bc5e26f0f3c7ebe9bacf6a476b7d763b\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTFZRDCUOWU\",\"RoleName\":\"stacksets-exec-bc5e26f0f3c7ebe9bacf6a476b7d763b\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"CreateDate\":\"2024-01-22T22:35:09Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Id%22%3A%22stacksets-exec-bc5e26f0f3c7ebe9bacf6a476b7d763b-assume-role-policy%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%221%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A773216979769%3Arole%2Faws-service-role%2Fstacksets.cloudformation.amazonaws.com%2FAWSServiceRoleForCloudFormationStackSetsOrgAdmin%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"Role created by AWSCloudFormation StackSets\",\"PermissionsBoundary\":null}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/stacksets-exec-bc5e26f0f3c7ebe9bacf6a476b7d763b\",\"AROA2IBR2EZTFZRDCUOWU\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/test-env-ci-tf-1-eks-node-group-20230529065013143600000008\",\"AROA2IBR2EZTJMKNIPBXG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/test-env-ci-tf-1-eks-node-group-20230529065013143600000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/test-env-ci-tf-1-eks-node-group-20230529065013143600000008\",\"AROA2IBR2EZTJMKNIPBXG\"],\"name\":\"test-env-ci-tf-1-eks-node-group-20230529065013143600000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/test-env-ci-tf-1-eks-node-group-20230529065013143600000008\",\"CreateDate\":\"2023-05-29T06:50:13Z\",\"RoleName\":\"test-env-ci-tf-1-eks-node-group-20230529065013143600000008\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTJMKNIPBXG\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/test-env-ci-tf-1-eks-node-group-20230620162417596700000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"Description\":\"EKS managed node group IAM role\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/test-env-ci-tf-1-eks-node-group-20230620162417596700000008\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTHLXYCF2CY\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"CreateDate\":\"2023-06-20T16:24:17Z\",\"RoleName\":\"test-env-ci-tf-1-eks-node-group-20230620162417596700000008\",\"MaxSessionDuration\":3600},\"id\":[\"arn:aws:iam::704479110758:role/test-env-ci-tf-1-eks-node-group-20230620162417596700000008\",\"AROA2IBR2EZTHLXYCF2CY\"],\"name\":\"test-env-ci-tf-1-eks-node-group-20230620162417596700000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/test-env-ci-tf-1-eks-node-group-20230620162417596700000008\",\"AROA2IBR2EZTHLXYCF2CY\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/test-env-ci-tf-cluster-20230529064957169900000001\",\"AROA2IBR2EZTOIURTEAPP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/test-env-ci-tf-cluster-20230529064957169900000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2023-05-29T06:49:57Z\",\"RoleId\":\"AROA2IBR2EZTOIURTEAPP\",\"RoleName\":\"test-env-ci-tf-cluster-20230529064957169900000001\",\"Description\":null,\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/test-env-ci-tf-cluster-20230529064957169900000001\",\"Path\":\"/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/test-env-ci-tf-cluster-20230529064957169900000001\",\"AROA2IBR2EZTOIURTEAPP\"],\"name\":\"test-env-ci-tf-cluster-20230529064957169900000001\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/test-env-ci-tf-cluster-20230620162402964000000001\",\"AROA2IBR2EZTHZB37MBTP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/test-env-ci-tf-cluster-20230620162402964000000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"PermissionsBoundary\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/test-env-ci-tf-cluster-20230620162402964000000001\",\"CreateDate\":\"2023-06-20T16:24:03Z\",\"Path\":\"/\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTHZB37MBTP\",\"RoleName\":\"test-env-ci-tf-cluster-20230620162402964000000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\"},\"id\":[\"arn:aws:iam::704479110758:role/test-env-ci-tf-cluster-20230620162402964000000001\",\"AROA2IBR2EZTHZB37MBTP\"],\"name\":\"test-env-ci-tf-cluster-20230620162402964000000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/test-function-gtback-role-alv2bm2q\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Description\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/test-function-gtback-role-alv2bm2q\",\"CreateDate\":\"2022-04-18T22:33:49Z\",\"RoleId\":\"AROA2IBR2EZTBWJOEG6JP\",\"RoleName\":\"test-function-gtback-role-alv2bm2q\",\"RoleLastUsed\":null,\"Path\":\"/service-role/\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/test-function-gtback-role-alv2bm2q\",\"AROA2IBR2EZTBWJOEG6JP\"],\"name\":\"test-function-gtback-role-alv2bm2q\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/test-function-gtback-role-alv2bm2q\",\"AROA2IBR2EZTBWJOEG6JP\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/test-lambda-role-ql4sh9fe\",\"AROA2IBR2EZTO5ZH4EBSN\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/test-lambda-role-ql4sh9fe\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/service-role/test-lambda-role-ql4sh9fe\",\"CreateDate\":\"2021-03-29T16:08:25Z\",\"Path\":\"/service-role/\",\"RoleName\":\"test-lambda-role-ql4sh9fe\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTO5ZH4EBSN\",\"PermissionsBoundary\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/test-lambda-role-ql4sh9fe\",\"AROA2IBR2EZTO5ZH4EBSN\"],\"name\":\"test-lambda-role-ql4sh9fe\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/test-role-6b19xvkv\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/service-role/test-role-6b19xvkv\",\"CreateDate\":\"2021-03-08T08:35:50Z\",\"RoleName\":\"test-role-6b19xvkv\",\"Description\":null,\"Tags\":null,\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTJOJJLSKQW\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/test-role-6b19xvkv\",\"AROA2IBR2EZTJOJJLSKQW\"],\"name\":\"test-role-6b19xvkv\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/test-role-6b19xvkv\",\"AROA2IBR2EZTJOJJLSKQW\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/TestAws\",\"AROA2IBR2EZTNJWHWKJLD\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/TestAws\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTNJWHWKJLD\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22cloudtrail.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/TestAws\",\"CreateDate\":\"2023-03-26T13:17:14Z\",\"RoleName\":\"TestAws\",\"Description\":null,\"RoleLastUsed\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/service-role/TestAws\",\"AROA2IBR2EZTNJWHWKJLD\"],\"name\":\"TestAws\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"RoleName\":\"TestAwsManagementEvents\",\"Description\":null,\"MaxSessionDuration\":3600,\"Path\":\"/service-role/\",\"RoleId\":\"AROA2IBR2EZTHI2YV5PJ2\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22cloudtrail.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/service-role/TestAwsManagementEvents\",\"CreateDate\":\"2023-03-26T11:46:21Z\"},\"id\":[\"arn:aws:iam::704479110758:role/service-role/TestAwsManagementEvents\",\"AROA2IBR2EZTHI2YV5PJ2\"],\"name\":\"TestAwsManagementEvents\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/service-role/TestAwsManagementEvents\",\"AROA2IBR2EZTHI2YV5PJ2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/service-role/TestAwsManagementEvents\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/tin-aws-demo-role\",\"AROA2IBR2EZTIR7X6FLRM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/tin-aws-demo-role\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"name\":\"tin-aws-demo-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2024-10-15T21:42:22Z\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"RoleLastUsed\":null,\"Tags\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/tin-aws-demo-role\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTIR7X6FLRM\",\"RoleName\":\"tin-aws-demo-role\",\"Description\":\"Allows EC2 instances to call AWS services on your behalf.\"},\"id\":[\"arn:aws:iam::704479110758:role/tin-aws-demo-role\",\"AROA2IBR2EZTIR7X6FLRM\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:iam::704479110758:role/tin-cdr-demo-cnvm-deploy-ElasticAgentRole-0vsrDWfpBeyU\",\"AROA2IBR2EZTAJEBWD7P5\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/tin-cdr-demo-cnvm-deploy-ElasticAgentRole-0vsrDWfpBeyU\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"raw\":{\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"RoleId\":\"AROA2IBR2EZTAJEBWD7P5\",\"Description\":\"\",\"Path\":\"/\",\"RoleName\":\"tin-cdr-demo-cnvm-deploy-ElasticAgentRole-0vsrDWfpBeyU\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/tin-cdr-demo-cnvm-deploy-ElasticAgentRole-0vsrDWfpBeyU\",\"CreateDate\":\"2024-10-24T00:53:35Z\"},\"id\":[\"arn:aws:iam::704479110758:role/tin-cdr-demo-cnvm-deploy-ElasticAgentRole-0vsrDWfpBeyU\",\"AROA2IBR2EZTAJEBWD7P5\"],\"name\":\"tin-cdr-demo-cnvm-deploy-ElasticAgentRole-0vsrDWfpBeyU\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/tins-dd-role-name\",\"AROA2IBR2EZTNPMPYSNTK\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:role/tins-dd-role-name\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTNPMPYSNTK\",\"Description\":\"using this to test data-dog-cloud-siem\",\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2024-01-26T23:26:56Z\",\"RoleName\":\"tins-dd-role-name\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%22arn%3Aaws%3Aiam%3A%3A464622532012%3Aroot%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%22StringEquals%22%3A%7B%22sts%3AExternalId%22%3A%22d8eb8e95309e4f29ad02845c1b93d014%22%7D%7D%7D%5D%7D\",\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/tins-dd-role-name\"},\"id\":[\"arn:aws:iam::704479110758:role/tins-dd-role-name\",\"AROA2IBR2EZTNPMPYSNTK\"],\"name\":\"tins-dd-role-name\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"CreateDate\":\"2022-01-31T23:20:01Z\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22vpc-flow-logs.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"Arn\":\"arn:aws:iam::704479110758:role/vpc-flow-log-role-20220131232001238100000003\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTK4EKIZVQZ\",\"RoleName\":\"vpc-flow-log-role-20220131232001238100000003\"},\"id\":[\"arn:aws:iam::704479110758:role/vpc-flow-log-role-20220131232001238100000003\",\"AROA2IBR2EZTK4EKIZVQZ\"],\"name\":\"vpc-flow-log-role-20220131232001238100000003\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/vpc-flow-log-role-20220131232001238100000003\",\"AROA2IBR2EZTK4EKIZVQZ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/vpc-flow-log-role-20220131232001238100000003\":{\"category\":\"identity\",\"type\":\"role\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:role/yarden-810-bc1-1-eks-node-group-20230822115543812700000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"tags\":null,\"raw\":{\"RoleName\":\"yarden-810-bc1-1-eks-node-group-20230822115543812700000008\",\"RoleLastUsed\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"Arn\":\"arn:aws:iam::704479110758:role/yarden-810-bc1-1-eks-node-group-20230822115543812700000008\",\"CreateDate\":\"2023-08-22T11:55:43Z\",\"Path\":\"/\",\"RoleId\":\"AROA2IBR2EZTIX254LQ5M\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":\"EKS managed node group IAM role\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:role/yarden-810-bc1-1-eks-node-group-20230822115543812700000008\",\"AROA2IBR2EZTIX254LQ5M\"],\"name\":\"yarden-810-bc1-1-eks-node-group-20230822115543812700000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/yarden-810-bc1-1-eks-node-group-20230822115543812700000008\",\"AROA2IBR2EZTIX254LQ5M\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/yarden-810-bc1-cluster-20230822115527462200000001\",\"AROA2IBR2EZTBH6XYZGVP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/yarden-810-bc1-cluster-20230822115527462200000001\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:role/yarden-810-bc1-cluster-20230822115527462200000001\",\"AROA2IBR2EZTBH6XYZGVP\"],\"name\":\"yarden-810-bc1-cluster-20230822115527462200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"RoleLastUsed\":null,\"Arn\":\"arn:aws:iam::704479110758:role/yarden-810-bc1-cluster-20230822115527462200000001\",\"Path\":\"/\",\"RoleName\":\"yarden-810-bc1-cluster-20230822115527462200000001\",\"PermissionsBoundary\":null,\"Tags\":null,\"CreateDate\":\"2023-08-22T11:55:27Z\",\"RoleId\":\"AROA2IBR2EZTBH6XYZGVP\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/yarden-qa-810-bc1-1-eks-node-group-20230822104410377500000008\",\"AROA2IBR2EZTH3GJPYFAG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/yarden-qa-810-bc1-1-eks-node-group-20230822104410377500000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"RoleName\":\"yarden-qa-810-bc1-1-eks-node-group-20230822104410377500000008\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-08-22T10:44:10Z\",\"RoleId\":\"AROA2IBR2EZTH3GJPYFAG\",\"Description\":\"EKS managed node group IAM role\",\"Arn\":\"arn:aws:iam::704479110758:role/yarden-qa-810-bc1-1-eks-node-group-20230822104410377500000008\"},\"id\":[\"arn:aws:iam::704479110758:role/yarden-qa-810-bc1-1-eks-node-group-20230822104410377500000008\",\"AROA2IBR2EZTH3GJPYFAG\"],\"name\":\"yarden-qa-810-bc1-1-eks-node-group-20230822104410377500000008\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/yarden-qa-810-bc1-cluster-20230822104354086400000001\",\"AROA2IBR2EZTACT3BTCNB\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/yarden-qa-810-bc1-cluster-20230822104354086400000001\":{\"type\":\"role\",\"category\":\"identity\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:role/yarden-qa-810-bc1-cluster-20230822104354086400000001\",\"RoleId\":\"AROA2IBR2EZTACT3BTCNB\",\"RoleLastUsed\":null,\"Tags\":null,\"CreateDate\":\"2023-08-22T10:43:54Z\",\"Path\":\"/\",\"RoleName\":\"yarden-qa-810-bc1-cluster-20230822104354086400000001\",\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSClusterAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22eks.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"Description\":null,\"MaxSessionDuration\":3600,\"PermissionsBoundary\":null},\"id\":[\"arn:aws:iam::704479110758:role/yarden-qa-810-bc1-cluster-20230822104354086400000001\",\"AROA2IBR2EZTACT3BTCNB\"],\"name\":\"yarden-qa-810-bc1-cluster-20230822104354086400000001\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"name\":\"yarden-qa-890-1-eks-node-group-20230716100204096900000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"role\",\"sub_type\":\"iam-role\",\"tags\":null,\"raw\":{\"AssumeRolePolicyDocument\":\"%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22EKSNodeAssumeRole%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D\",\"PermissionsBoundary\":null,\"RoleLastUsed\":null,\"RoleId\":\"AROA2IBR2EZTAMFWR6NR6\",\"RoleName\":\"yarden-qa-890-1-eks-node-group-20230716100204096900000008\",\"Path\":\"/\",\"Description\":\"EKS managed node group IAM role\",\"MaxSessionDuration\":3600,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:role/yarden-qa-890-1-eks-node-group-20230716100204096900000008\",\"CreateDate\":\"2023-07-16T10:02:04Z\"},\"id\":[\"arn:aws:iam::704479110758:role/yarden-qa-890-1-eks-node-group-20230716100204096900000008\",\"AROA2IBR2EZTAMFWR6NR6\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:role/yarden-qa-890-1-eks-node-group-20230716100204096900000008\",\"AROA2IBR2EZTAMFWR6NR6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:role/yarden-qa-890-1-eks-node-group-20230716100204096900000008\":{\"category\":\"identity\",\"type\":\"role\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-enc-disabled\",\"test-aws-db-enc-disabled\"],\"entity.metadata\":{\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-enc-disabled\":{\"category\":\"infrastructure\",\"type\":\"relational\"}},\"asset\":{\"name\":\"test-aws-db-enc-disabled\",\"category\":\"infrastructure\",\"sub_category\":\"database\",\"type\":\"relational\",\"sub_type\":\"rds-instance\",\"tags\":null,\"raw\":{\"arn\":\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-enc-disabled\",\"storage_encrypted\":false,\"auto_minor_version_upgrade\":false,\"publicly_accessible\":false,\"subnets\":[{\"ID\":\"subnet-1758805b\",\"RouteTable\":{\"ID\":\"rtb-aafdcdc2\",\"Routes\":[{\"DestinationCidrBlock\":\"172.31.0.0/16\",\"GatewayId\":\"local\"},{\"DestinationCidrBlock\":\"0.0.0.0/0\",\"GatewayId\":\"igw-b2fc12da\"}]}},{\"ID\":\"subnet-44ef7a3e\",\"RouteTable\":{\"ID\":\"rtb-aafdcdc2\",\"Routes\":[{\"DestinationCidrBlock\":\"172.31.0.0/16\",\"GatewayId\":\"local\"},{\"DestinationCidrBlock\":\"0.0.0.0/0\",\"GatewayId\":\"igw-b2fc12da\"}]}},{\"RouteTable\":{\"ID\":\"rtb-aafdcdc2\",\"Routes\":[{\"DestinationCidrBlock\":\"172.31.0.0/16\",\"GatewayId\":\"local\"},{\"GatewayId\":\"igw-b2fc12da\",\"DestinationCidrBlock\":\"0.0.0.0/0\"}]},\"ID\":\"subnet-566d243f\"}],\"identifier\":\"test-aws-db-enc-disabled\"},\"id\":[\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-enc-disabled\",\"test-aws-db-enc-disabled\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"RDS\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-no-public-access-allowed-pass\",\"test-aws-db-no-public-access-allowed-pass\"],\"entity.metadata\":{\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-no-public-access-allowed-pass\":{\"category\":\"infrastructure\",\"type\":\"relational\"}},\"asset\":{\"type\":\"relational\",\"sub_type\":\"rds-instance\",\"tags\":null,\"raw\":{\"identifier\":\"test-aws-db-no-public-access-allowed-pass\",\"arn\":\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-no-public-access-allowed-pass\",\"storage_encrypted\":true,\"auto_minor_version_upgrade\":true,\"publicly_accessible\":false,\"subnets\":[{\"ID\":\"subnet-1758805b\",\"RouteTable\":{\"ID\":\"rtb-aafdcdc2\",\"Routes\":[{\"DestinationCidrBlock\":\"172.31.0.0/16\",\"GatewayId\":\"local\"},{\"DestinationCidrBlock\":\"0.0.0.0/0\",\"GatewayId\":\"igw-b2fc12da\"}]}},{\"ID\":\"subnet-44ef7a3e\",\"RouteTable\":{\"ID\":\"rtb-aafdcdc2\",\"Routes\":[{\"DestinationCidrBlock\":\"172.31.0.0/16\",\"GatewayId\":\"local\"},{\"DestinationCidrBlock\":\"0.0.0.0/0\",\"GatewayId\":\"igw-b2fc12da\"}]}},{\"ID\":\"subnet-566d243f\",\"RouteTable\":{\"ID\":\"rtb-aafdcdc2\",\"Routes\":[{\"DestinationCidrBlock\":\"172.31.0.0/16\",\"GatewayId\":\"local\"},{\"DestinationCidrBlock\":\"0.0.0.0/0\",\"GatewayId\":\"igw-b2fc12da\"}]}}]},\"id\":[\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-no-public-access-allowed-pass\",\"test-aws-db-no-public-access-allowed-pass\"],\"name\":\"test-aws-db-no-public-access-allowed-pass\",\"category\":\"infrastructure\",\"sub_category\":\"database\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"RDS\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"RDS\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-public-access-on-fail\",\"test-aws-db-public-access-on-fail\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-public-access-on-fail\":{\"category\":\"infrastructure\",\"type\":\"relational\"}},\"asset\":{\"id\":[\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-public-access-on-fail\",\"test-aws-db-public-access-on-fail\"],\"name\":\"test-aws-db-public-access-on-fail\",\"category\":\"infrastructure\",\"sub_category\":\"database\",\"type\":\"relational\",\"sub_type\":\"rds-instance\",\"tags\":null,\"raw\":{\"publicly_accessible\":true,\"subnets\":[{\"ID\":\"subnet-1758805b\",\"RouteTable\":{\"ID\":\"rtb-aafdcdc2\",\"Routes\":[{\"GatewayId\":\"local\",\"DestinationCidrBlock\":\"172.31.0.0/16\"},{\"DestinationCidrBlock\":\"0.0.0.0/0\",\"GatewayId\":\"igw-b2fc12da\"}]}},{\"ID\":\"subnet-44ef7a3e\",\"RouteTable\":{\"ID\":\"rtb-aafdcdc2\",\"Routes\":[{\"GatewayId\":\"local\",\"DestinationCidrBlock\":\"172.31.0.0/16\"},{\"DestinationCidrBlock\":\"0.0.0.0/0\",\"GatewayId\":\"igw-b2fc12da\"}]}},{\"ID\":\"subnet-566d243f\",\"RouteTable\":{\"ID\":\"rtb-aafdcdc2\",\"Routes\":[{\"DestinationCidrBlock\":\"172.31.0.0/16\",\"GatewayId\":\"local\"},{\"DestinationCidrBlock\":\"0.0.0.0/0\",\"GatewayId\":\"igw-b2fc12da\"}]}}],\"identifier\":\"test-aws-db-public-access-on-fail\",\"arn\":\"arn:aws:rds:eu-west-2:704479110758:db:test-aws-db-public-access-on-fail\",\"storage_encrypted\":true,\"auto_minor_version_upgrade\":true}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0122f4480c4c979d3\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"raw\":{\"nat_gateway\":{\"CreateTime\":\"2023-01-11T10:04:45Z\",\"DeleteTime\":null,\"FailureCode\":null,\"NatGatewayAddresses\":[{\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-0824a530263ae8402\",\"PrivateIp\":\"10.0.4.27\",\"PublicIp\":\"52.16.62.255\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-0f7697093ac7e5a01\",\"AssociationId\":\"eipassoc-0ebd9ed0399961e53\",\"FailureMessage\":null}],\"NatGatewayId\":\"nat-0122f4480c4c979d3\",\"ProvisionedBandwidth\":null,\"SubnetId\":\"subnet-0a5b112f21481c793\",\"ConnectivityType\":\"public\",\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-5jA-vpc-eu-west-1a\"}],\"FailureMessage\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0122f4480c4c979d3\",\"nat-0122f4480c4c979d3\"],\"name\":\"nat-0122f4480c4c979d3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"network_interface_ids\":[\"eni-0824a530263ae8402\"],\"subnet_ids\":[\"subnet-0a5b112f21481c793\"],\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0122f4480c4c979d3\",\"nat-0122f4480c4c979d3\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0c75e70cbdb367a75\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"tags\":null,\"raw\":{\"nat_gateway\":{\"NatGatewayId\":\"nat-0c75e70cbdb367a75\",\"ProvisionedBandwidth\":null,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-vpc-eu-west-1a\"}],\"ConnectivityType\":\"public\",\"DeleteTime\":null,\"FailureMessage\":null,\"NatGatewayAddresses\":[{\"AllocationId\":\"eipalloc-0dd9c6e0fa790b0c5\",\"AssociationId\":\"eipassoc-0b3c09123430bd588\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-03f1f0a6b894aaeb4\",\"PrivateIp\":\"10.0.4.73\",\"PublicIp\":\"54.78.93.158\",\"Status\":\"succeeded\"}],\"VpcId\":\"vpc-0bf78569aaae50b84\",\"CreateTime\":\"2023-05-02T22:26:08Z\",\"FailureCode\":null,\"State\":\"available\",\"SubnetId\":\"subnet-059a72f44f27a917a\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0c75e70cbdb367a75\",\"nat-0c75e70cbdb367a75\"],\"name\":\"nat-0c75e70cbdb367a75\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"network_interface_ids\":[\"eni-03f1f0a6b894aaeb4\"],\"subnet_ids\":[\"subnet-059a72f44f27a917a\"],\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0c75e70cbdb367a75\",\"nat-0c75e70cbdb367a75\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"network_interface_ids\":[\"eni-039ed5d841f8a66aa\"],\"subnet_ids\":[\"subnet-070b0039edbb3ea35\"],\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0a8989f16ee513965\",\"nat-0a8989f16ee513965\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0a8989f16ee513965\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"type\":\"gateway\",\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"DeleteTime\":null,\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-vpc-eu-west-1a\"}],\"NatGatewayId\":\"nat-0a8989f16ee513965\",\"ProvisionedBandwidth\":null,\"SubnetId\":\"subnet-070b0039edbb3ea35\",\"ConnectivityType\":\"public\",\"CreateTime\":\"2024-04-04T15:02:22Z\",\"FailureCode\":null,\"FailureMessage\":null,\"NatGatewayAddresses\":[{\"NetworkInterfaceId\":\"eni-039ed5d841f8a66aa\",\"PrivateIp\":\"10.0.4.200\",\"PublicIp\":\"52.208.134.157\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-05ee73c71c88d2ba5\",\"AssociationId\":\"eipassoc-0f2a8c1cc6e587cfa\",\"FailureMessage\":null,\"IsPrimary\":true}],\"VpcId\":\"vpc-0096efe3aab3734db\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0a8989f16ee513965\",\"nat-0a8989f16ee513965\"],\"name\":\"nat-0a8989f16ee513965\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-02b309ab226fb5db5\",\"nat-02b309ab226fb5db5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-02b309ab226fb5db5\":{\"type\":\"gateway\",\"category\":\"infrastructure\"}},\"asset\":{\"type\":\"gateway\",\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"FailureCode\":null,\"FailureMessage\":null,\"ProvisionedBandwidth\":null,\"State\":\"available\",\"SubnetId\":\"subnet-022a228119cb5b519\",\"ConnectivityType\":\"public\",\"CreateTime\":\"2022-12-26T07:55:47Z\",\"DeleteTime\":null,\"NatGatewayAddresses\":[{\"AssociationId\":\"eipassoc-0276d128df170990f\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-0afd4d06430ccbead\",\"PrivateIp\":\"10.0.4.215\",\"PublicIp\":\"52.215.76.74\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-0f2b0fe764447f12a\"}],\"NatGatewayId\":\"nat-02b309ab226fb5db5\",\"Tags\":[{\"Value\":\"cloudbeat-tf-pEN-vpc-eu-west-1a\",\"Key\":\"Name\"}],\"VpcId\":\"vpc-04ece708af6c9b689\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-02b309ab226fb5db5\",\"nat-02b309ab226fb5db5\"],\"name\":\"nat-02b309ab226fb5db5\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"network_interface_ids\":[\"eni-0afd4d06430ccbead\"],\"subnet_ids\":[\"subnet-022a228119cb5b519\"],\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-09440a5d45d029b0a\",\"nat-09440a5d45d029b0a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-09440a5d45d029b0a\":{\"type\":\"gateway\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"NatGatewayAddresses\":[{\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-0e042fe93429eed8b\",\"PrivateIp\":\"10.0.4.95\",\"PublicIp\":\"52.211.145.98\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-00bece890dc4b67ce\",\"AssociationId\":\"eipassoc-05825d518c72cd592\",\"FailureMessage\":null}],\"NatGatewayId\":\"nat-09440a5d45d029b0a\",\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"amir-env-vpc-eu-west-1a\"}],\"CreateTime\":\"2023-06-28T07:31:39Z\",\"DeleteTime\":null,\"FailureMessage\":null,\"SubnetId\":\"subnet-0d369ee4ec7b9c3a7\",\"VpcId\":\"vpc-061fc9c22f73c7d3e\",\"ConnectivityType\":\"public\",\"FailureCode\":null,\"ProvisionedBandwidth\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-09440a5d45d029b0a\",\"nat-09440a5d45d029b0a\"],\"name\":\"nat-09440a5d45d029b0a\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"network_interface_ids\":[\"eni-0e042fe93429eed8b\"],\"subnet_ids\":[\"subnet-0d369ee4ec7b9c3a7\"],\"vpc_ids\":[\"vpc-061fc9c22f73c7d3e\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0de20130ce9fca08b\",\"nat-0de20130ce9fca08b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0de20130ce9fca08b\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"raw\":{\"nat_gateway\":{\"NatGatewayAddresses\":[{\"PrivateIp\":\"10.0.4.197\",\"PublicIp\":\"99.80.103.100\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-00ce67f94d22b0b08\",\"AssociationId\":\"eipassoc-0e3c7cda65f6882d1\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-024cb66ae0788dd46\"}],\"State\":\"available\",\"VpcId\":\"vpc-096d5aaf84103883c\",\"ConnectivityType\":\"public\",\"CreateTime\":\"2023-11-23T17:58:03Z\",\"FailureCode\":null,\"FailureMessage\":null,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"long-running-project-vpc-eu-west-1a\"}],\"DeleteTime\":null,\"NatGatewayId\":\"nat-0de20130ce9fca08b\",\"ProvisionedBandwidth\":null,\"SubnetId\":\"subnet-0db44e7206e0bf6e7\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0de20130ce9fca08b\",\"nat-0de20130ce9fca08b\"],\"name\":\"nat-0de20130ce9fca08b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"network_interface_ids\":[\"eni-024cb66ae0788dd46\"],\"subnet_ids\":[\"subnet-0db44e7206e0bf6e7\"],\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-053ccb24cf8d0446b\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"name\":\"nat-053ccb24cf8d0446b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kuba-logs-vpc-eu-west-1a\"}],\"VpcId\":\"vpc-08d87433815da7907\",\"ConnectivityType\":\"public\",\"CreateTime\":\"2024-11-19T12:52:13Z\",\"FailureMessage\":null,\"ProvisionedBandwidth\":null,\"SubnetId\":\"subnet-0799634ae05f2b209\",\"DeleteTime\":null,\"FailureCode\":null,\"NatGatewayAddresses\":[{\"NetworkInterfaceId\":\"eni-09478e7e8fecb3c92\",\"PrivateIp\":\"10.0.4.163\",\"PublicIp\":\"52.19.64.102\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-078392c9acca7dbfe\",\"AssociationId\":\"eipassoc-0c175f20cf3384042\",\"FailureMessage\":null,\"IsPrimary\":true}],\"NatGatewayId\":\"nat-053ccb24cf8d0446b\",\"State\":\"available\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-053ccb24cf8d0446b\",\"nat-053ccb24cf8d0446b\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"network_interface_ids\":[\"eni-09478e7e8fecb3c92\"],\"subnet_ids\":[\"subnet-0799634ae05f2b209\"],\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-053ccb24cf8d0446b\",\"nat-053ccb24cf8d0446b\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0f7308d9249303ad3\",\"nat-0f7308d9249303ad3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0f7308d9249303ad3\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"tags\":null,\"raw\":{\"nat_gateway\":{\"DeleteTime\":null,\"FailureCode\":null,\"NatGatewayAddresses\":[{\"PrivateIp\":\"10.0.4.5\",\"PublicIp\":\"54.195.237.109\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-0658f5fc4383254f3\",\"AssociationId\":\"eipassoc-06ee92d3c7b2c8802\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-07cddecaece54d34b\"}],\"State\":\"available\",\"SubnetId\":\"subnet-02a6e1d1a76af1028\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"amir-env-vpc-eu-west-1a\"}],\"ConnectivityType\":\"public\",\"CreateTime\":\"2023-06-27T15:44:32Z\",\"VpcId\":\"vpc-06635215f51bfd343\",\"ProvisionedBandwidth\":null,\"FailureMessage\":null,\"NatGatewayId\":\"nat-0f7308d9249303ad3\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0f7308d9249303ad3\",\"nat-0f7308d9249303ad3\"],\"name\":\"nat-0f7308d9249303ad3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"network_interface_ids\":[\"eni-07cddecaece54d34b\"],\"subnet_ids\":[\"subnet-02a6e1d1a76af1028\"],\"vpc_ids\":[\"vpc-06635215f51bfd343\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0ee5c20c3c6b2e753\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"tags\":null,\"raw\":{\"nat_gateway\":{\"State\":\"available\",\"SubnetId\":\"subnet-03471f9d33d77b2d3\",\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"DeleteTime\":null,\"FailureMessage\":null,\"NatGatewayId\":\"nat-0ee5c20c3c6b2e753\",\"ProvisionedBandwidth\":null,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-vpc-eu-west-1a\"}],\"ConnectivityType\":\"public\",\"CreateTime\":\"2023-06-20T16:24:26Z\",\"FailureCode\":null,\"NatGatewayAddresses\":[{\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-0a82c3bec5c10159a\",\"AssociationId\":\"eipassoc-09209f9eed3ca2732\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-0201ef690bf3b1196\",\"PrivateIp\":\"10.0.4.219\",\"PublicIp\":\"34.251.141.222\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0ee5c20c3c6b2e753\",\"nat-0ee5c20c3c6b2e753\"],\"name\":\"nat-0ee5c20c3c6b2e753\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"network_interface_ids\":[\"eni-0201ef690bf3b1196\"],\"subnet_ids\":[\"subnet-03471f9d33d77b2d3\"],\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0ee5c20c3c6b2e753\",\"nat-0ee5c20c3c6b2e753\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.341Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-05d9084ea5f3ecb87\",\"nat-05d9084ea5f3ecb87\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-05d9084ea5f3ecb87\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"SubnetId\":\"subnet-015b984f7a5a99749\",\"DeleteTime\":null,\"FailureCode\":null,\"FailureMessage\":null,\"NatGatewayId\":\"nat-05d9084ea5f3ecb87\",\"ProvisionedBandwidth\":null,\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"dg-cis-vpc-eu-west-1a\"}],\"VpcId\":\"vpc-06b023d1fc8665055\",\"ConnectivityType\":\"public\",\"CreateTime\":\"2024-11-10T12:33:38Z\",\"NatGatewayAddresses\":[{\"PrivateIp\":\"10.0.4.164\",\"PublicIp\":\"54.72.251.18\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-06df7209b66e265f3\",\"AssociationId\":\"eipassoc-0abded1795c188f0e\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-0d08c6763c44d4258\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-05d9084ea5f3ecb87\",\"nat-05d9084ea5f3ecb87\"],\"name\":\"nat-05d9084ea5f3ecb87\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"network_interface_ids\":[\"eni-0d08c6763c44d4258\"],\"subnet_ids\":[\"subnet-015b984f7a5a99749\"],\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-011d114360045275b\",\"nat-011d114360045275b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-011d114360045275b\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"ProvisionedBandwidth\":null,\"SubnetId\":\"subnet-06cb2b521f07177a4\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-WWZ-vpc-eu-west-1a\"}],\"CreateTime\":\"2022-12-29T08:41:35Z\",\"DeleteTime\":null,\"FailureCode\":null,\"NatGatewayAddresses\":[{\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-023b7b137aa687a28\",\"AssociationId\":\"eipassoc-072df43c5ce284196\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-0540610d90c320baf\",\"PrivateIp\":\"10.0.4.18\",\"PublicIp\":\"54.228.205.121\"}],\"NatGatewayId\":\"nat-011d114360045275b\",\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"ConnectivityType\":\"public\",\"FailureMessage\":null,\"State\":\"available\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-011d114360045275b\",\"nat-011d114360045275b\"],\"name\":\"nat-011d114360045275b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"subnet_ids\":[\"subnet-06cb2b521f07177a4\"],\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"],\"network_interface_ids\":[\"eni-0540610d90c320baf\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0fb5c87f6e63ca90a\",\"nat-0fb5c87f6e63ca90a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0fb5c87f6e63ca90a\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-nsZ-vpc-eu-west-1a\"}],\"ConnectivityType\":\"public\",\"CreateTime\":\"2023-02-14T08:10:38Z\",\"FailureCode\":null,\"FailureMessage\":null,\"NatGatewayAddresses\":[{\"AllocationId\":\"eipalloc-070cc2eab27bc62d5\",\"AssociationId\":\"eipassoc-0d55d9719db6461a0\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-03a7d19de6f5d0f6f\",\"PrivateIp\":\"10.0.4.181\",\"PublicIp\":\"54.247.187.90\",\"Status\":\"succeeded\"}],\"NatGatewayId\":\"nat-0fb5c87f6e63ca90a\",\"ProvisionedBandwidth\":null,\"DeleteTime\":null,\"State\":\"available\",\"SubnetId\":\"subnet-03b066524255a77b4\",\"VpcId\":\"vpc-0a74788000c2f0013\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0fb5c87f6e63ca90a\",\"nat-0fb5c87f6e63ca90a\"],\"name\":\"nat-0fb5c87f6e63ca90a\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"network_interface_ids\":[\"eni-03a7d19de6f5d0f6f\"],\"subnet_ids\":[\"subnet-03b066524255a77b4\"],\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"network_interface_ids\":[\"eni-0b6ee1ff5f0e8fe09\"],\"subnet_ids\":[\"subnet-0d13fe1170a652ad1\"],\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-07b46485e7b915209\",\"nat-07b46485e7b915209\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-07b46485e7b915209\":{\"type\":\"gateway\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"VpcId\":\"vpc-00103fb710b9960ab\",\"ConnectivityType\":\"public\",\"State\":\"available\",\"FailureCode\":null,\"FailureMessage\":null,\"NatGatewayAddresses\":[{\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-05fe360277c426330\",\"AssociationId\":\"eipassoc-03f02a30afe4cbfff\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-0b6ee1ff5f0e8fe09\",\"PrivateIp\":\"10.0.4.97\",\"PublicIp\":\"54.72.250.129\"}],\"NatGatewayId\":\"nat-07b46485e7b915209\",\"ProvisionedBandwidth\":null,\"SubnetId\":\"subnet-0d13fe1170a652ad1\",\"CreateTime\":\"2024-05-30T13:30:52Z\",\"DeleteTime\":null,\"Tags\":[{\"Value\":\"benchmark-rules-vpc-eu-west-1a\",\"Key\":\"Name\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-07b46485e7b915209\",\"nat-07b46485e7b915209\"],\"name\":\"nat-07b46485e7b915209\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-03d0cff9718e7aeb2\"],\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"],\"network_interface_ids\":[\"eni-019781fa77e1fe6f4\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0c74aafd4043dffb2\",\"nat-0c74aafd4043dffb2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0c74aafd4043dffb2\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"ProvisionedBandwidth\":null,\"State\":\"available\",\"FailureCode\":null,\"FailureMessage\":null,\"NatGatewayId\":\"nat-0c74aafd4043dffb2\",\"NatGatewayAddresses\":[{\"PrivateIp\":\"10.0.4.17\",\"PublicIp\":\"52.210.91.99\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-0609d263a32ea51ea\",\"AssociationId\":\"eipassoc-0abc01463c287130f\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-019781fa77e1fe6f4\"}],\"SubnetId\":\"subnet-03d0cff9718e7aeb2\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-Gfp-vpc-eu-west-1a\"}],\"VpcId\":\"vpc-0de5d19ac894b58c9\",\"ConnectivityType\":\"public\",\"CreateTime\":\"2022-12-28T11:48:50Z\",\"DeleteTime\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:natgateway/nat-0c74aafd4043dffb2\",\"nat-0c74aafd4043dffb2\"],\"name\":\"nat-0c74aafd4043dffb2\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:natgateway/nat-0702e318745658a73\",\"nat-0702e318745658a73\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:natgateway/nat-0702e318745658a73\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"tags\":null,\"raw\":{\"nat_gateway\":{\"VpcId\":\"vpc-0400c449f7d20cd09\",\"ConnectivityType\":\"public\",\"FailureCode\":null,\"FailureMessage\":null,\"NatGatewayAddresses\":[{\"AllocationId\":\"eipalloc-053e7ba56114f716d\",\"AssociationId\":\"eipassoc-060f99d0f0fd265d2\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-0bda84b4002c32802\",\"PrivateIp\":\"10.0.4.211\",\"PublicIp\":\"3.6.101.145\",\"Status\":\"succeeded\"}],\"NatGatewayId\":\"nat-0702e318745658a73\",\"ProvisionedBandwidth\":null,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-ap-south-1a\"}],\"CreateTime\":\"2023-01-24T14:29:28Z\",\"DeleteTime\":null,\"State\":\"available\",\"SubnetId\":\"subnet-0477cccc31d37da62\"}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:natgateway/nat-0702e318745658a73\",\"nat-0702e318745658a73\"],\"name\":\"nat-0702e318745658a73\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\"},\"cloud\":{\"region\":\"ap-south-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"network_interface_ids\":[\"eni-0bda84b4002c32802\"],\"subnet_ids\":[\"subnet-0477cccc31d37da62\"],\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:natgateway/nat-0605952144a413cfb\",\"nat-0605952144a413cfb\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:natgateway/nat-0605952144a413cfb\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"FailureMessage\":null,\"NatGatewayId\":\"nat-0605952144a413cfb\",\"SubnetId\":\"subnet-014bc35788d91ba5e\",\"ConnectivityType\":\"public\",\"DeleteTime\":null,\"NatGatewayAddresses\":[{\"AssociationId\":\"eipassoc-0b455d955ddb2f03d\",\"FailureMessage\":null,\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-060e806bc8867dc28\",\"PrivateIp\":\"10.0.4.15\",\"PublicIp\":\"3.6.157.21\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-0133e0fb70a3bf4bf\"}],\"ProvisionedBandwidth\":null,\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-ap-south-1a\"}],\"VpcId\":\"vpc-0d34957e50abb854b\",\"CreateTime\":\"2023-01-25T19:25:48Z\",\"FailureCode\":null}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:natgateway/nat-0605952144a413cfb\",\"nat-0605952144a413cfb\"],\"name\":\"nat-0605952144a413cfb\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"],\"network_interface_ids\":[\"eni-060e806bc8867dc28\"],\"subnet_ids\":[\"subnet-014bc35788d91ba5e\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"network_interface_ids\":[\"eni-0c673073e0f387d6f\"],\"subnet_ids\":[\"subnet-0e40d676cc223ac12\"],\"vpc_ids\":[\"vpc-0180a1dc90512f144\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:natgateway/nat-0237508616dbe3a38\",\"nat-0237508616dbe3a38\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:natgateway/nat-0237508616dbe3a38\":{\"category\":\"infrastructure\",\"type\":\"gateway\"}},\"asset\":{\"name\":\"nat-0237508616dbe3a38\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"gateway\",\"sub_type\":\"nat-gateway\",\"tags\":null,\"raw\":{\"nat_gateway\":{\"VpcId\":\"vpc-0180a1dc90512f144\",\"ConnectivityType\":\"public\",\"DeleteTime\":null,\"FailureMessage\":null,\"NatGatewayId\":\"nat-0237508616dbe3a38\",\"ProvisionedBandwidth\":null,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"aws-reinvent-2024-pwncloud-nat-gateway-f934c03f\"}],\"CreateTime\":\"2024-11-06T18:07:18Z\",\"FailureCode\":null,\"NatGatewayAddresses\":[{\"IsPrimary\":true,\"NetworkInterfaceId\":\"eni-0c673073e0f387d6f\",\"PrivateIp\":\"10.0.1.229\",\"PublicIp\":\"52.12.92.147\",\"Status\":\"succeeded\",\"AllocationId\":\"eipalloc-0cefcfd607d504cb3\",\"AssociationId\":\"eipassoc-0105b5bdf5d4abe6d\",\"FailureMessage\":null}],\"State\":\"available\",\"SubnetId\":\"subnet-0e40d676cc223ac12\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:natgateway/nat-0237508616dbe3a38\",\"nat-0237508616dbe3a38\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"tags\":null,\"raw\":{\"alias_configurations\":null,\"function_configuration\":{\"Runtime\":\"python3.12\",\"State\":\"\",\"EphemeralStorage\":{\"Size\":512},\"FunctionName\":\"MapCreatedEC2s\",\"Handler\":\"lambda_function.lambda_handler\",\"MasterArn\":null,\"MemorySize\":128,\"PackageType\":\"Zip\",\"TracingConfig\":{\"Mode\":\"PassThrough\"},\"VpcConfig\":null,\"KMSKeyArn\":null,\"SnapStart\":{\"ApplyOn\":\"None\",\"OptimizationStatus\":\"Off\"},\"Version\":\"$LATEST\",\"CodeSha256\":\"SP8oSxf1986MrEcvjIKe7a2hYYSf3HVvfQZQ1j1NiYU=\",\"CodeSize\":1034,\"Description\":\"\",\"LastModified\":\"2024-04-02T15:30:17.000+0000\",\"LastUpdateStatusReason\":null,\"Environment\":null,\"FileSystemConfigs\":null,\"LastUpdateStatusReasonCode\":\"\",\"StateReasonCode\":\"\",\"Timeout\":60,\"DeadLetterConfig\":null,\"Role\":\"arn:aws:iam::704479110758:role/service-role/MapCreatedEC2sLambda\",\"Architectures\":[\"x86_64\"],\"RevisionId\":\"61b0e5c2-8fe5-4fda-b8d9-6fc90c757a01\",\"SigningJobArn\":null,\"StateReason\":null,\"FunctionArn\":\"arn:aws:lambda:eu-west-1:704479110758:function:MapCreatedEC2s\",\"LastUpdateStatus\":\"\",\"LoggingConfig\":{\"ApplicationLogLevel\":\"\",\"LogFormat\":\"Text\",\"LogGroup\":\"/aws/lambda/MapCreatedEC2s\",\"SystemLogLevel\":\"\"},\"ImageConfigResponse\":null,\"Layers\":null,\"RuntimeVersionConfig\":null,\"SigningProfileVersionArn\":null}},\"id\":[\"arn:aws:lambda:eu-west-1:704479110758:function:MapCreatedEC2s\"],\"name\":\"MapCreatedEC2s\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"serverless\",\"sub_type\":\"lambda-function\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Lambda\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:lambda:eu-west-1:704479110758:function:MapCreatedEC2s\"],\"entity.metadata\":{\"arn:aws:lambda:eu-west-1:704479110758:function:MapCreatedEC2s\":{\"category\":\"infrastructure\",\"type\":\"serverless\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:lambda:us-east-1:704479110758:function:StackSet-entro-security-a-GetAccountAliasLambdaFun-oW2D1LIgc4kZ\"],\"entity.metadata\":{\"arn:aws:lambda:us-east-1:704479110758:function:StackSet-entro-security-a-GetAccountAliasLambdaFun-oW2D1LIgc4kZ\":{\"category\":\"infrastructure\",\"type\":\"serverless\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"serverless\",\"sub_type\":\"lambda-function\",\"tags\":null,\"raw\":{\"function_configuration\":{\"FunctionArn\":\"arn:aws:lambda:us-east-1:704479110758:function:StackSet-entro-security-a-GetAccountAliasLambdaFun-oW2D1LIgc4kZ\",\"LastUpdateStatusReason\":null,\"SnapStart\":{\"ApplyOn\":\"None\",\"OptimizationStatus\":\"Off\"},\"EphemeralStorage\":{\"Size\":512},\"PackageType\":\"Zip\",\"LastModified\":\"2024-09-04T13:09:38.403+0000\",\"Runtime\":\"python3.8\",\"State\":\"\",\"CodeSha256\":\"1559JE4yj4z+NJiTO+zk/7FfNVK8wPyWx64TOjhcZVc=\",\"Environment\":null,\"KMSKeyArn\":null,\"FunctionName\":\"StackSet-entro-security-a-GetAccountAliasLambdaFun-oW2D1LIgc4kZ\",\"LastUpdateStatusReasonCode\":\"\",\"TracingConfig\":{\"Mode\":\"PassThrough\"},\"RevisionId\":\"5430b942-137e-4063-aee2-0bd0a25c9769\",\"Role\":\"arn:aws:iam::704479110758:role/StackSet-entro-security-a8-EntroLambdaExecutionRole-BDxER6v2UNDr\",\"StateReason\":null,\"Timeout\":30,\"ImageConfigResponse\":null,\"MasterArn\":null,\"MemorySize\":128,\"RuntimeVersionConfig\":null,\"SigningProfileVersionArn\":null,\"VpcConfig\":null,\"CodeSize\":1320,\"LastUpdateStatus\":\"\",\"LoggingConfig\":{\"ApplicationLogLevel\":\"\",\"LogFormat\":\"Text\",\"LogGroup\":\"/aws/lambda/StackSet-entro-security-a-GetAccountAliasLambdaFun-oW2D1LIgc4kZ\",\"SystemLogLevel\":\"\"},\"Layers\":null,\"Version\":\"$LATEST\",\"Description\":\"\",\"FileSystemConfigs\":null,\"Handler\":\"index.lambda_handler\",\"StateReasonCode\":\"\",\"Architectures\":[\"x86_64\"],\"DeadLetterConfig\":null,\"SigningJobArn\":null},\"alias_configurations\":null},\"id\":[\"arn:aws:lambda:us-east-1:704479110758:function:StackSet-entro-security-a-GetAccountAliasLambdaFun-oW2D1LIgc4kZ\"],\"name\":\"StackSet-entro-security-a-GetAccountAliasLambdaFun-oW2D1LIgc4kZ\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Lambda\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:lambda:us-east-1:704479110758:function:datadog-forwarder-Forwarder-ujD4shxeqLa7\":{\"type\":\"serverless\",\"category\":\"infrastructure\"}},\"asset\":{\"raw\":{\"function_configuration\":{\"FunctionArn\":\"arn:aws:lambda:us-east-1:704479110758:function:datadog-forwarder-Forwarder-ujD4shxeqLa7\",\"Description\":\"Pushes logs, metrics and traces from AWS to Datadog.\",\"FunctionName\":\"datadog-forwarder-Forwarder-ujD4shxeqLa7\",\"LastUpdateStatus\":\"\",\"LoggingConfig\":{\"LogFormat\":\"Text\",\"LogGroup\":\"/aws/lambda/datadog-forwarder-Forwarder-ujD4shxeqLa7\",\"SystemLogLevel\":\"\",\"ApplicationLogLevel\":\"\"},\"SnapStart\":{\"ApplyOn\":\"None\",\"OptimizationStatus\":\"Off\"},\"TracingConfig\":{\"Mode\":\"PassThrough\"},\"CodeSize\":133,\"ImageConfigResponse\":null,\"LastModified\":\"2024-04-19T21:39:21.749+0000\",\"LastUpdateStatusReason\":null,\"StateReason\":null,\"Handler\":\"lambda_function.lambda_handler\",\"LastUpdateStatusReasonCode\":\"\",\"PackageType\":\"Zip\",\"Role\":\"arn:aws:iam::704479110758:role/datadog-forwarder-ForwarderRole-hPjuNknNMemQ\",\"Version\":\"$LATEST\",\"FileSystemConfigs\":null,\"State\":\"\",\"Timeout\":120,\"Layers\":[{\"SigningJobArn\":null,\"SigningProfileVersionArn\":null,\"Arn\":\"arn:aws:lambda:us-east-1:464622532012:layer:Datadog-Forwarder:48\",\"CodeSize\":1.4031516e+07}],\"SigningProfileVersionArn\":null,\"Runtime\":\"python3.11\",\"CodeSha256\":\"0c12bYu4PFvOBVT8SpkeuH48mUI877Ehn02E2Qvem7w=\",\"DeadLetterConfig\":null,\"Environment\":{\"Error\":null,\"Variables\":{\"DD_STORE_FAILED_EVENTS\":\"false\",\"DD_TAGS_CACHE_TTL_SECONDS\":\"300\",\"DD_USE_PRIVATE_LINK\":\"false\",\"DD_USE_VPC\":\"false\",\"DD_FETCH_LOG_GROUP_TAGS\":\"true\",\"DD_S3_BUCKET_NAME\":\"datadog-forwarder-forwarderbucket-9kwbmmywdjqk\",\"DD_FETCH_LAMBDA_TAGS\":\"true\",\"DD_FETCH_STEP_FUNCTIONS_TAGS\":\"true\",\"DD_SITE\":\"datadoghq.com\",\"DD_API_KEY_SECRET_ARN\":\"arn:aws:secretsmanager:us-east-1:704479110758:secret:DdApiKeySecret-aUFEgO4SmSGN-xqgqXR\",\"DD_ENHANCED_METRICS\":\"false\"}},\"MasterArn\":null,\"MemorySize\":1024,\"RuntimeVersionConfig\":null,\"SigningJobArn\":null,\"Architectures\":[\"x86_64\"],\"KMSKeyArn\":null,\"RevisionId\":\"d47183dd-599e-4bdd-91f0-e9ce16a34b3d\",\"StateReasonCode\":\"\",\"VpcConfig\":null,\"EphemeralStorage\":{\"Size\":512}},\"alias_configurations\":null},\"id\":[\"arn:aws:lambda:us-east-1:704479110758:function:datadog-forwarder-Forwarder-ujD4shxeqLa7\"],\"name\":\"datadog-forwarder-Forwarder-ujD4shxeqLa7\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"serverless\",\"sub_type\":\"lambda-function\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Lambda\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:lambda:us-east-1:704479110758:function:datadog-forwarder-Forwarder-ujD4shxeqLa7\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:lambda:us-east-1:704479110758:function:CloudTrailEventProcessing\"],\"entity.metadata\":{\"arn:aws:lambda:us-east-1:704479110758:function:CloudTrailEventProcessing\":{\"category\":\"infrastructure\",\"type\":\"serverless\"}},\"asset\":{\"sub_type\":\"lambda-function\",\"tags\":null,\"raw\":{\"function_configuration\":{\"DeadLetterConfig\":null,\"LastModified\":\"2020-09-08T09:35:40.538+0000\",\"SigningProfileVersionArn\":null,\"SnapStart\":{\"ApplyOn\":\"None\",\"OptimizationStatus\":\"Off\"},\"StateReasonCode\":\"\",\"EphemeralStorage\":{\"Size\":512},\"FunctionArn\":\"arn:aws:lambda:us-east-1:704479110758:function:CloudTrailEventProcessing\",\"LastUpdateStatusReason\":null,\"PackageType\":\"Zip\",\"Runtime\":\"nodejs12.x\",\"TracingConfig\":{\"Mode\":\"PassThrough\"},\"LoggingConfig\":{\"ApplicationLogLevel\":\"\",\"LogFormat\":\"Text\",\"LogGroup\":\"/aws/lambda/CloudTrailEventProcessing\",\"SystemLogLevel\":\"\"},\"State\":\"\",\"FileSystemConfigs\":null,\"ImageConfigResponse\":null,\"LastUpdateStatus\":\"\",\"LastUpdateStatusReasonCode\":\"\",\"Architectures\":[\"x86_64\"],\"Description\":\"\",\"MasterArn\":null,\"RevisionId\":\"258e7f5e-050b-4427-ac97-057f055d88da\",\"MemorySize\":1024,\"Timeout\":10,\"Version\":\"$LATEST\",\"VpcConfig\":null,\"CodeSha256\":\"mjziFjxZ+StyFwnINEwKHctyHVgG5FNZG2ND+rphGvI=\",\"CodeSize\":221545,\"FunctionName\":\"CloudTrailEventProcessing\",\"Handler\":\"index.handler\",\"StateReason\":null,\"SigningJobArn\":null,\"Environment\":null,\"KMSKeyArn\":null,\"Layers\":null,\"Role\":\"arn:aws:iam::704479110758:role/lambda-cloudtrail-role\",\"RuntimeVersionConfig\":null},\"alias_configurations\":null},\"id\":[\"arn:aws:lambda:us-east-1:704479110758:function:CloudTrailEventProcessing\"],\"name\":\"CloudTrailEventProcessing\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"serverless\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Lambda\"},\"provider\":\"aws\",\"region\":\"us-east-1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:lambda:us-west-2:704479110758:function:serverlessrepo-tin-cdr-de-ApplicationElasticServer-XER9vPFvfLbx\":{\"category\":\"infrastructure\",\"type\":\"serverless\"}},\"asset\":{\"tags\":null,\"raw\":{\"function_configuration\":{\"Description\":\"\",\"MasterArn\":null,\"FunctionArn\":\"arn:aws:lambda:us-west-2:704479110758:function:serverlessrepo-tin-cdr-de-ApplicationElasticServer-XER9vPFvfLbx\",\"ImageConfigResponse\":null,\"RevisionId\":\"8d2ad157-551b-474f-a55b-616b686b3998\",\"StateReason\":null,\"MemorySize\":512,\"CodeSize\":1.5355574e+07,\"FileSystemConfigs\":null,\"FunctionName\":\"serverlessrepo-tin-cdr-de-ApplicationElasticServer-XER9vPFvfLbx\",\"Handler\":\"main_aws.handler\",\"Role\":\"arn:aws:iam::704479110758:role/serverlessrepo-tin-cdr-de-ApplicationElasticServerl-dZR6zL0oQpdU\",\"Runtime\":\"python3.9\",\"Timeout\":900,\"TracingConfig\":{\"Mode\":\"PassThrough\"},\"Environment\":{\"Error\":null,\"Variables\":{\"SQS_REPLAY_URL\":\"https://sqs.us-west-2.amazonaws.com/704479110758/elastic-serverless-forwarder-replay-queue-0a0f93b1b57d\",\"S3_CONFIG_FILE\":\"s3://tin-serverless-forwarder-config-store/config-2.yml\",\"SQS_CONTINUE_URL\":\"https://sqs.us-west-2.amazonaws.com/704479110758/elastic-serverless-forwarder-continuing-queue-0a0f93b1b57d\"}},\"KMSKeyArn\":null,\"LastUpdateStatusReason\":null,\"PackageType\":\"Zip\",\"DeadLetterConfig\":null,\"Layers\":null,\"LastModified\":\"2024-11-06T10:02:46.000+0000\",\"SnapStart\":{\"ApplyOn\":\"None\",\"OptimizationStatus\":\"Off\"},\"Version\":\"$LATEST\",\"SigningJobArn\":null,\"VpcConfig\":null,\"LastUpdateStatus\":\"\",\"LastUpdateStatusReasonCode\":\"\",\"LoggingConfig\":{\"ApplicationLogLevel\":\"\",\"LogFormat\":\"Text\",\"LogGroup\":\"/aws/lambda/serverlessrepo-tin-cdr-de-ApplicationElasticServer-XER9vPFvfLbx\",\"SystemLogLevel\":\"\"},\"RuntimeVersionConfig\":null,\"State\":\"\",\"StateReasonCode\":\"\",\"Architectures\":[\"x86_64\"],\"CodeSha256\":\"2p1Ne6HtkskyIPDdgVrE4v2LgT/Cxsh8AJYVLnrhVHM=\",\"EphemeralStorage\":{\"Size\":512},\"SigningProfileVersionArn\":null},\"alias_configurations\":null},\"id\":[\"arn:aws:lambda:us-west-2:704479110758:function:serverlessrepo-tin-cdr-de-ApplicationElasticServer-XER9vPFvfLbx\"],\"name\":\"serverlessrepo-tin-cdr-de-ApplicationElasticServer-XER9vPFvfLbx\",\"category\":\"infrastructure\",\"sub_category\":\"compute\",\"type\":\"serverless\",\"sub_type\":\"lambda-function\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Lambda\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:lambda:us-west-2:704479110758:function:serverlessrepo-tin-cdr-de-ApplicationElasticServer-XER9vPFvfLbx\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_category\":\"compute\",\"type\":\"serverless\",\"sub_type\":\"lambda-function\",\"tags\":null,\"raw\":{\"function_configuration\":{\"FunctionArn\":\"arn:aws:lambda:us-west-2:704479110758:function:serverlessrepo-tin-cdr-de-MacroElasticServerlessFo-wJxi3aQ7WB7i\",\"Architectures\":[\"x86_64\"],\"DeadLetterConfig\":null,\"Layers\":null,\"RuntimeVersionConfig\":null,\"SigningProfileVersionArn\":null,\"FileSystemConfigs\":null,\"LastUpdateStatus\":\"\",\"MemorySize\":128,\"RevisionId\":\"f440449e-7c18-45f3-9c5a-6d4fb0f89e23\",\"Role\":\"arn:aws:iam::704479110758:role/serverlessrepo-tin-cdr-de-MacroElasticServerlessFor-fTcq6OrLFaFm\",\"Runtime\":\"python3.9\",\"StateReason\":null,\"Timeout\":3,\"CodeSize\":1826,\"LoggingConfig\":{\"ApplicationLogLevel\":\"\",\"LogFormat\":\"Text\",\"LogGroup\":\"/aws/lambda/serverlessrepo-tin-cdr-de-MacroElasticServerlessFo-wJxi3aQ7WB7i\",\"SystemLogLevel\":\"\"},\"TracingConfig\":{\"Mode\":\"PassThrough\"},\"KMSKeyArn\":null,\"LastModified\":\"2024-10-23T22:04:58.057+0000\",\"PackageType\":\"Zip\",\"Version\":\"$LATEST\",\"Environment\":null,\"ImageConfigResponse\":null,\"LastUpdateStatusReason\":null,\"LastUpdateStatusReasonCode\":\"\",\"SigningJobArn\":null,\"SnapStart\":{\"ApplyOn\":\"None\",\"OptimizationStatus\":\"Off\"},\"StateReasonCode\":\"\",\"CodeSha256\":\"kEVTdFQJxMfTRNcermtAApkdNYO4fvDqJHLnbFg2no8=\",\"Description\":\"\",\"MasterArn\":null,\"State\":\"\",\"VpcConfig\":null,\"EphemeralStorage\":{\"Size\":512},\"FunctionName\":\"serverlessrepo-tin-cdr-de-MacroElasticServerlessFo-wJxi3aQ7WB7i\",\"Handler\":\"index.handler\"},\"alias_configurations\":null},\"id\":[\"arn:aws:lambda:us-west-2:704479110758:function:serverlessrepo-tin-cdr-de-MacroElasticServerlessFo-wJxi3aQ7WB7i\"],\"name\":\"serverlessrepo-tin-cdr-de-MacroElasticServerlessFo-wJxi3aQ7WB7i\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Lambda\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:lambda:us-west-2:704479110758:function:serverlessrepo-tin-cdr-de-MacroElasticServerlessFo-wJxi3aQ7WB7i\"],\"entity.metadata\":{\"arn:aws:lambda:us-west-2:704479110758:function:serverlessrepo-tin-cdr-de-MacroElasticServerlessFo-wJxi3aQ7WB7i\":{\"category\":\"infrastructure\",\"type\":\"serverless\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:network-acl/acl-04bb542b537d6f093\",\"acl-04bb542b537d6f093\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:network-acl/acl-04bb542b537d6f093\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-0bcb5768ab0ca697f\",\"Associations\":[],\"Entries\":[{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"},{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-04bb542b537d6f093\",\"OwnerId\":\"704479110758\",\"Tags\":[]},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:network-acl/acl-04bb542b537d6f093\",\"acl-04bb542b537d6f093\"],\"name\":\"acl-04bb542b537d6f093\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0bcb5768ab0ca697f\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.089+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0e4b5c650a5bc0bdd\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-3318185c\",\"NetworkAclId\":\"acl-00ce1ba574cf6b4e1\",\"SubnetId\":\"subnet-0537148b062dc9fa2\"}],\"Entries\":[{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false}],\"IsDefault\":true,\"NetworkAclId\":\"acl-00ce1ba574cf6b4e1\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:network-acl/acl-00ce1ba574cf6b4e1\",\"acl-00ce1ba574cf6b4e1\"],\"name\":\"acl-00ce1ba574cf6b4e1\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"subnet_ids\":[\"subnet-0537148b062dc9fa2\"],\"vpc_ids\":[\"vpc-0e4b5c650a5bc0bdd\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:network-acl/acl-00ce1ba574cf6b4e1\",\"acl-00ce1ba574cf6b4e1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:network-acl/acl-00ce1ba574cf6b4e1\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:network-acl/acl-3d2dc855\",\"acl-3d2dc855\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:network-acl/acl-3d2dc855\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"name\":\"acl-3d2dc855\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-cf796aa6\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-dbbf18b0\",\"NetworkAclId\":\"acl-3d2dc855\",\"SubnetId\":\"subnet-ec99c897\"},{\"NetworkAclId\":\"acl-3d2dc855\",\"SubnetId\":\"subnet-60251b09\",\"NetworkAclAssociationId\":\"aclassoc-c4bf18af\"},{\"SubnetId\":\"subnet-9f9208d2\",\"NetworkAclAssociationId\":\"aclassoc-dabf18b1\",\"NetworkAclId\":\"acl-3d2dc855\"}],\"Entries\":[{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-3d2dc855\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:network-acl/acl-3d2dc855\",\"acl-3d2dc855\"]},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\"},\"network\":{\"subnet_ids\":[\"subnet-ec99c897\",\"subnet-60251b09\",\"subnet-9f9208d2\"],\"vpc_ids\":[\"vpc-cf796aa6\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"],\"subnet_ids\":[\"subnet-a1c474cb\",\"subnet-4b27c837\",\"subnet-e330c2af\"]},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:network-acl/acl-202b4e4a\",\"acl-202b4e4a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:network-acl/acl-202b4e4a\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"tags\":null,\"raw\":{\"VpcId\":\"vpc-ed6da487\",\"Associations\":[{\"SubnetId\":\"subnet-a1c474cb\",\"NetworkAclAssociationId\":\"aclassoc-845701ea\",\"NetworkAclId\":\"acl-202b4e4a\"},{\"NetworkAclAssociationId\":\"aclassoc-855701eb\",\"NetworkAclId\":\"acl-202b4e4a\",\"SubnetId\":\"subnet-4b27c837\"},{\"SubnetId\":\"subnet-e330c2af\",\"NetworkAclAssociationId\":\"aclassoc-875701e9\",\"NetworkAclId\":\"acl-202b4e4a\"}],\"Entries\":[{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767},{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767}],\"IsDefault\":true,\"NetworkAclId\":\"acl-202b4e4a\",\"OwnerId\":\"704479110758\",\"Tags\":[]},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:network-acl/acl-202b4e4a\",\"acl-202b4e4a\"],\"name\":\"acl-202b4e4a\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"NetworkAclId\":\"acl-0f74e4f2cb7de12ac\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-01c30ed493017c5f0\",\"NetworkAclId\":\"acl-0f74e4f2cb7de12ac\",\"SubnetId\":\"subnet-0981d6560ece89ecb\"},{\"NetworkAclAssociationId\":\"aclassoc-0511ff608c9e68d3c\",\"NetworkAclId\":\"acl-0f74e4f2cb7de12ac\",\"SubnetId\":\"subnet-0b301a436d259a430\"}],\"Entries\":[{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100},{\"RuleNumber\":101,\"CidrBlock\":null,\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":\"::/0\",\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767},{\"Ipv6CidrBlock\":\"::/0\",\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32768,\"CidrBlock\":null,\"Egress\":true,\"IcmpTypeCode\":null},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":\"::/0\",\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":101,\"CidrBlock\":null,\"Egress\":false},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"RuleNumber\":32768,\"CidrBlock\":null,\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":\"::/0\",\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"}],\"IsDefault\":true},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-acl/acl-0f74e4f2cb7de12ac\",\"acl-0f74e4f2cb7de12ac\"],\"name\":\"acl-0f74e4f2cb7de12ac\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"],\"subnet_ids\":[\"subnet-0981d6560ece89ecb\",\"subnet-0b301a436d259a430\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-acl/acl-0f74e4f2cb7de12ac\",\"acl-0f74e4f2cb7de12ac\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-acl/acl-0f74e4f2cb7de12ac\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"Tags\":[],\"VpcId\":\"vpc-0655e251b572f3c6c\",\"Associations\":[{\"SubnetId\":\"subnet-083628bfcd8860a0d\",\"NetworkAclAssociationId\":\"aclassoc-d629d6b6\",\"NetworkAclId\":\"acl-0abe3c9ebe2721de7\"}],\"Entries\":[{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767},{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0abe3c9ebe2721de7\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-acl/acl-0abe3c9ebe2721de7\",\"acl-0abe3c9ebe2721de7\"],\"name\":\"acl-0abe3c9ebe2721de7\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"subnet_ids\":[\"subnet-083628bfcd8860a0d\"],\"vpc_ids\":[\"vpc-0655e251b572f3c6c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-acl/acl-0abe3c9ebe2721de7\",\"acl-0abe3c9ebe2721de7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-acl/acl-0abe3c9ebe2721de7\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"IsDefault\":true,\"NetworkAclId\":\"acl-fff9df97\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-7d397e15\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-e40d3f8e\",\"NetworkAclId\":\"acl-fff9df97\",\"SubnetId\":\"subnet-1758805b\"},{\"SubnetId\":\"subnet-44ef7a3e\",\"NetworkAclAssociationId\":\"aclassoc-e70d3f8d\",\"NetworkAclId\":\"acl-fff9df97\"},{\"NetworkAclAssociationId\":\"aclassoc-e60d3f8c\",\"NetworkAclId\":\"acl-fff9df97\",\"SubnetId\":\"subnet-566d243f\"}],\"Entries\":[{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"}]},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-acl/acl-fff9df97\",\"acl-fff9df97\"],\"name\":\"acl-fff9df97\",\"category\":\"identity\"},\"cloud\":{\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"subnet_ids\":[\"subnet-1758805b\",\"subnet-44ef7a3e\",\"subnet-566d243f\"],\"vpc_ids\":[\"vpc-7d397e15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-acl/acl-fff9df97\",\"acl-fff9df97\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-acl/acl-fff9df97\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-e6e43c8f\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-6a4e0d03\",\"NetworkAclId\":\"acl-608d5609\",\"SubnetId\":\"subnet-26a1ba6c\"},{\"NetworkAclAssociationId\":\"aclassoc-6d4e0d04\",\"NetworkAclId\":\"acl-608d5609\",\"SubnetId\":\"subnet-0da97064\"},{\"NetworkAclAssociationId\":\"aclassoc-6c4e0d05\",\"NetworkAclId\":\"acl-608d5609\",\"SubnetId\":\"subnet-bcd129c7\"}],\"Entries\":[{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-608d5609\"},\"id\":[\"arn:aws:ec2:eu-north-1:704479110758:network-acl/acl-608d5609\",\"acl-608d5609\"],\"name\":\"acl-608d5609\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-north-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-26a1ba6c\",\"subnet-0da97064\",\"subnet-bcd129c7\"],\"vpc_ids\":[\"vpc-e6e43c8f\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:eu-north-1:704479110758:network-acl/acl-608d5609\",\"acl-608d5609\"],\"entity.metadata\":{\"arn:aws:ec2:eu-north-1:704479110758:network-acl/acl-608d5609\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:network-acl/acl-6b7ee616\",\"acl-6b7ee616\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:network-acl/acl-6b7ee616\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"name\":\"acl-6b7ee616\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-73d2e309\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-357f3f7b\",\"NetworkAclId\":\"acl-6b7ee616\",\"SubnetId\":\"subnet-8bdf6bc6\"},{\"SubnetId\":\"subnet-0a0bee6c\",\"NetworkAclAssociationId\":\"aclassoc-347f3f7a\",\"NetworkAclId\":\"acl-6b7ee616\"},{\"NetworkAclAssociationId\":\"aclassoc-337f3f7d\",\"NetworkAclId\":\"acl-6b7ee616\",\"SubnetId\":\"subnet-bf6ab5b1\"},{\"NetworkAclAssociationId\":\"aclassoc-327f3f7c\",\"NetworkAclId\":\"acl-6b7ee616\",\"SubnetId\":\"subnet-c4bf5e9b\"},{\"SubnetId\":\"subnet-37391109\",\"NetworkAclAssociationId\":\"aclassoc-307f3f7e\",\"NetworkAclId\":\"acl-6b7ee616\"},{\"NetworkAclAssociationId\":\"aclassoc-317f3f7f\",\"NetworkAclId\":\"acl-6b7ee616\",\"SubnetId\":\"subnet-fee506df\"}],\"Entries\":[{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-6b7ee616\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:network-acl/acl-6b7ee616\",\"acl-6b7ee616\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"subnet_ids\":[\"subnet-8bdf6bc6\",\"subnet-0a0bee6c\",\"subnet-bf6ab5b1\",\"subnet-c4bf5e9b\",\"subnet-37391109\",\"subnet-fee506df\"],\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"subnet_ids\":[\"subnet-0d13fe1170a652ad1\",\"subnet-03aa6072b34eae6a9\",\"subnet-0581305834edb5054\",\"subnet-0ed154aa70918550b\",\"subnet-0dc77404d1c3fa0c2\",\"subnet-056c5f97d89fe38e8\"],\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0e3755e1878401665\",\"acl-0e3755e1878401665\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0e3755e1878401665\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"tags\":null,\"raw\":{\"VpcId\":\"vpc-00103fb710b9960ab\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-06d6531f8d139392a\",\"NetworkAclId\":\"acl-0e3755e1878401665\",\"SubnetId\":\"subnet-0d13fe1170a652ad1\"},{\"NetworkAclAssociationId\":\"aclassoc-0f7918c7d89bd20c2\",\"NetworkAclId\":\"acl-0e3755e1878401665\",\"SubnetId\":\"subnet-03aa6072b34eae6a9\"},{\"NetworkAclAssociationId\":\"aclassoc-054f7accbd668a4e8\",\"NetworkAclId\":\"acl-0e3755e1878401665\",\"SubnetId\":\"subnet-0581305834edb5054\"},{\"SubnetId\":\"subnet-0ed154aa70918550b\",\"NetworkAclAssociationId\":\"aclassoc-0995bbc5030d18383\",\"NetworkAclId\":\"acl-0e3755e1878401665\"},{\"NetworkAclAssociationId\":\"aclassoc-03a0eef120d093cad\",\"NetworkAclId\":\"acl-0e3755e1878401665\",\"SubnetId\":\"subnet-0dc77404d1c3fa0c2\"},{\"NetworkAclId\":\"acl-0e3755e1878401665\",\"SubnetId\":\"subnet-056c5f97d89fe38e8\",\"NetworkAclAssociationId\":\"aclassoc-0896df5811af7314e\"}],\"Entries\":[{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0e3755e1878401665\",\"OwnerId\":\"704479110758\",\"Tags\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0e3755e1878401665\",\"acl-0e3755e1878401665\"],\"name\":\"acl-0e3755e1878401665\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"],\"subnet_ids\":[\"subnet-0146aa28d861caaec\",\"subnet-0826fbb5db7a6ce47\",\"subnet-07456aebc63be1f86\",\"subnet-01ea8f2367f2311ae\",\"subnet-09eda1bf6efaa3594\",\"subnet-022a228119cb5b519\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-053fe94e40a49c818\",\"acl-053fe94e40a49c818\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-053fe94e40a49c818\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"Associations\":[{\"SubnetId\":\"subnet-0146aa28d861caaec\",\"NetworkAclAssociationId\":\"aclassoc-047e2b6bfe6ed310f\",\"NetworkAclId\":\"acl-053fe94e40a49c818\"},{\"NetworkAclAssociationId\":\"aclassoc-071ff17b2e221f669\",\"NetworkAclId\":\"acl-053fe94e40a49c818\",\"SubnetId\":\"subnet-0826fbb5db7a6ce47\"},{\"NetworkAclAssociationId\":\"aclassoc-02ecabbc776e359e6\",\"NetworkAclId\":\"acl-053fe94e40a49c818\",\"SubnetId\":\"subnet-07456aebc63be1f86\"},{\"SubnetId\":\"subnet-01ea8f2367f2311ae\",\"NetworkAclAssociationId\":\"aclassoc-0333da9f7362f9d04\",\"NetworkAclId\":\"acl-053fe94e40a49c818\"},{\"NetworkAclAssociationId\":\"aclassoc-08e715b227eebccdf\",\"NetworkAclId\":\"acl-053fe94e40a49c818\",\"SubnetId\":\"subnet-09eda1bf6efaa3594\"},{\"SubnetId\":\"subnet-022a228119cb5b519\",\"NetworkAclAssociationId\":\"aclassoc-0a9d9726852eeccbd\",\"NetworkAclId\":\"acl-053fe94e40a49c818\"}],\"Entries\":[{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767}],\"IsDefault\":true,\"NetworkAclId\":\"acl-053fe94e40a49c818\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"test_aws\",\"Value\":\"\"}],\"VpcId\":\"vpc-04ece708af6c9b689\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-053fe94e40a49c818\",\"acl-053fe94e40a49c818\"],\"name\":\"acl-053fe94e40a49c818\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"tags\":null,\"raw\":{\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-044df0601fa971932\",\"NetworkAclId\":\"acl-0c78104127d1ac700\",\"SubnetId\":\"subnet-031a3c5f3616abbf8\"},{\"NetworkAclAssociationId\":\"aclassoc-0ab0ba72f52ca5524\",\"NetworkAclId\":\"acl-0c78104127d1ac700\",\"SubnetId\":\"subnet-04dedcfd218f68e39\"},{\"NetworkAclAssociationId\":\"aclassoc-030e9ace03180bef0\",\"NetworkAclId\":\"acl-0c78104127d1ac700\",\"SubnetId\":\"subnet-005be66a652673241\"},{\"NetworkAclAssociationId\":\"aclassoc-0db11cc2cfde9ceb3\",\"NetworkAclId\":\"acl-0c78104127d1ac700\",\"SubnetId\":\"subnet-0d232eecdff26526d\"},{\"NetworkAclAssociationId\":\"aclassoc-0f4815d3717d709da\",\"NetworkAclId\":\"acl-0c78104127d1ac700\",\"SubnetId\":\"subnet-04d6046ca13f1d2b2\"},{\"NetworkAclAssociationId\":\"aclassoc-036302d0989023ee3\",\"NetworkAclId\":\"acl-0c78104127d1ac700\",\"SubnetId\":\"subnet-059a72f44f27a917a\"}],\"Entries\":[{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0c78104127d1ac700\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0bf78569aaae50b84\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0c78104127d1ac700\",\"acl-0c78104127d1ac700\"],\"name\":\"acl-0c78104127d1ac700\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"],\"subnet_ids\":[\"subnet-031a3c5f3616abbf8\",\"subnet-04dedcfd218f68e39\",\"subnet-005be66a652673241\",\"subnet-0d232eecdff26526d\",\"subnet-04d6046ca13f1d2b2\",\"subnet-059a72f44f27a917a\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0c78104127d1ac700\",\"acl-0c78104127d1ac700\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0c78104127d1ac700\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0dbe864720903ee31\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0a2008710cab48539\",\"Associations\":[],\"Entries\":[{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"},{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0dbe864720903ee31\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0dbe864720903ee31\",\"acl-0dbe864720903ee31\"],\"name\":\"acl-0dbe864720903ee31\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0a2008710cab48539\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0dbe864720903ee31\",\"acl-0dbe864720903ee31\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"subnet_ids\":[\"subnet-0cdfa229831a9689c\",\"subnet-00b864f5fca41b8f4\",\"subnet-0a77aa794e2e89e95\",\"subnet-072b100ec47a4b6e4\",\"subnet-0799634ae05f2b209\",\"subnet-0f8c4fc8a013d6e18\"],\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0bde8062c10b9f25d\",\"acl-0bde8062c10b9f25d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0bde8062c10b9f25d\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"Tags\":[],\"VpcId\":\"vpc-08d87433815da7907\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-0c5fad04bbec6e128\",\"NetworkAclId\":\"acl-0bde8062c10b9f25d\",\"SubnetId\":\"subnet-0cdfa229831a9689c\"},{\"NetworkAclAssociationId\":\"aclassoc-0823dd3cb30b8dd06\",\"NetworkAclId\":\"acl-0bde8062c10b9f25d\",\"SubnetId\":\"subnet-00b864f5fca41b8f4\"},{\"NetworkAclId\":\"acl-0bde8062c10b9f25d\",\"SubnetId\":\"subnet-0a77aa794e2e89e95\",\"NetworkAclAssociationId\":\"aclassoc-0dd07c7acfc8a73dd\"},{\"NetworkAclAssociationId\":\"aclassoc-0133208583be55209\",\"NetworkAclId\":\"acl-0bde8062c10b9f25d\",\"SubnetId\":\"subnet-072b100ec47a4b6e4\"},{\"NetworkAclAssociationId\":\"aclassoc-09ff07ff3396f9a53\",\"NetworkAclId\":\"acl-0bde8062c10b9f25d\",\"SubnetId\":\"subnet-0799634ae05f2b209\"},{\"NetworkAclAssociationId\":\"aclassoc-0f68e7cd9e31876a3\",\"NetworkAclId\":\"acl-0bde8062c10b9f25d\",\"SubnetId\":\"subnet-0f8c4fc8a013d6e18\"}],\"Entries\":[{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100},{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"},{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0bde8062c10b9f25d\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0bde8062c10b9f25d\",\"acl-0bde8062c10b9f25d\"],\"name\":\"acl-0bde8062c10b9f25d\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"subnet_ids\":[\"subnet-08af497c9d775fa00\",\"subnet-0e121700fc0341fcb\",\"subnet-043f1e41224a5fb12\",\"subnet-06877e04cd144a9d3\",\"subnet-02a6e1d1a76af1028\",\"subnet-01d21175cc69e9571\"],\"vpc_ids\":[\"vpc-06635215f51bfd343\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0122d650e407401f3\",\"acl-0122d650e407401f3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0122d650e407401f3\":{\"category\":\"identity\",\"type\":\"acl\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"Entries\":[{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0122d650e407401f3\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-06635215f51bfd343\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-04f52513ed75c8a7a\",\"NetworkAclId\":\"acl-0122d650e407401f3\",\"SubnetId\":\"subnet-08af497c9d775fa00\"},{\"NetworkAclAssociationId\":\"aclassoc-0715842f7550b24f0\",\"NetworkAclId\":\"acl-0122d650e407401f3\",\"SubnetId\":\"subnet-0e121700fc0341fcb\"},{\"SubnetId\":\"subnet-043f1e41224a5fb12\",\"NetworkAclAssociationId\":\"aclassoc-012f52042630775de\",\"NetworkAclId\":\"acl-0122d650e407401f3\"},{\"SubnetId\":\"subnet-06877e04cd144a9d3\",\"NetworkAclAssociationId\":\"aclassoc-00e132555d8ca67ad\",\"NetworkAclId\":\"acl-0122d650e407401f3\"},{\"NetworkAclAssociationId\":\"aclassoc-08a83c3a3df3d1730\",\"NetworkAclId\":\"acl-0122d650e407401f3\",\"SubnetId\":\"subnet-02a6e1d1a76af1028\"},{\"NetworkAclAssociationId\":\"aclassoc-0b77a78c860c705b7\",\"NetworkAclId\":\"acl-0122d650e407401f3\",\"SubnetId\":\"subnet-01d21175cc69e9571\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0122d650e407401f3\",\"acl-0122d650e407401f3\"],\"name\":\"acl-0122d650e407401f3\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0340df148ed0f1006\",\"acl-0340df148ed0f1006\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0340df148ed0f1006\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"NetworkAclId\":\"acl-0340df148ed0f1006\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0096efe3aab3734db\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-0585bda60985af570\",\"NetworkAclId\":\"acl-0340df148ed0f1006\",\"SubnetId\":\"subnet-0078ca27a20c0e6fd\"},{\"NetworkAclAssociationId\":\"aclassoc-097d75533194963c3\",\"NetworkAclId\":\"acl-0340df148ed0f1006\",\"SubnetId\":\"subnet-007829077de560c69\"},{\"NetworkAclAssociationId\":\"aclassoc-0556f44b80e8a8676\",\"NetworkAclId\":\"acl-0340df148ed0f1006\",\"SubnetId\":\"subnet-0e27ed9e54263c4e3\"},{\"NetworkAclAssociationId\":\"aclassoc-0f509e8bfcb419094\",\"NetworkAclId\":\"acl-0340df148ed0f1006\",\"SubnetId\":\"subnet-099f0c78ec579edf5\"},{\"NetworkAclAssociationId\":\"aclassoc-00e25e2ada5e0f6fd\",\"NetworkAclId\":\"acl-0340df148ed0f1006\",\"SubnetId\":\"subnet-0bf1e4af13ea12d0a\"},{\"NetworkAclAssociationId\":\"aclassoc-0af96f025e1118745\",\"NetworkAclId\":\"acl-0340df148ed0f1006\",\"SubnetId\":\"subnet-070b0039edbb3ea35\"}],\"Entries\":[{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null},{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"},{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"}],\"IsDefault\":true},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0340df148ed0f1006\",\"acl-0340df148ed0f1006\"],\"name\":\"acl-0340df148ed0f1006\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-0078ca27a20c0e6fd\",\"subnet-007829077de560c69\",\"subnet-0e27ed9e54263c4e3\",\"subnet-099f0c78ec579edf5\",\"subnet-0bf1e4af13ea12d0a\",\"subnet-070b0039edbb3ea35\"],\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-009e9f747903a7dbe\",\"acl-009e9f747903a7dbe\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-009e9f747903a7dbe\":{\"category\":\"identity\",\"type\":\"acl\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"NetworkAclId\":\"acl-009e9f747903a7dbe\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-096d5aaf84103883c\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-0e1fd8dcbb47cc3fe\",\"NetworkAclId\":\"acl-009e9f747903a7dbe\",\"SubnetId\":\"subnet-0fd184fdb6f6d6625\"},{\"SubnetId\":\"subnet-0db44e7206e0bf6e7\",\"NetworkAclAssociationId\":\"aclassoc-00104f3335434886a\",\"NetworkAclId\":\"acl-009e9f747903a7dbe\"},{\"NetworkAclAssociationId\":\"aclassoc-05e290f91bee2fbb2\",\"NetworkAclId\":\"acl-009e9f747903a7dbe\",\"SubnetId\":\"subnet-013417b28485abce5\"},{\"NetworkAclAssociationId\":\"aclassoc-09e82b7f58f9076ab\",\"NetworkAclId\":\"acl-009e9f747903a7dbe\",\"SubnetId\":\"subnet-071bb079367aba847\"},{\"NetworkAclAssociationId\":\"aclassoc-033bfa688f0189ed5\",\"NetworkAclId\":\"acl-009e9f747903a7dbe\",\"SubnetId\":\"subnet-0f5599e2c5f7309f8\"},{\"NetworkAclAssociationId\":\"aclassoc-06e640f03631158cc\",\"NetworkAclId\":\"acl-009e9f747903a7dbe\",\"SubnetId\":\"subnet-0b9742a3beed3221a\"}],\"Entries\":[{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"}],\"IsDefault\":true},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-009e9f747903a7dbe\",\"acl-009e9f747903a7dbe\"],\"name\":\"acl-009e9f747903a7dbe\",\"category\":\"identity\",\"sub_category\":\"authorization\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"subnet_ids\":[\"subnet-0fd184fdb6f6d6625\",\"subnet-0db44e7206e0bf6e7\",\"subnet-013417b28485abce5\",\"subnet-071bb079367aba847\",\"subnet-0f5599e2c5f7309f8\",\"subnet-0b9742a3beed3221a\"],\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0ce4d2a49419da265\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0ce4d2a49419da265\",\"acl-0ce4d2a49419da265\"],\"name\":\"acl-0ce4d2a49419da265\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"NetworkAclId\":\"acl-0ce4d2a49419da265\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-09908af671b335ff4\",\"NetworkAclId\":\"acl-0ce4d2a49419da265\",\"SubnetId\":\"subnet-0496f9fc35ccabcdd\"},{\"NetworkAclId\":\"acl-0ce4d2a49419da265\",\"SubnetId\":\"subnet-06cb2b521f07177a4\",\"NetworkAclAssociationId\":\"aclassoc-0a32a02363f5b3862\"},{\"NetworkAclAssociationId\":\"aclassoc-005983b7024bf5945\",\"NetworkAclId\":\"acl-0ce4d2a49419da265\",\"SubnetId\":\"subnet-0b239250c16bbb84b\"},{\"NetworkAclAssociationId\":\"aclassoc-0325af3b321359ff1\",\"NetworkAclId\":\"acl-0ce4d2a49419da265\",\"SubnetId\":\"subnet-02d427894b12f050b\"},{\"NetworkAclAssociationId\":\"aclassoc-0309bb29cc5f3ca4b\",\"NetworkAclId\":\"acl-0ce4d2a49419da265\",\"SubnetId\":\"subnet-00212758e91e53e60\"},{\"NetworkAclAssociationId\":\"aclassoc-0518496fa17faa152\",\"NetworkAclId\":\"acl-0ce4d2a49419da265\",\"SubnetId\":\"subnet-0e0bf795835c7fee3\"}],\"Entries\":[{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767},{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null}],\"IsDefault\":true}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-0496f9fc35ccabcdd\",\"subnet-06cb2b521f07177a4\",\"subnet-0b239250c16bbb84b\",\"subnet-02d427894b12f050b\",\"subnet-00212758e91e53e60\",\"subnet-0e0bf795835c7fee3\"],\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0ce4d2a49419da265\",\"acl-0ce4d2a49419da265\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0de5d19ac894b58c9\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-00deb0fefb1ec1157\",\"NetworkAclId\":\"acl-01eb47022fed82f3c\",\"SubnetId\":\"subnet-0fc548949d1be638f\"},{\"NetworkAclAssociationId\":\"aclassoc-0b7fad469aad4fb26\",\"NetworkAclId\":\"acl-01eb47022fed82f3c\",\"SubnetId\":\"subnet-0c52bb149ee4c3903\"},{\"NetworkAclAssociationId\":\"aclassoc-046b3628ce61f816b\",\"NetworkAclId\":\"acl-01eb47022fed82f3c\",\"SubnetId\":\"subnet-064a6141dfe98c933\"},{\"SubnetId\":\"subnet-0e8a6a6a9dd61ba2d\",\"NetworkAclAssociationId\":\"aclassoc-0e12695aad566c306\",\"NetworkAclId\":\"acl-01eb47022fed82f3c\"},{\"SubnetId\":\"subnet-03d0cff9718e7aeb2\",\"NetworkAclAssociationId\":\"aclassoc-0654176899f01b38d\",\"NetworkAclId\":\"acl-01eb47022fed82f3c\"},{\"NetworkAclAssociationId\":\"aclassoc-0d600acd7284b9231\",\"NetworkAclId\":\"acl-01eb47022fed82f3c\",\"SubnetId\":\"subnet-02551800069422c82\"}],\"Entries\":[{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"},{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-01eb47022fed82f3c\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-01eb47022fed82f3c\",\"acl-01eb47022fed82f3c\"],\"name\":\"acl-01eb47022fed82f3c\",\"category\":\"identity\",\"sub_category\":\"authorization\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-0fc548949d1be638f\",\"subnet-0c52bb149ee4c3903\",\"subnet-064a6141dfe98c933\",\"subnet-0e8a6a6a9dd61ba2d\",\"subnet-03d0cff9718e7aeb2\",\"subnet-02551800069422c82\"],\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-01eb47022fed82f3c\",\"acl-01eb47022fed82f3c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-01eb47022fed82f3c\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-02d9a84c988f4b923\",\"acl-02d9a84c988f4b923\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-02d9a84c988f4b923\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"Associations\":[],\"Entries\":[{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":1},{\"Ipv6CidrBlock\":null,\"PortRange\":{\"From\":80,\"To\":80},\"Protocol\":\"6\",\"RuleAction\":\"allow\",\"RuleNumber\":2,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"}],\"IsDefault\":false,\"NetworkAclId\":\"acl-02d9a84c988f4b923\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"oleg-test\"}],\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-02d9a84c988f4b923\",\"acl-02d9a84c988f4b923\"],\"name\":\"acl-02d9a84c988f4b923\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-0b5ada4550b941390\"],\"subnet_ids\":[\"subnet-08970bf23eae9264b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0569222caa7818c9a\",\"acl-0569222caa7818c9a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0569222caa7818c9a\":{\"category\":\"identity\",\"type\":\"acl\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0b5ada4550b941390\",\"Associations\":[{\"NetworkAclId\":\"acl-0569222caa7818c9a\",\"SubnetId\":\"subnet-08970bf23eae9264b\",\"NetworkAclAssociationId\":\"aclassoc-0f31e37cef505eb2a\"}],\"Entries\":[{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0569222caa7818c9a\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0569222caa7818c9a\",\"acl-0569222caa7818c9a\"],\"name\":\"acl-0569222caa7818c9a\",\"category\":\"identity\",\"sub_category\":\"authorization\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-00d7b69ea2f4e310b\",\"NetworkAclId\":\"acl-0cfaf8f135affed96\",\"SubnetId\":\"subnet-01f15828b00f49fab\"},{\"NetworkAclAssociationId\":\"aclassoc-0f5e826bee2b0b681\",\"NetworkAclId\":\"acl-0cfaf8f135affed96\",\"SubnetId\":\"subnet-0e9a99fb7f8f99434\"},{\"SubnetId\":\"subnet-056e3f276ec4c5310\",\"NetworkAclAssociationId\":\"aclassoc-01c74fee5ff26e74a\",\"NetworkAclId\":\"acl-0cfaf8f135affed96\"}],\"Entries\":[{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0cfaf8f135affed96\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0265091ed79292f2c\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0cfaf8f135affed96\",\"acl-0cfaf8f135affed96\"],\"name\":\"acl-0cfaf8f135affed96\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"subnet_ids\":[\"subnet-01f15828b00f49fab\",\"subnet-0e9a99fb7f8f99434\",\"subnet-056e3f276ec4c5310\"],\"vpc_ids\":[\"vpc-0265091ed79292f2c\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0cfaf8f135affed96\",\"acl-0cfaf8f135affed96\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0cfaf8f135affed96\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-0cf8bf662fe6a15d3\",\"subnet-0ee9db2f83d931918\",\"subnet-0ba97db4a20518b40\",\"subnet-078d82cbf3e581986\",\"subnet-0aa05616d99e52cd6\",\"subnet-015b984f7a5a99749\"],\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-03f842569f3268d20\",\"acl-03f842569f3268d20\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-03f842569f3268d20\":{\"type\":\"acl\",\"category\":\"identity\"}},\"asset\":{\"raw\":{\"Tags\":[],\"VpcId\":\"vpc-06b023d1fc8665055\",\"Associations\":[{\"SubnetId\":\"subnet-0cf8bf662fe6a15d3\",\"NetworkAclAssociationId\":\"aclassoc-03aba9175296b7255\",\"NetworkAclId\":\"acl-03f842569f3268d20\"},{\"NetworkAclAssociationId\":\"aclassoc-0ed3f6872215a8cd5\",\"NetworkAclId\":\"acl-03f842569f3268d20\",\"SubnetId\":\"subnet-0ee9db2f83d931918\"},{\"NetworkAclAssociationId\":\"aclassoc-01dbd44e46518cca4\",\"NetworkAclId\":\"acl-03f842569f3268d20\",\"SubnetId\":\"subnet-0ba97db4a20518b40\"},{\"NetworkAclAssociationId\":\"aclassoc-04c1038883e6ddff5\",\"NetworkAclId\":\"acl-03f842569f3268d20\",\"SubnetId\":\"subnet-078d82cbf3e581986\"},{\"NetworkAclAssociationId\":\"aclassoc-081738a03b5f712e9\",\"NetworkAclId\":\"acl-03f842569f3268d20\",\"SubnetId\":\"subnet-0aa05616d99e52cd6\"},{\"NetworkAclAssociationId\":\"aclassoc-0fa3fb9c5a89b1b6a\",\"NetworkAclId\":\"acl-03f842569f3268d20\",\"SubnetId\":\"subnet-015b984f7a5a99749\"}],\"Entries\":[{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-03f842569f3268d20\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-03f842569f3268d20\",\"acl-03f842569f3268d20\"],\"name\":\"acl-03f842569f3268d20\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-07d4a5830dc4845b7\",\"acl-07d4a5830dc4845b7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-07d4a5830dc4845b7\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"raw\":{\"VpcId\":\"vpc-05dd3a849e821fafc\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-01ff2e45dd7551943\",\"NetworkAclId\":\"acl-07d4a5830dc4845b7\",\"SubnetId\":\"subnet-02d996d780a41b803\"},{\"NetworkAclId\":\"acl-07d4a5830dc4845b7\",\"SubnetId\":\"subnet-0211e573f34ef5921\",\"NetworkAclAssociationId\":\"aclassoc-07b1797c3fc08ba19\"},{\"NetworkAclAssociationId\":\"aclassoc-01e19d8888b7be085\",\"NetworkAclId\":\"acl-07d4a5830dc4845b7\",\"SubnetId\":\"subnet-0a59dafcae832542c\"},{\"NetworkAclId\":\"acl-07d4a5830dc4845b7\",\"SubnetId\":\"subnet-00e9a5645e8fe263e\",\"NetworkAclAssociationId\":\"aclassoc-0ef593ae2d5b7a19f\"},{\"SubnetId\":\"subnet-0d0baa38ef0fd2426\",\"NetworkAclAssociationId\":\"aclassoc-0f077b71f946d397b\",\"NetworkAclId\":\"acl-07d4a5830dc4845b7\"},{\"NetworkAclAssociationId\":\"aclassoc-05d3dbe41231e4fee\",\"NetworkAclId\":\"acl-07d4a5830dc4845b7\",\"SubnetId\":\"subnet-08f2f48be1493d1ff\"}],\"Entries\":[{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-07d4a5830dc4845b7\",\"OwnerId\":\"704479110758\",\"Tags\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-07d4a5830dc4845b7\",\"acl-07d4a5830dc4845b7\"],\"name\":\"acl-07d4a5830dc4845b7\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"subnet_ids\":[\"subnet-02d996d780a41b803\",\"subnet-0211e573f34ef5921\",\"subnet-0a59dafcae832542c\",\"subnet-00e9a5645e8fe263e\",\"subnet-0d0baa38ef0fd2426\",\"subnet-08f2f48be1493d1ff\"],\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-0d369ee4ec7b9c3a7\"],\"vpc_ids\":[\"vpc-061fc9c22f73c7d3e\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-09690bc9d5b8fc2dc\",\"acl-09690bc9d5b8fc2dc\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-09690bc9d5b8fc2dc\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-061fc9c22f73c7d3e\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-0e29ea99e947f25eb\",\"NetworkAclId\":\"acl-09690bc9d5b8fc2dc\",\"SubnetId\":\"subnet-0d369ee4ec7b9c3a7\"}],\"Entries\":[{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-09690bc9d5b8fc2dc\",\"OwnerId\":\"704479110758\",\"Tags\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-09690bc9d5b8fc2dc\",\"acl-09690bc9d5b8fc2dc\"],\"name\":\"acl-09690bc9d5b8fc2dc\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-02905fce7b65f710e\":{\"type\":\"acl\",\"category\":\"identity\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-02905fce7b65f710e\",\"acl-02905fce7b65f710e\"],\"name\":\"acl-02905fce7b65f710e\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-0a74788000c2f0013\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-0c519031751fb311a\",\"NetworkAclId\":\"acl-02905fce7b65f710e\",\"SubnetId\":\"subnet-07ac380f66015b607\"},{\"NetworkAclAssociationId\":\"aclassoc-05ebdeb4640d143dd\",\"NetworkAclId\":\"acl-02905fce7b65f710e\",\"SubnetId\":\"subnet-0190249d34f071ca9\"},{\"NetworkAclAssociationId\":\"aclassoc-06b366c557b07dad1\",\"NetworkAclId\":\"acl-02905fce7b65f710e\",\"SubnetId\":\"subnet-02b6ea79f0e7227f7\"},{\"NetworkAclAssociationId\":\"aclassoc-03f526e36cd95ea9c\",\"NetworkAclId\":\"acl-02905fce7b65f710e\",\"SubnetId\":\"subnet-06bb4cb1a64443b8b\"},{\"NetworkAclAssociationId\":\"aclassoc-0b8e5d46e6f19d477\",\"NetworkAclId\":\"acl-02905fce7b65f710e\",\"SubnetId\":\"subnet-03b066524255a77b4\"},{\"NetworkAclAssociationId\":\"aclassoc-0f037238cda80898f\",\"NetworkAclId\":\"acl-02905fce7b65f710e\",\"SubnetId\":\"subnet-01382f5e89be0e460\"}],\"Entries\":[{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false}],\"IsDefault\":true,\"NetworkAclId\":\"acl-02905fce7b65f710e\",\"OwnerId\":\"704479110758\",\"Tags\":[]}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-07ac380f66015b607\",\"subnet-0190249d34f071ca9\",\"subnet-02b6ea79f0e7227f7\",\"subnet-06bb4cb1a64443b8b\",\"subnet-03b066524255a77b4\",\"subnet-01382f5e89be0e460\"],\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-02905fce7b65f710e\",\"acl-02905fce7b65f710e\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-6cb55a15\",\"Associations\":[],\"Entries\":[{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767}],\"IsDefault\":false,\"NetworkAclId\":\"acl-060f3656c924538b7\",\"OwnerId\":\"704479110758\",\"Tags\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-060f3656c924538b7\",\"acl-060f3656c924538b7\"],\"name\":\"acl-060f3656c924538b7\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-060f3656c924538b7\",\"acl-060f3656c924538b7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-060f3656c924538b7\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0de7cd79421085383\",\"acl-0de7cd79421085383\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0de7cd79421085383\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"NetworkAclId\":\"acl-0de7cd79421085383\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-02190da3c759732a9\",\"Associations\":[{\"SubnetId\":\"subnet-0a49da801aa320357\",\"NetworkAclAssociationId\":\"aclassoc-06f091c4b84a87437\",\"NetworkAclId\":\"acl-0de7cd79421085383\"},{\"NetworkAclAssociationId\":\"aclassoc-0f07aba8a933469af\",\"NetworkAclId\":\"acl-0de7cd79421085383\",\"SubnetId\":\"subnet-0702a81903e0778af\"},{\"NetworkAclAssociationId\":\"aclassoc-0b4847c5112c9f33e\",\"NetworkAclId\":\"acl-0de7cd79421085383\",\"SubnetId\":\"subnet-02ad7a3d0af24c4d8\"},{\"NetworkAclAssociationId\":\"aclassoc-060e7d4dc2bc01290\",\"NetworkAclId\":\"acl-0de7cd79421085383\",\"SubnetId\":\"subnet-0a341ccb080e9e498\"},{\"NetworkAclAssociationId\":\"aclassoc-0a720239f5b649cfc\",\"NetworkAclId\":\"acl-0de7cd79421085383\",\"SubnetId\":\"subnet-009eb15ec5020262d\"},{\"NetworkAclAssociationId\":\"aclassoc-0accfabf8716e31b8\",\"NetworkAclId\":\"acl-0de7cd79421085383\",\"SubnetId\":\"subnet-0f109bff021a78050\"}],\"Entries\":[{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null}],\"IsDefault\":true},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0de7cd79421085383\",\"acl-0de7cd79421085383\"],\"name\":\"acl-0de7cd79421085383\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"],\"subnet_ids\":[\"subnet-0a49da801aa320357\",\"subnet-0702a81903e0778af\",\"subnet-02ad7a3d0af24c4d8\",\"subnet-0a341ccb080e9e498\",\"subnet-009eb15ec5020262d\",\"subnet-0f109bff021a78050\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"subnet_ids\":[\"subnet-0a5b112f21481c793\",\"subnet-0a3bd12b022fedd7c\",\"subnet-020cfea1aa7c03545\",\"subnet-045fe0eb1312d2ebf\",\"subnet-005da09026434a42d\",\"subnet-0c8299d2fc2a16cfd\"],\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0b70a27f805e3e09b\",\"acl-0b70a27f805e3e09b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0b70a27f805e3e09b\":{\"type\":\"acl\",\"category\":\"identity\"}},\"asset\":{\"tags\":null,\"raw\":{\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-0a4ecbb50227f0fbf\",\"NetworkAclId\":\"acl-0b70a27f805e3e09b\",\"SubnetId\":\"subnet-0a5b112f21481c793\"},{\"NetworkAclAssociationId\":\"aclassoc-005ce756f303279d2\",\"NetworkAclId\":\"acl-0b70a27f805e3e09b\",\"SubnetId\":\"subnet-0a3bd12b022fedd7c\"},{\"NetworkAclAssociationId\":\"aclassoc-0209241d9cdc10be5\",\"NetworkAclId\":\"acl-0b70a27f805e3e09b\",\"SubnetId\":\"subnet-020cfea1aa7c03545\"},{\"NetworkAclId\":\"acl-0b70a27f805e3e09b\",\"SubnetId\":\"subnet-045fe0eb1312d2ebf\",\"NetworkAclAssociationId\":\"aclassoc-0fe5029c2996ab4e7\"},{\"NetworkAclAssociationId\":\"aclassoc-05217955c9723539b\",\"NetworkAclId\":\"acl-0b70a27f805e3e09b\",\"SubnetId\":\"subnet-005da09026434a42d\"},{\"NetworkAclAssociationId\":\"aclassoc-0a4664d7fdd43717d\",\"NetworkAclId\":\"acl-0b70a27f805e3e09b\",\"SubnetId\":\"subnet-0c8299d2fc2a16cfd\"}],\"Entries\":[{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"},{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0b70a27f805e3e09b\",\"OwnerId\":\"704479110758\",\"Tags\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-0b70a27f805e3e09b\",\"acl-0b70a27f805e3e09b\"],\"name\":\"acl-0b70a27f805e3e09b\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-09fe698a3c179d701\",\"NetworkAclId\":\"acl-00378b9911c6c0ce4\",\"SubnetId\":\"subnet-0fa6ec9a07ddabafe\"},{\"NetworkAclAssociationId\":\"aclassoc-0d43d0b4e44c31190\",\"NetworkAclId\":\"acl-00378b9911c6c0ce4\",\"SubnetId\":\"subnet-0e97645aa0b5d0ec4\"},{\"NetworkAclAssociationId\":\"aclassoc-041661d2e6b695117\",\"NetworkAclId\":\"acl-00378b9911c6c0ce4\",\"SubnetId\":\"subnet-0fe81c65bd681a8bc\"},{\"NetworkAclAssociationId\":\"aclassoc-092fc0d0d8cae0a41\",\"NetworkAclId\":\"acl-00378b9911c6c0ce4\",\"SubnetId\":\"subnet-03471f9d33d77b2d3\"},{\"NetworkAclAssociationId\":\"aclassoc-04401ed0a3e67f69e\",\"NetworkAclId\":\"acl-00378b9911c6c0ce4\",\"SubnetId\":\"subnet-04b09e2d9de9285ad\"},{\"NetworkAclAssociationId\":\"aclassoc-044c84ea86437dd78\",\"NetworkAclId\":\"acl-00378b9911c6c0ce4\",\"SubnetId\":\"subnet-0fb8525d06f28be51\"}],\"Entries\":[{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-00378b9911c6c0ce4\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-00378b9911c6c0ce4\",\"acl-00378b9911c6c0ce4\"],\"name\":\"acl-00378b9911c6c0ce4\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"subnet_ids\":[\"subnet-0fa6ec9a07ddabafe\",\"subnet-0e97645aa0b5d0ec4\",\"subnet-0fe81c65bd681a8bc\",\"subnet-03471f9d33d77b2d3\",\"subnet-04b09e2d9de9285ad\",\"subnet-0fb8525d06f28be51\"],\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-00378b9911c6c0ce4\",\"acl-00378b9911c6c0ce4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-00378b9911c6c0ce4\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-5b86e722\",\"acl-5b86e722\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-5b86e722\":{\"type\":\"acl\",\"category\":\"identity\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-6cb55a15\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-f3532d8d\",\"NetworkAclId\":\"acl-5b86e722\",\"SubnetId\":\"subnet-d4cf96b2\"},{\"NetworkAclAssociationId\":\"aclassoc-f0532d8e\",\"NetworkAclId\":\"acl-5b86e722\",\"SubnetId\":\"subnet-b50028fd\"},{\"NetworkAclAssociationId\":\"aclassoc-f1532d8f\",\"NetworkAclId\":\"acl-5b86e722\",\"SubnetId\":\"subnet-7a841e20\"}],\"Entries\":[{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-5b86e722\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-acl/acl-5b86e722\",\"acl-5b86e722\"],\"name\":\"acl-5b86e722\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"subnet_ids\":[\"subnet-d4cf96b2\",\"subnet-b50028fd\",\"subnet-7a841e20\"],\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:network-acl/acl-fe822995\",\"acl-fe822995\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:network-acl/acl-fe822995\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"name\":\"acl-fe822995\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-a5115ac9\",\"NetworkAclId\":\"acl-fe822995\",\"SubnetId\":\"subnet-76e81c1d\"},{\"NetworkAclId\":\"acl-fe822995\",\"SubnetId\":\"subnet-8ae5c7f0\",\"NetworkAclAssociationId\":\"aclassoc-a6115aca\"},{\"NetworkAclAssociationId\":\"aclassoc-a7115acb\",\"NetworkAclId\":\"acl-fe822995\",\"SubnetId\":\"subnet-350c8679\"}],\"Entries\":[{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false}],\"IsDefault\":true,\"NetworkAclId\":\"acl-fe822995\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0fa96564\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:network-acl/acl-fe822995\",\"acl-fe822995\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"subnet_ids\":[\"subnet-76e81c1d\",\"subnet-8ae5c7f0\",\"subnet-350c8679\"],\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"id\":[\"arn:aws:ec2:us-east-2:704479110758:network-acl/acl-089a84256ce0e0968\",\"acl-089a84256ce0e0968\"],\"name\":\"acl-089a84256ce0e0968\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-09b1bd8bbf4508a52\",\"Associations\":[],\"Entries\":[{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"},{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767}],\"IsDefault\":true,\"NetworkAclId\":\"acl-089a84256ce0e0968\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-09b1bd8bbf4508a52\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:network-acl/acl-089a84256ce0e0968\",\"acl-089a84256ce0e0968\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:network-acl/acl-089a84256ce0e0968\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:network-acl/acl-09310a5fa0eb2cf55\",\"acl-09310a5fa0eb2cf55\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:network-acl/acl-09310a5fa0eb2cf55\":{\"type\":\"acl\",\"category\":\"identity\"}},\"asset\":{\"name\":\"acl-09310a5fa0eb2cf55\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"IsDefault\":true,\"NetworkAclId\":\"acl-09310a5fa0eb2cf55\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-02c354cf7457127fd\",\"Associations\":[],\"Entries\":[{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767},{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false}]},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:network-acl/acl-09310a5fa0eb2cf55\",\"acl-09310a5fa0eb2cf55\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-02c354cf7457127fd\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ca-central-1:704479110758:network-acl/acl-6db59905\",\"acl-6db59905\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:ca-central-1:704479110758:network-acl/acl-6db59905\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"id\":[\"arn:aws:ec2:ca-central-1:704479110758:network-acl/acl-6db59905\",\"acl-6db59905\"],\"name\":\"acl-6db59905\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-8bb1fde3\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-3e560554\",\"NetworkAclId\":\"acl-6db59905\",\"SubnetId\":\"subnet-291c1775\"},{\"NetworkAclAssociationId\":\"aclassoc-39560553\",\"NetworkAclId\":\"acl-6db59905\",\"SubnetId\":\"subnet-5c394434\"},{\"NetworkAclAssociationId\":\"aclassoc-38560552\",\"NetworkAclId\":\"acl-6db59905\",\"SubnetId\":\"subnet-2e6ee054\"}],\"Entries\":[{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\"},{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-6db59905\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ca-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"subnet_ids\":[\"subnet-291c1775\",\"subnet-5c394434\",\"subnet-2e6ee054\"],\"vpc_ids\":[\"vpc-8bb1fde3\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:network-acl/acl-51ef163a\",\"acl-51ef163a\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:network-acl/acl-51ef163a\":{\"category\":\"identity\",\"type\":\"acl\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"raw\":{\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-58f25d35\",\"NetworkAclId\":\"acl-51ef163a\",\"SubnetId\":\"subnet-a8734cc0\"},{\"NetworkAclAssociationId\":\"aclassoc-59f25d34\",\"NetworkAclId\":\"acl-51ef163a\",\"SubnetId\":\"subnet-47893e3c\"},{\"NetworkAclId\":\"acl-51ef163a\",\"SubnetId\":\"subnet-5194f91d\",\"NetworkAclAssociationId\":\"aclassoc-5ef25d33\"}],\"Entries\":[{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null},{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-51ef163a\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-eb7e6883\"},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:network-acl/acl-51ef163a\",\"acl-51ef163a\"],\"name\":\"acl-51ef163a\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-a8734cc0\",\"subnet-47893e3c\",\"subnet-5194f91d\"],\"vpc_ids\":[\"vpc-eb7e6883\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:network-acl/acl-04dd7409678708bbf\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"tags\":null,\"raw\":{\"Entries\":[{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767}],\"IsDefault\":true,\"NetworkAclId\":\"acl-04dd7409678708bbf\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0400c449f7d20cd09\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-085c872c78f2b317f\",\"NetworkAclId\":\"acl-04dd7409678708bbf\",\"SubnetId\":\"subnet-0477cccc31d37da62\"},{\"NetworkAclAssociationId\":\"aclassoc-02ee3f39098c5aab7\",\"NetworkAclId\":\"acl-04dd7409678708bbf\",\"SubnetId\":\"subnet-047a5fd445e2c0f08\"},{\"NetworkAclAssociationId\":\"aclassoc-008b17aa5ffe6db69\",\"NetworkAclId\":\"acl-04dd7409678708bbf\",\"SubnetId\":\"subnet-03fc8d807f516fff8\"},{\"NetworkAclAssociationId\":\"aclassoc-095f475a9d0480adb\",\"NetworkAclId\":\"acl-04dd7409678708bbf\",\"SubnetId\":\"subnet-018cce758d7e85742\"},{\"NetworkAclAssociationId\":\"aclassoc-00cb61fb199233f54\",\"NetworkAclId\":\"acl-04dd7409678708bbf\",\"SubnetId\":\"subnet-0c381cc237aef92ff\"},{\"NetworkAclId\":\"acl-04dd7409678708bbf\",\"SubnetId\":\"subnet-06e637400bc669e4b\",\"NetworkAclAssociationId\":\"aclassoc-0d671bdaf1b1ff5f3\"}]},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:network-acl/acl-04dd7409678708bbf\",\"acl-04dd7409678708bbf\"],\"name\":\"acl-04dd7409678708bbf\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"subnet_ids\":[\"subnet-0477cccc31d37da62\",\"subnet-047a5fd445e2c0f08\",\"subnet-03fc8d807f516fff8\",\"subnet-018cce758d7e85742\",\"subnet-0c381cc237aef92ff\",\"subnet-06e637400bc669e4b\"],\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:network-acl/acl-04dd7409678708bbf\",\"acl-04dd7409678708bbf\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"Entries\":[{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0996e41af5a23c566\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-0d34957e50abb854b\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-0e4c180492dbb96ef\",\"NetworkAclId\":\"acl-0996e41af5a23c566\",\"SubnetId\":\"subnet-0bf2fcb3d5feece8f\"},{\"NetworkAclAssociationId\":\"aclassoc-033130909aec67f9b\",\"NetworkAclId\":\"acl-0996e41af5a23c566\",\"SubnetId\":\"subnet-0c01ece534ccb5532\"},{\"NetworkAclAssociationId\":\"aclassoc-01877e6a93034dd4c\",\"NetworkAclId\":\"acl-0996e41af5a23c566\",\"SubnetId\":\"subnet-0647f2dc7ebb81e17\"},{\"SubnetId\":\"subnet-014bc35788d91ba5e\",\"NetworkAclAssociationId\":\"aclassoc-0cc2f46ae203f6a96\",\"NetworkAclId\":\"acl-0996e41af5a23c566\"},{\"NetworkAclAssociationId\":\"aclassoc-02a7e57daef5a62fc\",\"NetworkAclId\":\"acl-0996e41af5a23c566\",\"SubnetId\":\"subnet-0b3d166bfb1d91f45\"},{\"NetworkAclAssociationId\":\"aclassoc-08ec984f5205568dc\",\"NetworkAclId\":\"acl-0996e41af5a23c566\",\"SubnetId\":\"subnet-0b48289a395640def\"}]},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:network-acl/acl-0996e41af5a23c566\",\"acl-0996e41af5a23c566\"],\"name\":\"acl-0996e41af5a23c566\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"subnet_ids\":[\"subnet-0bf2fcb3d5feece8f\",\"subnet-0c01ece534ccb5532\",\"subnet-0647f2dc7ebb81e17\",\"subnet-014bc35788d91ba5e\",\"subnet-0b3d166bfb1d91f45\",\"subnet-0b48289a395640def\"],\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:network-acl/acl-0996e41af5a23c566\",\"acl-0996e41af5a23c566\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:network-acl/acl-0996e41af5a23c566\":{\"category\":\"identity\",\"type\":\"acl\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"subnet_ids\":[\"subnet-0651124b0263e6018\",\"subnet-0e40d676cc223ac12\"],\"vpc_ids\":[\"vpc-0180a1dc90512f144\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-acl/acl-098c89f86ffbcce72\",\"acl-098c89f86ffbcce72\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-acl/acl-098c89f86ffbcce72\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"name\":\"acl-098c89f86ffbcce72\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-0180a1dc90512f144\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-0136fd09e7be13360\",\"NetworkAclId\":\"acl-098c89f86ffbcce72\",\"SubnetId\":\"subnet-0651124b0263e6018\"},{\"NetworkAclAssociationId\":\"aclassoc-064ebe01495ef8f80\",\"NetworkAclId\":\"acl-098c89f86ffbcce72\",\"SubnetId\":\"subnet-0e40d676cc223ac12\"}],\"Entries\":[{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-098c89f86ffbcce72\",\"OwnerId\":\"704479110758\",\"Tags\":[]},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-acl/acl-098c89f86ffbcce72\",\"acl-098c89f86ffbcce72\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"subnet_ids\":[\"subnet-b9b1a6f2\",\"subnet-10e39f3b\",\"subnet-dc1cd881\",\"subnet-5283762a\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-acl/acl-9348b8e8\",\"acl-9348b8e8\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-acl/acl-9348b8e8\":{\"type\":\"acl\",\"category\":\"identity\"}},\"asset\":{\"name\":\"acl-9348b8e8\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"Tags\":[],\"VpcId\":\"vpc-36a1394e\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-71bfb704\",\"NetworkAclId\":\"acl-9348b8e8\",\"SubnetId\":\"subnet-b9b1a6f2\"},{\"NetworkAclAssociationId\":\"aclassoc-76bfb703\",\"NetworkAclId\":\"acl-9348b8e8\",\"SubnetId\":\"subnet-10e39f3b\"},{\"NetworkAclAssociationId\":\"aclassoc-74bfb701\",\"NetworkAclId\":\"acl-9348b8e8\",\"SubnetId\":\"subnet-dc1cd881\"},{\"NetworkAclAssociationId\":\"aclassoc-77bfb702\",\"NetworkAclId\":\"acl-9348b8e8\",\"SubnetId\":\"subnet-5283762a\"}],\"Entries\":[{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false}],\"IsDefault\":true,\"NetworkAclId\":\"acl-9348b8e8\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-acl/acl-9348b8e8\",\"acl-9348b8e8\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"],\"subnet_ids\":[\"subnet-66dd0500\",\"subnet-bead59e4\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:network-acl/acl-0d259e6b\",\"acl-0d259e6b\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:network-acl/acl-0d259e6b\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"raw\":{\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-dea8efa5\",\"NetworkAclId\":\"acl-0d259e6b\",\"SubnetId\":\"subnet-66dd0500\"},{\"NetworkAclAssociationId\":\"aclassoc-dfa8efa4\",\"NetworkAclId\":\"acl-0d259e6b\",\"SubnetId\":\"subnet-bead59e4\"}],\"Entries\":[{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-0d259e6b\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-f6816890\"},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:network-acl/acl-0d259e6b\",\"acl-0d259e6b\"],\"name\":\"acl-0d259e6b\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-1:704479110758:network-acl/acl-b4f375d2\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-e4a9b483\",\"Associations\":[{\"SubnetId\":\"subnet-2caf1375\",\"NetworkAclAssociationId\":\"aclassoc-f0b80f8a\",\"NetworkAclId\":\"acl-b4f375d2\"},{\"SubnetId\":\"subnet-b89e6ff0\",\"NetworkAclAssociationId\":\"aclassoc-f6b80f8c\",\"NetworkAclId\":\"acl-b4f375d2\"},{\"NetworkAclAssociationId\":\"aclassoc-f1b80f8b\",\"NetworkAclId\":\"acl-b4f375d2\",\"SubnetId\":\"subnet-71f03117\"}],\"Entries\":[{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100},{\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null}],\"IsDefault\":true,\"NetworkAclId\":\"acl-b4f375d2\",\"OwnerId\":\"704479110758\",\"Tags\":[]},\"id\":[\"arn:aws:ec2:ap-southeast-1:704479110758:network-acl/acl-b4f375d2\",\"acl-b4f375d2\"],\"name\":\"acl-b4f375d2\"},\"cloud\":{\"region\":\"ap-southeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"subnet_ids\":[\"subnet-2caf1375\",\"subnet-b89e6ff0\",\"subnet-71f03117\"],\"vpc_ids\":[\"vpc-e4a9b483\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-1:704479110758:network-acl/acl-b4f375d2\",\"acl-b4f375d2\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"subnet_ids\":[\"subnet-20ac1569\",\"subnet-c16cea9a\",\"subnet-aed66dc8\"],\"vpc_ids\":[\"vpc-f7181690\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:sa-east-1:704479110758:network-acl/acl-30aba857\",\"acl-30aba857\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:sa-east-1:704479110758:network-acl/acl-30aba857\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"IsDefault\":true,\"NetworkAclId\":\"acl-30aba857\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-f7181690\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-a6cd64dc\",\"NetworkAclId\":\"acl-30aba857\",\"SubnetId\":\"subnet-20ac1569\"},{\"NetworkAclId\":\"acl-30aba857\",\"SubnetId\":\"subnet-c16cea9a\",\"NetworkAclAssociationId\":\"aclassoc-a7cd64dd\"},{\"NetworkAclAssociationId\":\"aclassoc-a1cd64db\",\"NetworkAclId\":\"acl-30aba857\",\"SubnetId\":\"subnet-aed66dc8\"}],\"Entries\":[{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null}]},\"id\":[\"arn:aws:ec2:sa-east-1:704479110758:network-acl/acl-30aba857\",\"acl-30aba857\"],\"name\":\"acl-30aba857\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"sa-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-1:704479110758:network-acl/acl-13e45b75\",\"acl-13e45b75\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-1:704479110758:network-acl/acl-13e45b75\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-75343a12\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-be0636c4\",\"NetworkAclId\":\"acl-13e45b75\",\"SubnetId\":\"subnet-7f8e5c54\"},{\"NetworkAclAssociationId\":\"aclassoc-bf0636c5\",\"NetworkAclId\":\"acl-13e45b75\",\"SubnetId\":\"subnet-459f540d\"},{\"NetworkAclAssociationId\":\"aclassoc-b90636c3\",\"NetworkAclId\":\"acl-13e45b75\",\"SubnetId\":\"subnet-7f5d5824\"}],\"Entries\":[{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false},{\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767}],\"IsDefault\":true,\"NetworkAclId\":\"acl-13e45b75\",\"OwnerId\":\"704479110758\",\"Tags\":[]},\"id\":[\"arn:aws:ec2:ap-northeast-1:704479110758:network-acl/acl-13e45b75\",\"acl-13e45b75\"],\"name\":\"acl-13e45b75\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"subnet_ids\":[\"subnet-7f8e5c54\",\"subnet-459f540d\",\"subnet-7f5d5824\"],\"vpc_ids\":[\"vpc-75343a12\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:network-acl/acl-499ae420\":{\"type\":\"acl\",\"category\":\"identity\"}},\"asset\":{\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-4d08bd25\",\"NetworkAclId\":\"acl-499ae420\",\"SubnetId\":\"subnet-01758f68\"},{\"NetworkAclAssociationId\":\"aclassoc-4e08bd26\",\"NetworkAclId\":\"acl-499ae420\",\"SubnetId\":\"subnet-3135917c\"},{\"NetworkAclAssociationId\":\"aclassoc-4c08bd24\",\"NetworkAclId\":\"acl-499ae420\",\"SubnetId\":\"subnet-70fa1e0b\"}],\"Entries\":[{\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-499ae420\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-04076d6d\"},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:network-acl/acl-499ae420\",\"acl-499ae420\"],\"name\":\"acl-499ae420\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\"},\"cloud\":{\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"subnet_ids\":[\"subnet-01758f68\",\"subnet-3135917c\",\"subnet-70fa1e0b\"],\"vpc_ids\":[\"vpc-04076d6d\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:network-acl/acl-499ae420\",\"acl-499ae420\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:network-acl/acl-3709835c\",\"acl-3709835c\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:network-acl/acl-3709835c\":{\"category\":\"identity\",\"type\":\"acl\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"Tags\":[],\"VpcId\":\"vpc-3e76af55\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-7064681d\",\"NetworkAclId\":\"acl-3709835c\",\"SubnetId\":\"subnet-a6880fdd\"},{\"NetworkAclAssociationId\":\"aclassoc-3fe37753\",\"NetworkAclId\":\"acl-3709835c\",\"SubnetId\":\"subnet-d06f4f8c\"},{\"NetworkAclAssociationId\":\"aclassoc-7164681c\",\"NetworkAclId\":\"acl-3709835c\",\"SubnetId\":\"subnet-51c00a3a\"},{\"NetworkAclAssociationId\":\"aclassoc-7364681e\",\"NetworkAclId\":\"acl-3709835c\",\"SubnetId\":\"subnet-d3417f9f\"}],\"Entries\":[{\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\"},{\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\"},{\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\"}],\"IsDefault\":true,\"NetworkAclId\":\"acl-3709835c\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:network-acl/acl-3709835c\",\"acl-3709835c\"],\"name\":\"acl-3709835c\"},\"cloud\":{\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"subnet_ids\":[\"subnet-a6880fdd\",\"subnet-d06f4f8c\",\"subnet-51c00a3a\",\"subnet-d3417f9f\"],\"vpc_ids\":[\"vpc-3e76af55\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"subnet_ids\":[\"subnet-0b648c6d\",\"subnet-b09a00e8\",\"subnet-0926c341\"],\"vpc_ids\":[\"vpc-bbfefedc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-2:704479110758:network-acl/acl-775df311\",\"acl-775df311\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-2:704479110758:network-acl/acl-775df311\":{\"category\":\"identity\",\"type\":\"acl\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"name\":\"acl-775df311\",\"category\":\"identity\",\"sub_category\":\"authorization\",\"type\":\"acl\",\"sub_type\":\"s3-access-control-list\",\"tags\":null,\"raw\":{\"NetworkAclId\":\"acl-775df311\",\"OwnerId\":\"704479110758\",\"Tags\":[],\"VpcId\":\"vpc-bbfefedc\",\"Associations\":[{\"NetworkAclAssociationId\":\"aclassoc-ce8009b3\",\"NetworkAclId\":\"acl-775df311\",\"SubnetId\":\"subnet-0b648c6d\"},{\"NetworkAclAssociationId\":\"aclassoc-c98009b4\",\"NetworkAclId\":\"acl-775df311\",\"SubnetId\":\"subnet-b09a00e8\"},{\"NetworkAclAssociationId\":\"aclassoc-c88009b5\",\"NetworkAclId\":\"acl-775df311\",\"SubnetId\":\"subnet-0926c341\"}],\"Entries\":[{\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":true,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null},{\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null,\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"allow\",\"RuleNumber\":100,\"CidrBlock\":\"0.0.0.0/0\"},{\"PortRange\":null,\"Protocol\":\"-1\",\"RuleAction\":\"deny\",\"RuleNumber\":32767,\"CidrBlock\":\"0.0.0.0/0\",\"Egress\":false,\"IcmpTypeCode\":null,\"Ipv6CidrBlock\":null}],\"IsDefault\":true},\"id\":[\"arn:aws:ec2:ap-southeast-2:704479110758:network-acl/acl-775df311\",\"acl-775df311\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Prefixes\":null,\"TagSet\":[],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-38-208.eu-central-1.compute.internal\",\"PrivateIpAddress\":\"172.31.38.208\",\"Association\":{\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-18-199-254-49.eu-central-1.compute.amazonaws.com\",\"PublicIp\":\"18.199.254.49\",\"AllocationId\":\"eipalloc-0f7ed109b51d98f0a\",\"AssociationId\":\"eipassoc-048c939a7a9d7151b\",\"CarrierIp\":null,\"CustomerOwnedIp\":null}}],\"DenyAllIgwTraffic\":null,\"Ipv4Prefixes\":null,\"MacAddress\":\"06:49:56:f7:59:2b\",\"Attachment\":{\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-05-02T14:52:25Z\",\"AttachmentId\":\"eni-attach-0c6f10ab743287d31\",\"InstanceId\":\"i-05ea11ffc6f045d4d\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"AvailabilityZone\":\"eu-central-1b\",\"SourceDestCheck\":true,\"Groups\":[{\"GroupName\":\"ofloros-onweek\",\"GroupId\":\"sg-0aa4d66fe76125c24\"}],\"VpcId\":\"vpc-ed6da487\",\"Status\":\"in-use\",\"OwnerId\":\"704479110758\",\"RequesterManaged\":false,\"Ipv6Native\":null,\"Description\":\"\",\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"RequesterId\":null,\"PrivateDnsName\":\"ip-172-31-38-208.eu-central-1.compute.internal\",\"PrivateIpAddress\":\"172.31.38.208\",\"Ipv6Address\":null,\"NetworkInterfaceId\":\"eni-0b9c1d581fb1985e7\",\"OutpostArn\":null,\"SubnetId\":\"subnet-4b27c837\",\"Association\":{\"PublicDnsName\":\"ec2-18-199-254-49.eu-central-1.compute.amazonaws.com\",\"PublicIp\":\"18.199.254.49\",\"AllocationId\":\"eipalloc-0f7ed109b51d98f0a\",\"AssociationId\":\"eipassoc-048c939a7a9d7151b\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\"},\"ConnectionTrackingConfiguration\":null}},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:network-interface/eni-0b9c1d581fb1985e7\",\"eni-0b9c1d581fb1985e7\"],\"name\":\"eni-0b9c1d581fb1985e7\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"subnet_ids\":[\"subnet-4b27c837\"],\"vpc_ids\":[\"vpc-ed6da487\"],\"security_group_ids\":[\"sg-0aa4d66fe76125c24\"]},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:network-interface/eni-0b9c1d581fb1985e7\",\"eni-0b9c1d581fb1985e7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:network-interface/eni-0b9c1d581fb1985e7\":{\"category\":\"infrastructure\",\"type\":\"interface\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0a4d83fdde0b27b79\",\"eni-0a4d83fdde0b27b79\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0a4d83fdde0b27b79\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Native\":null,\"VpcId\":\"vpc-7d397e15\",\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-0a4d83fdde0b27b79\",\"PrivateIpAddress\":\"172.31.5.205\",\"Description\":\"RDSNetworkInterface\",\"Ipv4Prefixes\":null,\"Status\":\"in-use\",\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-31-5-205.eu-west-2.compute.internal\",\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-b9e903db\",\"GroupName\":\"default\"}],\"Ipv6Address\":null,\"MacAddress\":\"02:5e:40:5c:df:fe\",\"RequesterId\":\"amazon-rds\",\"RequesterManaged\":true,\"AvailabilityZone\":\"eu-west-2c\",\"DenyAllIgwTraffic\":null,\"Ipv6Prefixes\":null,\"TagSet\":[],\"PrivateIpAddresses\":[{\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon-rds\",\"PublicDnsName\":\"ec2-35-177-224-69.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.177.224.69\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-5-205.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.5.205\"}],\"SourceDestCheck\":true,\"SubnetId\":\"subnet-566d243f\",\"Association\":{\"IpOwnerId\":\"amazon-rds\",\"PublicDnsName\":\"ec2-35-177-224-69.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.177.224.69\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Attachment\":{\"AttachTime\":\"2023-06-04T07:57:10Z\",\"DeleteOnTermination\":false,\"DeviceIndex\":1,\"InstanceId\":null,\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-000674cab7a8cd3bf\",\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"amazon-rds\",\"NetworkCardIndex\":0},\"InterfaceType\":\"interface\",\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0a4d83fdde0b27b79\",\"eni-0a4d83fdde0b27b79\"],\"name\":\"eni-0a4d83fdde0b27b79\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"network\":{\"security_group_ids\":[\"sg-b9e903db\"],\"subnet_ids\":[\"subnet-566d243f\"],\"vpc_ids\":[\"vpc-7d397e15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0e61bde81b3c31156\",\"eni-0e61bde81b3c31156\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0e61bde81b3c31156\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"raw\":{\"network_interface\":{\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"Ipv6Native\":null,\"ConnectionTrackingConfiguration\":null,\"Description\":\"ELB api-kops-csp-demo-1-k8s-l-u69ntl\",\"SubnetId\":\"subnet-0981d6560ece89ecb\",\"PrivateDnsName\":\"ip-172-20-74-227.eu-west-2.compute.internal\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-20-74-227.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.74.227\",\"Association\":{\"IpOwnerId\":\"amazon-elb\",\"PublicDnsName\":\"ec2-18-135-158-221.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"18.135.158.221\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Primary\":true}],\"RequesterId\":\"amazon-elb\",\"TagSet\":[],\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"Ipv6Addresses\":[],\"MacAddress\":\"0a:f8:6d:16:3d:fd\",\"DenyAllIgwTraffic\":null,\"Groups\":[{\"GroupId\":\"sg-035d6dc68c125f46b\",\"GroupName\":\"api-elb.kops-csp-demo-1.k8s.local\"}],\"NetworkInterfaceId\":\"eni-0e61bde81b3c31156\",\"PrivateIpAddress\":\"172.20.74.227\",\"Status\":\"in-use\",\"InterfaceType\":\"interface\",\"RequesterManaged\":true,\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"Attachment\":{\"AttachmentId\":\"eni-attach-014119fff04918e98\",\"DeviceIndex\":1,\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-elb\",\"Status\":\"attached\",\"AttachTime\":\"2024-11-18T01:57:01Z\",\"DeleteOnTermination\":false,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0},\"Ipv6Prefixes\":null,\"OutpostArn\":null,\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon-elb\",\"PublicDnsName\":\"ec2-18-135-158-221.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"18.135.158.221\",\"AllocationId\":null},\"AvailabilityZone\":\"eu-west-2b\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0e61bde81b3c31156\",\"eni-0e61bde81b3c31156\"],\"name\":\"eni-0e61bde81b3c31156\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-035d6dc68c125f46b\"],\"subnet_ids\":[\"subnet-0981d6560ece89ecb\"],\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-072b44dd270e0de3d\"],\"subnet_ids\":[\"subnet-1758805b\"],\"vpc_ids\":[\"vpc-7d397e15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0a0a99239302615f6\",\"eni-0a0a99239302615f6\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0a0a99239302615f6\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"tags\":null,\"raw\":{\"network_interface\":{\"VpcId\":\"vpc-7d397e15\",\"Attachment\":{\"Status\":\"attached\",\"AttachTime\":\"2024-08-27T06:39:56Z\",\"AttachmentId\":\"eni-attach-0894858b2accaf0bd\",\"DeleteOnTermination\":true,\"InstanceOwnerId\":\"704479110758\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-045d733c9ddcd3ff3\",\"NetworkCardIndex\":0},\"ConnectionTrackingConfiguration\":null,\"DenyAllIgwTraffic\":null,\"PrivateDnsName\":\"ip-172-31-38-92.eu-west-2.compute.internal\",\"RequesterId\":null,\"Status\":\"in-use\",\"Description\":\"\",\"Ipv6Prefixes\":null,\"AvailabilityZone\":\"eu-west-2b\",\"Ipv6Address\":null,\"PrivateIpAddress\":\"172.31.38.92\",\"SourceDestCheck\":true,\"OutpostArn\":null,\"TagSet\":[],\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"RequesterManaged\":false,\"NetworkInterfaceId\":\"eni-0a0a99239302615f6\",\"OwnerId\":\"704479110758\",\"InterfaceType\":\"interface\",\"Ipv6Native\":null,\"Groups\":[{\"GroupId\":\"sg-072b44dd270e0de3d\",\"GroupName\":\"launch-wizard-3\"}],\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-38-92.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.38.92\"}],\"SubnetId\":\"subnet-1758805b\",\"Association\":null,\"MacAddress\":\"0a:c6:d3:4b:3f:81\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0a0a99239302615f6\",\"eni-0a0a99239302615f6\"],\"name\":\"eni-0a0a99239302615f6\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"network_interface\":{\"Attachment\":{\"AttachmentId\":\"eni-attach-04e2e59ab3fe6a9e3\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"InstanceOwnerId\":\"704479110758\",\"AttachTime\":\"2024-11-19T02:48:00Z\",\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0884cd35ebb13a77a\",\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-0981d6560ece89ecb\",\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-133-26-251.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"18.133.26.251\"},\"AvailabilityZone\":\"eu-west-2b\",\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"Ipv6Native\":null,\"PrivateIpAddresses\":[{\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-133-26-251.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"18.133.26.251\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-93-237.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.93.237\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-67-227.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.67.227\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-65-79.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.65.79\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-91-239.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.91.239\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-77-127.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.77.127\"},{\"PrivateIpAddress\":\"172.20.64.122\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-64-122.eu-west-2.compute.internal\"}],\"ConnectionTrackingConfiguration\":null,\"TagSet\":[{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-0884cd35ebb13a77a\"}],\"NetworkInterfaceId\":\"eni-022064825d1643ca8\",\"Status\":\"in-use\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"SourceDestCheck\":true,\"MacAddress\":\"0a:0b:00:03:1f:2b\",\"RequesterId\":null,\"RequesterManaged\":false,\"Groups\":[{\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\"}],\"PrivateIpAddress\":\"172.20.93.237\",\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"Description\":\"\",\"Ipv6Address\":null,\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-20-93-237.eu-west-2.compute.internal\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-022064825d1643ca8\",\"eni-022064825d1643ca8\"],\"name\":\"eni-022064825d1643ca8\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-05d0d758dfd7b292f\"],\"subnet_ids\":[\"subnet-0981d6560ece89ecb\"],\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-022064825d1643ca8\",\"eni-022064825d1643ca8\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-022064825d1643ca8\":{\"category\":\"infrastructure\",\"type\":\"interface\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-07583ca7fc8f41d75\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"raw\":{\"network_interface\":{\"Association\":null,\"AvailabilityZone\":\"eu-west-2b\",\"DenyAllIgwTraffic\":null,\"SourceDestCheck\":true,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-78-42.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.78.42\"},{\"PrivateDnsName\":\"ip-172-20-74-86.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.74.86\",\"Association\":null,\"Primary\":false},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-93-230.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.93.230\",\"Association\":null},{\"PrivateDnsName\":\"ip-172-20-85-242.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.85.242\",\"Association\":null,\"Primary\":false},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-92-83.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.92.83\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-65-153.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.65.153\",\"Association\":null}],\"Status\":\"in-use\",\"Description\":\"aws-K8S-i-0884cd35ebb13a77a\",\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"RequesterId\":\"AROA2IBR2EZTNEKXT5AC4:i-0884cd35ebb13a77a\",\"SubnetId\":\"subnet-0981d6560ece89ecb\",\"MacAddress\":\"0a:1b:40:06:73:5d\",\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"Groups\":[{\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\",\"GroupId\":\"sg-05d0d758dfd7b292f\"}],\"InterfaceType\":\"interface\",\"NetworkInterfaceId\":\"eni-07583ca7fc8f41d75\",\"OwnerId\":\"704479110758\",\"RequesterManaged\":false,\"PrivateIpAddress\":\"172.20.78.42\",\"TagSet\":[{\"Key\":\"node.k8s.amazonaws.com/createdAt\",\"Value\":\"2024-11-19T02:55:16Z\"},{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-0884cd35ebb13a77a\"}],\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"Attachment\":{\"NetworkCardIndex\":0,\"AttachmentId\":\"eni-attach-032cc243e3af579b4\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"InstanceId\":\"i-0884cd35ebb13a77a\",\"AttachTime\":\"2024-11-19T02:55:18Z\",\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\"},\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-20-78-42.eu-west-2.compute.internal\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-07583ca7fc8f41d75\",\"eni-07583ca7fc8f41d75\"],\"name\":\"eni-07583ca7fc8f41d75\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-05d0d758dfd7b292f\"],\"subnet_ids\":[\"subnet-0981d6560ece89ecb\"],\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-07583ca7fc8f41d75\",\"eni-07583ca7fc8f41d75\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-1758805b\"],\"vpc_ids\":[\"vpc-7d397e15\"],\"security_group_ids\":[\"sg-b9e903db\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-04e4b3dc48597a1f1\",\"eni-04e4b3dc48597a1f1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-04e4b3dc48597a1f1\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"DenyAllIgwTraffic\":true,\"Groups\":[{\"GroupId\":\"sg-b9e903db\",\"GroupName\":\"default\"}],\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"Association\":null,\"RequesterId\":\"amazon-rds\",\"Ipv6Prefixes\":null,\"Ipv6Address\":null,\"MacAddress\":\"0a:58:73:05:f2:cc\",\"SourceDestCheck\":true,\"OwnerId\":\"704479110758\",\"ConnectionTrackingConfiguration\":null,\"TagSet\":[],\"Attachment\":{\"NetworkCardIndex\":0,\"AttachTime\":\"2023-06-04T07:53:18Z\",\"AttachmentId\":\"eni-attach-06a234ec9b0bfa02a\",\"InstanceOwnerId\":\"amazon-rds\",\"InstanceId\":null,\"Status\":\"attached\",\"DeleteOnTermination\":false,\"DeviceIndex\":1,\"EnaSrdSpecification\":null},\"AvailabilityZone\":\"eu-west-2b\",\"PrivateIpAddress\":\"172.31.44.134\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-44-134.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.44.134\"}],\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-31-44-134.eu-west-2.compute.internal\",\"VpcId\":\"vpc-7d397e15\",\"Description\":\"RDSNetworkInterface\",\"NetworkInterfaceId\":\"eni-04e4b3dc48597a1f1\",\"Status\":\"in-use\",\"Ipv4Prefixes\":null,\"RequesterManaged\":true,\"SubnetId\":\"subnet-1758805b\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-04e4b3dc48597a1f1\",\"eni-04e4b3dc48597a1f1\"],\"name\":\"eni-04e4b3dc48597a1f1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0d78bda7dc610d3d5\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0d78bda7dc610d3d5\",\"eni-0d78bda7dc610d3d5\"],\"name\":\"eni-0d78bda7dc610d3d5\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"RequesterId\":null,\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-170-52-160.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"18.170.52.160\",\"AllocationId\":null,\"AssociationId\":null},\"AvailabilityZone\":\"eu-west-2a\",\"Ipv4Prefixes\":null,\"DenyAllIgwTraffic\":null,\"Ipv6Addresses\":[],\"MacAddress\":\"06:a5:27:e2:7c:33\",\"Groups\":[{\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\"}],\"Ipv6Native\":null,\"TagSet\":[{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-0d892c25b0d403994\"},{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"kops-csp-demo-1.k8s.local\"}],\"Description\":\"\",\"PrivateDnsName\":\"ip-172-20-48-26.eu-west-2.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-170-52-160.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"18.170.52.160\",\"AllocationId\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-48-26.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.48.26\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-55-165.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.55.165\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-42-150.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.42.150\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-42-160.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.42.160\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-40-115.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.40.115\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-46-147.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.46.147\"}],\"Ipv6Address\":null,\"OutpostArn\":null,\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"RequesterManaged\":false,\"SourceDestCheck\":true,\"SubnetId\":\"subnet-0b301a436d259a430\",\"InterfaceType\":\"interface\",\"OwnerId\":\"704479110758\",\"Ipv6Prefixes\":null,\"Attachment\":{\"AttachTime\":\"2024-11-19T02:46:54Z\",\"AttachmentId\":\"eni-attach-05c5adbaf03044910\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0d892c25b0d403994\",\"InstanceOwnerId\":\"704479110758\"},\"ConnectionTrackingConfiguration\":null,\"PrivateIpAddress\":\"172.20.48.26\",\"Status\":\"in-use\",\"NetworkInterfaceId\":\"eni-0d78bda7dc610d3d5\"}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"security_group_ids\":[\"sg-05d0d758dfd7b292f\"],\"subnet_ids\":[\"subnet-0b301a436d259a430\"],\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0d78bda7dc610d3d5\",\"eni-0d78bda7dc610d3d5\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-00ed536c2237fad49\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"PrivateIpAddress\":\"172.31.20.255\",\"Attachment\":{\"AttachTime\":\"2023-03-22T13:20:54Z\",\"InstanceId\":null,\"NetworkCardIndex\":0,\"InstanceOwnerId\":\"amazon-rds\",\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-003d42802a415337a\",\"DeleteOnTermination\":false,\"DeviceIndex\":1,\"EnaSrdSpecification\":null},\"Description\":\"RDSNetworkInterface\",\"Ipv6Prefixes\":null,\"RequesterId\":\"amazon-rds\",\"SubnetId\":\"subnet-44ef7a3e\",\"Association\":null,\"Ipv6Address\":null,\"PrivateDnsName\":\"ip-172-31-20-255.eu-west-2.compute.internal\",\"DenyAllIgwTraffic\":true,\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"Status\":\"in-use\",\"VpcId\":\"vpc-7d397e15\",\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-b9e903db\",\"GroupName\":\"default\"}],\"AvailabilityZone\":\"eu-west-2a\",\"Ipv6Native\":null,\"SourceDestCheck\":true,\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-00ed536c2237fad49\",\"InterfaceType\":\"interface\",\"OutpostArn\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-20-255.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.20.255\"}],\"TagSet\":[],\"MacAddress\":\"06:40:5d:f1:b7:70\",\"RequesterManaged\":true}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-00ed536c2237fad49\",\"eni-00ed536c2237fad49\"],\"name\":\"eni-00ed536c2237fad49\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-b9e903db\"],\"subnet_ids\":[\"subnet-44ef7a3e\"],\"vpc_ids\":[\"vpc-7d397e15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-00ed536c2237fad49\",\"eni-00ed536c2237fad49\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0f8299b07708c9213\",\"eni-0f8299b07708c9213\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0f8299b07708c9213\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"name\":\"eni-0f8299b07708c9213\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Prefixes\":null,\"MacAddress\":\"06:b1:0c:3b:48:db\",\"SubnetId\":\"subnet-0b301a436d259a430\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Address\":null,\"SourceDestCheck\":true,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-63-68.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.63.68\",\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon-elb\",\"PublicDnsName\":\"ec2-13-43-9-186.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"13.43.9.186\"}}],\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"OwnerId\":\"704479110758\",\"NetworkInterfaceId\":\"eni-0f8299b07708c9213\",\"Status\":\"in-use\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon-elb\",\"PublicDnsName\":\"ec2-13-43-9-186.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"13.43.9.186\",\"AllocationId\":null,\"AssociationId\":null},\"Groups\":[{\"GroupName\":\"api-elb.kops-csp-demo-1.k8s.local\",\"GroupId\":\"sg-035d6dc68c125f46b\"}],\"Ipv6Native\":null,\"RequesterManaged\":true,\"Description\":\"ELB api-kops-csp-demo-1-k8s-l-u69ntl\",\"Ipv4Prefixes\":null,\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-20-63-68.eu-west-2.compute.internal\",\"RequesterId\":\"amazon-elb\",\"Attachment\":{\"Status\":\"attached\",\"EnaSrdSpecification\":null,\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-elb\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-11-10T09:14:07Z\",\"AttachmentId\":\"eni-attach-0f964a0dcb9dbe9d1\",\"DeleteOnTermination\":false,\"DeviceIndex\":1},\"AvailabilityZone\":\"eu-west-2a\",\"PrivateIpAddress\":\"172.20.63.68\",\"TagSet\":[],\"VpcId\":\"vpc-058b21b3bf0f435b0\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0f8299b07708c9213\",\"eni-0f8299b07708c9213\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"network\":{\"security_group_ids\":[\"sg-035d6dc68c125f46b\"],\"subnet_ids\":[\"subnet-0b301a436d259a430\"],\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-09b6853f92583d159\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Association\":null,\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"RequesterManaged\":false,\"DenyAllIgwTraffic\":null,\"PrivateIpAddress\":\"172.20.41.142\",\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"InstanceId\":\"i-0d259bbd0f15a22de\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-11-19T02:53:08Z\",\"AttachmentId\":\"eni-attach-0eab0a8c1c99e67c9\",\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\"},\"AvailabilityZone\":\"eu-west-2a\",\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-172-20-41-142.eu-west-2.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-41-142.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.41.142\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-40-70.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.40.70\"},{\"PrivateIpAddress\":\"172.20.34.174\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-34-174.eu-west-2.compute.internal\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-44-169.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.44.169\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-50-41.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.50.41\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-34-202.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.34.202\"}],\"TagSet\":[{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-0d259bbd0f15a22de\"},{\"Value\":\"2024-11-19T02:53:06Z\",\"Key\":\"node.k8s.amazonaws.com/createdAt\"}],\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"Groups\":[{\"GroupId\":\"sg-01d2bb676d927f227\",\"GroupName\":\"masters.kops-csp-demo-1.k8s.local\"}],\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"MacAddress\":\"06:d6:14:d9:ce:6f\",\"OutpostArn\":null,\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Description\":\"aws-K8S-i-0d259bbd0f15a22de\",\"InterfaceType\":\"interface\",\"RequesterId\":\"AROA2IBR2EZTENCWEX5TH:i-0d259bbd0f15a22de\",\"NetworkInterfaceId\":\"eni-09b6853f92583d159\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Native\":null,\"SubnetId\":\"subnet-0b301a436d259a430\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-09b6853f92583d159\",\"eni-09b6853f92583d159\"],\"name\":\"eni-09b6853f92583d159\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"security_group_ids\":[\"sg-01d2bb676d927f227\"],\"subnet_ids\":[\"subnet-0b301a436d259a430\"],\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-09b6853f92583d159\",\"eni-09b6853f92583d159\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-08b6cccf1cbd56e16\",\"eni-08b6cccf1cbd56e16\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-08b6cccf1cbd56e16\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"tags\":null,\"raw\":{\"network_interface\":{\"ConnectionTrackingConfiguration\":null,\"Ipv6Prefixes\":null,\"TagSet\":[{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-0d892c25b0d403994\"},{\"Key\":\"node.k8s.amazonaws.com/createdAt\",\"Value\":\"2024-11-19T02:55:12Z\"},{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"kops-csp-demo-1.k8s.local\"}],\"Association\":null,\"Attachment\":{\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0d892c25b0d403994\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-11-19T02:55:13Z\",\"AttachmentId\":\"eni-attach-0563cd0f0413a2686\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\"},\"AvailabilityZone\":\"eu-west-2a\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Description\":\"aws-K8S-i-0d892c25b0d403994\",\"Groups\":[{\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\"}],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-48-45.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.48.45\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-56-210.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.56.210\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-57-221.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.57.221\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-48-141.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.48.141\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-56-30.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.56.30\"},{\"PrivateIpAddress\":\"172.20.45.139\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-45-139.eu-west-2.compute.internal\"}],\"InterfaceType\":\"interface\",\"PrivateIpAddress\":\"172.20.48.45\",\"RequesterManaged\":false,\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"DenyAllIgwTraffic\":null,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-0b301a436d259a430\",\"Ipv4Prefixes\":null,\"MacAddress\":\"06:84:27:a6:2f:d1\",\"PrivateDnsName\":\"ip-172-20-48-45.eu-west-2.compute.internal\",\"RequesterId\":\"AROA2IBR2EZTNEKXT5AC4:i-0d892c25b0d403994\",\"NetworkInterfaceId\":\"eni-08b6cccf1cbd56e16\",\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"Ipv6Native\":null}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-08b6cccf1cbd56e16\",\"eni-08b6cccf1cbd56e16\"],\"name\":\"eni-08b6cccf1cbd56e16\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\"},\"cloud\":{\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"subnet_ids\":[\"subnet-0b301a436d259a430\"],\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"],\"security_group_ids\":[\"sg-05d0d758dfd7b292f\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"security_group_ids\":[\"sg-01d2bb676d927f227\"],\"subnet_ids\":[\"subnet-0b301a436d259a430\"],\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0182617c03d70dca1\",\"eni-0182617c03d70dca1\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0182617c03d70dca1\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"name\":\"eni-0182617c03d70dca1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"TagSet\":[{\"Value\":\"kops-csp-demo-1.k8s.local\",\"Key\":\"cluster.k8s.amazonaws.com/name\"},{\"Value\":\"i-0d259bbd0f15a22de\",\"Key\":\"node.k8s.amazonaws.com/instance_id\"}],\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T02:48:14Z\",\"AttachmentId\":\"eni-attach-0903b09037b891763\",\"DeviceIndex\":0,\"InstanceOwnerId\":\"704479110758\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0d259bbd0f15a22de\"},\"PrivateIpAddresses\":[{\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-13-40-178-88.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"13.40.178.88\",\"AllocationId\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-20-63-57.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.63.57\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-36-116.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.36.116\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-56-37.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.56.37\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-51-230.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.51.230\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-20-63-168.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.63.168\"},{\"PrivateDnsName\":\"ip-172-20-47-218.eu-west-2.compute.internal\",\"PrivateIpAddress\":\"172.20.47.218\",\"Association\":null,\"Primary\":false}],\"Status\":\"in-use\",\"Description\":\"\",\"Ipv4Prefixes\":null,\"RequesterId\":null,\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-13-40-178-88.eu-west-2.compute.amazonaws.com\",\"PublicIp\":\"13.40.178.88\",\"AllocationId\":null},\"Ipv6Addresses\":[],\"SourceDestCheck\":true,\"DenyAllIgwTraffic\":null,\"Groups\":[{\"GroupName\":\"masters.kops-csp-demo-1.k8s.local\",\"GroupId\":\"sg-01d2bb676d927f227\"}],\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"eu-west-2a\",\"Ipv6Prefixes\":null,\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"Ipv6Address\":null,\"PrivateIpAddress\":\"172.20.63.57\",\"RequesterManaged\":false,\"PrivateDnsName\":\"ip-172-20-63-57.eu-west-2.compute.internal\",\"SubnetId\":\"subnet-0b301a436d259a430\",\"Ipv6Native\":null,\"MacAddress\":\"06:48:c1:04:dc:49\",\"NetworkInterfaceId\":\"eni-0182617c03d70dca1\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:network-interface/eni-0182617c03d70dca1\",\"eni-0182617c03d70dca1\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:network-interface/eni-02fafcadfda865b02\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Description\":\"\",\"Ipv6Native\":null,\"Status\":\"in-use\",\"TagSet\":[],\"AvailabilityZone\":\"us-east-2c\",\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-39-18.us-east-2.compute.internal\",\"RequesterManaged\":false,\"SourceDestCheck\":true,\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-08812229e4b69a671\",\"DeleteOnTermination\":true,\"InstanceId\":\"i-0d48ded84bbf8336e\",\"AttachTime\":\"2024-04-03T06:00:22Z\"},\"DenyAllIgwTraffic\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-39-18.us-east-2.compute.internal\",\"PrivateIpAddress\":\"172.31.39.18\"}],\"SubnetId\":\"subnet-350c8679\",\"VpcId\":\"vpc-0fa96564\",\"Association\":null,\"Groups\":[{\"GroupId\":\"sg-0a5d61e413291b5bd\",\"GroupName\":\"launch-wizard-15\"}],\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"OwnerId\":\"704479110758\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.39.18\",\"OutpostArn\":null,\"RequesterId\":null,\"InterfaceType\":\"interface\",\"MacAddress\":\"0a:1a:f8:1c:86:25\",\"NetworkInterfaceId\":\"eni-02fafcadfda865b02\"}},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:network-interface/eni-02fafcadfda865b02\",\"eni-02fafcadfda865b02\"],\"name\":\"eni-02fafcadfda865b02\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-0a5d61e413291b5bd\"],\"subnet_ids\":[\"subnet-350c8679\"],\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:network-interface/eni-02fafcadfda865b02\",\"eni-02fafcadfda865b02\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:network-interface/eni-0e6b226dda67c9576\",\"eni-0e6b226dda67c9576\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:network-interface/eni-0e6b226dda67c9576\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Groups\":[{\"GroupName\":\"elastic-agent-security-group-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\",\"GroupId\":\"sg-03749ee20e5e0bffe\"}],\"InterfaceType\":\"interface\",\"OutpostArn\":null,\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-1-113.us-east-2.compute.internal\",\"PrivateIpAddress\":\"172.31.1.113\"}],\"Description\":\"\",\"RequesterManaged\":false,\"Association\":null,\"Attachment\":{\"AttachmentId\":\"eni-attach-036fc4bd83a02048a\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-05ec629ae509d33af\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-10-25T08:40:16Z\",\"Status\":\"attached\"},\"Ipv4Prefixes\":null,\"Status\":\"in-use\",\"SubnetId\":\"subnet-76e81c1d\",\"VpcId\":\"vpc-0fa96564\",\"AvailabilityZone\":\"us-east-2a\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.31.1.113\",\"SourceDestCheck\":true,\"MacAddress\":\"02:3b:63:38:55:a5\",\"NetworkInterfaceId\":\"eni-0e6b226dda67c9576\",\"PrivateDnsName\":\"ip-172-31-1-113.us-east-2.compute.internal\",\"TagSet\":[],\"Ipv6Native\":null,\"RequesterId\":null,\"DenyAllIgwTraffic\":null,\"Ipv6Address\":null}},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:network-interface/eni-0e6b226dda67c9576\",\"eni-0e6b226dda67c9576\"],\"name\":\"eni-0e6b226dda67c9576\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-03749ee20e5e0bffe\"],\"subnet_ids\":[\"subnet-76e81c1d\"],\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"name\":\"eni-0a26d91f6e522f3af\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Groups\":[{\"GroupId\":\"sg-089f6d7234f7b5f61\",\"GroupName\":\"launch-wizard-16\"}],\"SubnetId\":\"subnet-76e81c1d\",\"Description\":\"\",\"Association\":{\"PublicIp\":\"18.225.234.77\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-225-234-77.us-east-2.compute.amazonaws.com\"},\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"PrivateIpAddresses\":[{\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-225-234-77.us-east-2.compute.amazonaws.com\",\"PublicIp\":\"18.225.234.77\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-13-238.us-east-2.compute.internal\",\"PrivateIpAddress\":\"172.31.13.238\"}],\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"MacAddress\":\"02:ed:8d:6c:6b:73\",\"Ipv6Address\":null,\"NetworkInterfaceId\":\"eni-0a26d91f6e522f3af\",\"TagSet\":[],\"AvailabilityZone\":\"us-east-2a\",\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"OutpostArn\":null,\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Attachment\":{\"AttachTime\":\"2024-04-03T10:37:10Z\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-024c66a3f7c66847b\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"AttachmentId\":\"eni-attach-09a9cb6e4178955e5\",\"DeviceIndex\":0,\"Status\":\"attached\"},\"PrivateDnsName\":\"ip-172-31-13-238.us-east-2.compute.internal\",\"RequesterId\":null,\"RequesterManaged\":false,\"VpcId\":\"vpc-0fa96564\",\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"172.31.13.238\"}},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:network-interface/eni-0a26d91f6e522f3af\",\"eni-0a26d91f6e522f3af\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-76e81c1d\"],\"vpc_ids\":[\"vpc-0fa96564\"],\"security_group_ids\":[\"sg-089f6d7234f7b5f61\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:network-interface/eni-0a26d91f6e522f3af\",\"eni-0a26d91f6e522f3af\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:network-interface/eni-0a26d91f6e522f3af\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"security_group_ids\":[\"sg-0133ee02b1d6a0bd0\",\"sg-081a33d48a4a9086f\",\"sg-068c07cd665c64b73\"],\"subnet_ids\":[\"subnet-0f5599e2c5f7309f8\"],\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-059aff8a4deda93b7\",\"eni-059aff8a4deda93b7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-059aff8a4deda93b7\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"raw\":{\"network_interface\":{\"Attachment\":{\"AttachTime\":\"2023-11-23T18:05:59Z\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-04e8b024776872d48\",\"InstanceId\":\"i-01b2e7e7d0402b64f\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"Description\":\"\",\"NetworkInterfaceId\":\"eni-059aff8a4deda93b7\",\"Groups\":[{\"GroupName\":\"long-running-project_120231123175751595700000004\",\"GroupId\":\"sg-0133ee02b1d6a0bd0\"},{\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":\"long-running-project-node-20231123175752373900000007\"},{\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\"}],\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-3-53.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.53\"},{\"PrivateIpAddress\":\"10.0.3.33\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-33.eu-west-1.compute.internal\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-136.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.136\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-74.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.74\"}],\"ConnectionTrackingConfiguration\":null,\"Ipv6Native\":null,\"MacAddress\":\"0a:a3:29:62:47:b5\",\"SourceDestCheck\":true,\"TagSet\":[{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-01b2e7e7d0402b64f\"}],\"Association\":null,\"AvailabilityZone\":\"eu-west-1c\",\"DenyAllIgwTraffic\":null,\"OutpostArn\":null,\"PrivateDnsName\":\"ip-10-0-3-53.eu-west-1.compute.internal\",\"RequesterManaged\":false,\"Status\":\"in-use\",\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"10.0.3.53\",\"RequesterId\":null,\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"SubnetId\":\"subnet-0f5599e2c5f7309f8\",\"VpcId\":\"vpc-096d5aaf84103883c\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-059aff8a4deda93b7\",\"eni-059aff8a4deda93b7\"],\"name\":\"eni-059aff8a4deda93b7\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"network_interface\":{\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"MacAddress\":\"0a:17:65:31:cd:f1\",\"RequesterId\":null,\"Ipv6Addresses\":[],\"OutpostArn\":null,\"PrivateIpAddress\":\"10.0.3.145\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-3-145.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.145\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-98.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.98\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-111.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.111\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-3-79.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.79\"}],\"Status\":\"in-use\",\"Description\":\"\",\"Attachment\":{\"AttachmentId\":\"eni-attach-077e4d1e1aaa37390\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0f66f649acf0435fc\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-08-26T17:07:13Z\",\"DeviceIndex\":0,\"Status\":\"attached\"},\"Groups\":[{\"GroupId\":\"sg-0054cc356c3f84c21\",\"GroupName\":\"benchmark-rules_120240530133039418700000004\"},{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":\"benchmark-rules-node-20240530133041754900000006\"},{\"GroupId\":\"sg-06db863f6566691fb\",\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\"}],\"Ipv6Address\":null,\"Ipv6Native\":null,\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"eu-west-1c\",\"TagSet\":[{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"benchmark-rules\"},{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-0f66f649acf0435fc\"}],\"SourceDestCheck\":true,\"Ipv6Prefixes\":null,\"InterfaceType\":\"interface\",\"PrivateDnsName\":\"ip-10-0-3-145.eu-west-1.compute.internal\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"DenyAllIgwTraffic\":null,\"NetworkInterfaceId\":\"eni-04865c70e3aaa7d1b\",\"RequesterManaged\":false,\"SubnetId\":\"subnet-0581305834edb5054\",\"Association\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-04865c70e3aaa7d1b\",\"eni-04865c70e3aaa7d1b\"],\"name\":\"eni-04865c70e3aaa7d1b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-0054cc356c3f84c21\",\"sg-03b969e6a0eb74e43\",\"sg-06db863f6566691fb\"],\"subnet_ids\":[\"subnet-0581305834edb5054\"],\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-04865c70e3aaa7d1b\",\"eni-04865c70e3aaa7d1b\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-04865c70e3aaa7d1b\":{\"category\":\"infrastructure\",\"type\":\"interface\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"subnet_ids\":[\"subnet-7a841e20\"],\"vpc_ids\":[\"vpc-6cb55a15\"],\"security_group_ids\":[\"sg-00abde86f10b1c9d6\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-014c7fa8b7d658c70\",\"eni-014c7fa8b7d658c70\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-014c7fa8b7d658c70\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.34.165\",\"Ipv6Native\":null,\"PrivateDnsName\":\"ip-172-31-34-165.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-108-129-89-148.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"108.129.89.148\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-34-165.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.34.165\"}],\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Attachment\":{\"Status\":\"attached\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"InstanceId\":\"i-08cd19f740140dacd\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-11-19T12:51:49Z\",\"AttachmentId\":\"eni-attach-0a07081ac38455ac9\",\"DeleteOnTermination\":true},\"Groups\":[{\"GroupName\":\"terraform-20241119125144311500000001\",\"GroupId\":\"sg-00abde86f10b1c9d6\"}],\"NetworkInterfaceId\":\"eni-014c7fa8b7d658c70\",\"RequesterManaged\":false,\"RequesterId\":null,\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-108-129-89-148.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"108.129.89.148\",\"AllocationId\":null,\"AssociationId\":null},\"AvailabilityZone\":\"eu-west-1c\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Ipv6Address\":null,\"MacAddress\":\"0a:59:a9:40:a6:d9\",\"SubnetId\":\"subnet-7a841e20\",\"TagSet\":[],\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-014c7fa8b7d658c70\",\"eni-014c7fa8b7d658c70\"],\"name\":\"eni-014c7fa8b7d658c70\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-7a841e20\"],\"vpc_ids\":[\"vpc-6cb55a15\"],\"security_group_ids\":[\"sg-0a509074669fdd389\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0566ef03d13288414\",\"eni-0566ef03d13288414\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0566ef03d13288414\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"raw\":{\"network_interface\":{\"SourceDestCheck\":true,\"SubnetId\":\"subnet-7a841e20\",\"AvailabilityZone\":\"eu-west-1c\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Ipv6Native\":null,\"OutpostArn\":null,\"RequesterManaged\":false,\"VpcId\":\"vpc-6cb55a15\",\"Status\":\"in-use\",\"Groups\":[{\"GroupId\":\"sg-0a509074669fdd389\",\"GroupName\":\"terraform-20241119125144329800000003\"}],\"PrivateDnsName\":\"ip-172-31-33-4.eu-west-1.compute.internal\",\"Attachment\":{\"AttachmentId\":\"eni-attach-0153d15e07dcc0289\",\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"AttachTime\":\"2024-11-19T12:51:49Z\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"InstanceId\":\"i-0e6ab35860ed09391\",\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"InterfaceType\":\"interface\",\"TagSet\":[],\"Ipv6Address\":null,\"MacAddress\":\"0a:51:31:6a:0f:fb\",\"PrivateIpAddress\":\"172.31.33.4\",\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-0566ef03d13288414\",\"DenyAllIgwTraffic\":null,\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-33-4.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.33.4\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-246-215-38.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.246.215.38\",\"AllocationId\":null,\"AssociationId\":null}}],\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-246-215-38.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.246.215.38\"},\"RequesterId\":null,\"Ipv4Prefixes\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0566ef03d13288414\",\"eni-0566ef03d13288414\"],\"name\":\"eni-0566ef03d13288414\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"PrivateIpAddresses\":[{\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-250-48-170.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.250.48.170\",\"AllocationId\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-37-188.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.37.188\"}],\"InterfaceType\":\"interface\",\"DenyAllIgwTraffic\":null,\"Description\":\"\",\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"OutpostArn\":null,\"RequesterId\":null,\"AvailabilityZone\":\"eu-west-1c\",\"Status\":\"in-use\",\"SubnetId\":\"subnet-7a841e20\",\"MacAddress\":\"0a:16:1c:53:da:5d\",\"RequesterManaged\":false,\"Groups\":[{\"GroupId\":\"sg-03c9611c5f2246742\",\"GroupName\":\"terraform-20231123175739667200000001\"}],\"ConnectionTrackingConfiguration\":null,\"PrivateIpAddress\":\"172.31.37.188\",\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-250-48-170.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.250.48.170\"},\"SourceDestCheck\":true,\"PrivateDnsName\":\"ip-172-31-37-188.eu-west-1.compute.internal\",\"TagSet\":[],\"VpcId\":\"vpc-6cb55a15\",\"Attachment\":{\"NetworkCardIndex\":0,\"AttachTime\":\"2023-11-23T17:57:43Z\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"AttachmentId\":\"eni-attach-03747323a5e145718\",\"DeleteOnTermination\":true,\"InstanceId\":\"i-036d87e237e8179bb\",\"Status\":\"attached\"},\"NetworkInterfaceId\":\"eni-05fe4579d2d8609eb\",\"Ipv4Prefixes\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-05fe4579d2d8609eb\",\"eni-05fe4579d2d8609eb\"],\"name\":\"eni-05fe4579d2d8609eb\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-03c9611c5f2246742\"],\"subnet_ids\":[\"subnet-7a841e20\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-05fe4579d2d8609eb\",\"eni-05fe4579d2d8609eb\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-05fe4579d2d8609eb\":{\"type\":\"interface\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"security_group_ids\":[\"sg-09e20af82b07b134a\"],\"subnet_ids\":[\"subnet-7a841e20\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0cdc24e02f8882c12\",\"eni-0cdc24e02f8882c12\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0cdc24e02f8882c12\":{\"type\":\"interface\",\"category\":\"infrastructure\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"MacAddress\":\"0a:a2:64:ac:66:0b\",\"OwnerId\":\"704479110758\",\"Ipv6Addresses\":[],\"OutpostArn\":null,\"RequesterManaged\":false,\"Status\":\"in-use\",\"VpcId\":\"vpc-6cb55a15\",\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-176-34-66-193.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"176.34.66.193\",\"AllocationId\":null},\"Groups\":[{\"GroupName\":\"terraform-20241119125144321500000002\",\"GroupId\":\"sg-09e20af82b07b134a\"}],\"Ipv6Address\":null,\"Attachment\":{\"DeviceIndex\":0,\"Status\":\"attached\",\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0c0221e9384b6c064\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-11-19T12:51:49Z\",\"AttachmentId\":\"eni-attach-0603dd1db2814b714\",\"DeleteOnTermination\":true},\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"SubnetId\":\"subnet-7a841e20\",\"PrivateIpAddress\":\"172.31.37.71\",\"RequesterId\":null,\"TagSet\":[],\"Description\":\"\",\"Ipv4Prefixes\":null,\"AvailabilityZone\":\"eu-west-1c\",\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-37-71.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-176-34-66-193.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"176.34.66.193\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-37-71.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.37.71\"}],\"ConnectionTrackingConfiguration\":null,\"NetworkInterfaceId\":\"eni-0cdc24e02f8882c12\",\"SourceDestCheck\":true}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0cdc24e02f8882c12\",\"eni-0cdc24e02f8882c12\"],\"name\":\"eni-0cdc24e02f8882c12\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"OutpostArn\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-3-252.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.3.252\"}],\"Description\":\"Amazon EKS benchmark-rules\",\"Ipv6Native\":null,\"NetworkInterfaceId\":\"eni-0a2f6c2a265b44f5f\",\"PrivateDnsName\":\"ip-10-0-3-252.eu-west-1.compute.internal\",\"SubnetId\":\"subnet-0581305834edb5054\",\"Groups\":[{\"GroupId\":\"sg-06c15b89b2816c94b\",\"GroupName\":\"benchmark-rules-cluster-20240530133042015600000007\"},{\"GroupId\":\"sg-06db863f6566691fb\",\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\"}],\"OwnerId\":\"704479110758\",\"RequesterManaged\":true,\"SourceDestCheck\":true,\"AvailabilityZone\":\"eu-west-1c\",\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"MacAddress\":\"0a:cb:33:ac:c7:b1\",\"Association\":null,\"TagSet\":[],\"Status\":\"in-use\",\"PrivateIpAddress\":\"10.0.3.252\",\"ConnectionTrackingConfiguration\":null,\"VpcId\":\"vpc-00103fb710b9960ab\",\"Attachment\":{\"AttachmentId\":\"eni-attach-0d0b50becd0cc0d71\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":null,\"InstanceOwnerId\":\"424995565255\",\"AttachTime\":\"2024-11-17T20:04:23Z\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"DeviceIndex\":1},\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"RequesterId\":\"424995565255\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a2f6c2a265b44f5f\",\"eni-0a2f6c2a265b44f5f\"],\"name\":\"eni-0a2f6c2a265b44f5f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-06c15b89b2816c94b\",\"sg-06db863f6566691fb\"],\"subnet_ids\":[\"subnet-0581305834edb5054\"],\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a2f6c2a265b44f5f\",\"eni-0a2f6c2a265b44f5f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a2f6c2a265b44f5f\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-035b5fb965d5898ca\"],\"subnet_ids\":[\"subnet-7a841e20\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f427030258c5d4e4\",\"eni-0f427030258c5d4e4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f427030258c5d4e4\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"AvailabilityZone\":\"eu-west-1c\",\"InterfaceType\":\"interface\",\"NetworkInterfaceId\":\"eni-0f427030258c5d4e4\",\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:72:e2:a8:83:79\",\"PrivateDnsName\":\"ip-172-31-33-118.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-194-151-202.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.194.151.202\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-33-118.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.33.118\"}],\"Groups\":[{\"GroupId\":\"sg-035b5fb965d5898ca\",\"GroupName\":\"terraform-20231224143753222900000001\"}],\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"Status\":\"in-use\",\"VpcId\":\"vpc-6cb55a15\",\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"RequesterId\":null,\"RequesterManaged\":false,\"DenyAllIgwTraffic\":null,\"SourceDestCheck\":true,\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-194-151-202.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.194.151.202\"},\"Description\":\"\",\"Attachment\":{\"AttachTime\":\"2023-12-24T14:37:57Z\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0d5476420687cb48f\",\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-0e8c7af791140b646\",\"DeleteOnTermination\":true,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"TagSet\":[],\"SubnetId\":\"subnet-7a841e20\",\"ConnectionTrackingConfiguration\":null,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"172.31.33.118\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f427030258c5d4e4\",\"eni-0f427030258c5d4e4\"],\"name\":\"eni-0f427030258c5d4e4\",\"category\":\"infrastructure\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"OutpostArn\":null,\"PrivateIpAddress\":\"172.31.43.140\",\"PrivateDnsName\":\"ip-172-31-43-140.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-43-140.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.43.140\"}],\"RequesterId\":null,\"SourceDestCheck\":true,\"SubnetId\":\"subnet-7a841e20\",\"AvailabilityZone\":\"eu-west-1c\",\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"RequesterManaged\":false,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"Groups\":[{\"GroupName\":\"launch-wizard-128\",\"GroupId\":\"sg-0ce799a71053a4f57\"}],\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"Status\":\"in-use\",\"InterfaceType\":\"interface\",\"MacAddress\":\"0a:d8:bb:66:9e:09\",\"Association\":null,\"ConnectionTrackingConfiguration\":null,\"DenyAllIgwTraffic\":null,\"Description\":\"\",\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-08T09:25:21Z\",\"AttachmentId\":\"eni-attach-0396f97987ebbf332\",\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0f0c12913e5ec23fc\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"NetworkInterfaceId\":\"eni-08e2b381007a3464b\",\"TagSet\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-08e2b381007a3464b\",\"eni-08e2b381007a3464b\"],\"name\":\"eni-08e2b381007a3464b\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"subnet_ids\":[\"subnet-7a841e20\"],\"vpc_ids\":[\"vpc-6cb55a15\"],\"security_group_ids\":[\"sg-0ce799a71053a4f57\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-08e2b381007a3464b\",\"eni-08e2b381007a3464b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-08e2b381007a3464b\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"security_group_ids\":[\"sg-042e11fb278c04b0d\"],\"subnet_ids\":[\"subnet-7a841e20\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-05f7267e0e66860f2\",\"eni-05f7267e0e66860f2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-05f7267e0e66860f2\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"NetworkInterfaceId\":\"eni-05f7267e0e66860f2\",\"SourceDestCheck\":true,\"Ipv6Address\":null,\"Ipv6Native\":null,\"PrivateIpAddress\":\"172.31.44.8\",\"Status\":\"in-use\",\"Description\":\"\",\"Groups\":[{\"GroupName\":\"launch-wizard-121\",\"GroupId\":\"sg-042e11fb278c04b0d\"}],\"Attachment\":{\"AttachTime\":\"2024-08-19T11:12:18Z\",\"AttachmentId\":\"eni-attach-005e3c4bfb2984333\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0b6c2778e229d94ac\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"DeleteOnTermination\":true},\"Association\":null,\"VpcId\":\"vpc-6cb55a15\",\"PrivateDnsName\":\"ip-172-31-44-8.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-44-8.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.44.8\"}],\"TagSet\":[],\"DenyAllIgwTraffic\":null,\"OwnerId\":\"704479110758\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"OutpostArn\":null,\"RequesterManaged\":false,\"InterfaceType\":\"interface\",\"RequesterId\":null,\"AvailabilityZone\":\"eu-west-1c\",\"MacAddress\":\"0a:28:ba:b0:8a:a3\",\"SubnetId\":\"subnet-7a841e20\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Prefixes\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-05f7267e0e66860f2\",\"eni-05f7267e0e66860f2\"],\"name\":\"eni-05f7267e0e66860f2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"security_group_ids\":[\"sg-03a24bd4d64b64828\"],\"subnet_ids\":[\"subnet-7a841e20\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-073fec66ce83b9610\",\"eni-073fec66ce83b9610\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-073fec66ce83b9610\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"name\":\"eni-073fec66ce83b9610\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-32-13.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"OutpostArn\":null,\"PrivateIpAddress\":\"172.31.32.13\",\"PrivateIpAddresses\":[{\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-247-216-208.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.247.216.208\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-32-13.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.32.13\"}],\"Attachment\":{\"AttachmentId\":\"eni-attach-07b1fe8cd5d1bf984\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"Status\":\"attached\",\"AttachTime\":\"2024-06-12T09:40:51Z\",\"DeviceIndex\":0,\"InstanceId\":\"i-0e3fa032d327a0529\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"InterfaceType\":\"interface\",\"RequesterId\":null,\"Status\":\"in-use\",\"DenyAllIgwTraffic\":null,\"Groups\":[{\"GroupId\":\"sg-03a24bd4d64b64828\",\"GroupName\":\"elastic-agent-security-group-c82a6f30-289f-11ef-bea0-0650f5ad54ed\"}],\"Ipv6Native\":null,\"MacAddress\":\"0a:0d:10:3e:55:f7\",\"TagSet\":[],\"SubnetId\":\"subnet-7a841e20\",\"AvailabilityZone\":\"eu-west-1c\",\"Description\":\"\",\"NetworkInterfaceId\":\"eni-073fec66ce83b9610\",\"RequesterManaged\":false,\"VpcId\":\"vpc-6cb55a15\",\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-247-216-208.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.247.216.208\"},\"ConnectionTrackingConfiguration\":null,\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-073fec66ce83b9610\",\"eni-073fec66ce83b9610\"]},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Association\":{\"PublicIp\":\"3.252.164.68\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-252-164-68.eu-west-1.compute.amazonaws.com\"},\"Status\":\"in-use\",\"Ipv6Addresses\":[],\"TagSet\":[],\"VpcId\":\"vpc-6cb55a15\",\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"RequesterId\":null,\"ConnectionTrackingConfiguration\":null,\"DenyAllIgwTraffic\":null,\"Attachment\":{\"AttachTime\":\"2023-04-03T20:26:47Z\",\"DeleteOnTermination\":true,\"InstanceOwnerId\":\"704479110758\",\"AttachmentId\":\"eni-attach-03ec4650e19c2380f\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0a2dc4a316cdefd0a\",\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"AvailabilityZone\":\"eu-west-1c\",\"Ipv6Native\":null,\"NetworkInterfaceId\":\"eni-09cb336d1b70f0765\",\"PrivateIpAddress\":\"172.31.34.76\",\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-34-76.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"PublicDnsName\":\"ec2-3-252-164-68.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.252.164.68\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-34-76.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.34.76\"}],\"MacAddress\":\"0a:c3:af:60:28:f3\",\"SubnetId\":\"subnet-7a841e20\",\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-0f8133159b21673b7\",\"GroupName\":\"launch-wizard-41\"}],\"InterfaceType\":\"interface\",\"SourceDestCheck\":true,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"RequesterManaged\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-09cb336d1b70f0765\",\"eni-09cb336d1b70f0765\"],\"name\":\"eni-09cb336d1b70f0765\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"],\"security_group_ids\":[\"sg-0f8133159b21673b7\"],\"subnet_ids\":[\"subnet-7a841e20\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-09cb336d1b70f0765\",\"eni-09cb336d1b70f0765\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-09cb336d1b70f0765\":{\"category\":\"infrastructure\",\"type\":\"interface\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"],\"security_group_ids\":[\"sg-05881beea67daa384\"],\"subnet_ids\":[\"subnet-7a841e20\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-01fb4fc95b35e36e3\",\"eni-01fb4fc95b35e36e3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-01fb4fc95b35e36e3\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Status\":\"in-use\",\"RequesterManaged\":false,\"OutpostArn\":null,\"Groups\":[{\"GroupId\":\"sg-05881beea67daa384\",\"GroupName\":\"elastic-agent-security-group-96b9bd60-328c-11ef-8748-06cab9c0c0cb\"}],\"NetworkInterfaceId\":\"eni-01fb4fc95b35e36e3\",\"Ipv4Prefixes\":null,\"MacAddress\":\"0a:e2:0b:b9:fb:cf\",\"PrivateIpAddress\":\"172.31.36.225\",\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"Ipv6Native\":null,\"Attachment\":{\"AttachmentId\":\"eni-attach-0f15f7727a69ab243\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0af0c8abade777902\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-06-25T00:48:39Z\",\"DeleteOnTermination\":true,\"InstanceOwnerId\":\"704479110758\"},\"DenyAllIgwTraffic\":null,\"PrivateDnsName\":\"ip-172-31-36-225.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"TagSet\":[],\"AvailabilityZone\":\"eu-west-1c\",\"Ipv6Address\":null,\"RequesterId\":null,\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-36-225.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.36.225\"}],\"Association\":null,\"Description\":\"\",\"SubnetId\":\"subnet-7a841e20\",\"VpcId\":\"vpc-6cb55a15\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-01fb4fc95b35e36e3\",\"eni-01fb4fc95b35e36e3\"],\"name\":\"eni-01fb4fc95b35e36e3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"],\"security_group_ids\":[\"sg-09bda1e4d7fd21ad3\"],\"subnet_ids\":[\"subnet-7a841e20\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f05978387871446d\",\"eni-0f05978387871446d\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f05978387871446d\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"MacAddress\":\"0a:c8:a3:b4:60:29\",\"PrivateDnsName\":\"ip-172-31-33-148.eu-west-1.compute.internal\",\"RequesterId\":null,\"Description\":\"\",\"InterfaceType\":\"interface\",\"Ipv6Address\":null,\"PrivateIpAddress\":\"172.31.33.148\",\"Ipv6Addresses\":[],\"VpcId\":\"vpc-6cb55a15\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-33-148.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.33.148\"}],\"SubnetId\":\"subnet-7a841e20\",\"TagSet\":[],\"NetworkInterfaceId\":\"eni-0f05978387871446d\",\"Attachment\":{\"AttachTime\":\"2024-10-30T17:03:54Z\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-033150c6f316e2ad1\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-0f8d3fac79a539682\",\"DeviceIndex\":0,\"InstanceOwnerId\":\"704479110758\"},\"AvailabilityZone\":\"eu-west-1c\",\"SourceDestCheck\":true,\"Association\":null,\"Status\":\"in-use\",\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"RequesterManaged\":false,\"DenyAllIgwTraffic\":null,\"Groups\":[{\"GroupId\":\"sg-09bda1e4d7fd21ad3\",\"GroupName\":\"elastic-agent-security-group-df20e390-96e0-11ef-b64c-0a72966a557b\"}],\"Ipv4Prefixes\":null,\"Ipv6Native\":null,\"ConnectionTrackingConfiguration\":null,\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f05978387871446d\",\"eni-0f05978387871446d\"],\"name\":\"eni-0f05978387871446d\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"security_group_ids\":[\"sg-0721071cec3e78eb9\"],\"subnet_ids\":[\"subnet-7a841e20\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-08921648b0ef5fcdb\",\"eni-08921648b0ef5fcdb\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-08921648b0ef5fcdb\":{\"type\":\"interface\",\"category\":\"infrastructure\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Groups\":[{\"GroupId\":\"sg-0721071cec3e78eb9\",\"GroupName\":\"terraform-20231123175739667900000002\"}],\"InterfaceType\":\"interface\",\"RequesterId\":null,\"SubnetId\":\"subnet-7a841e20\",\"Ipv6Address\":null,\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-250-14-183.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.250.14.183\",\"AllocationId\":null},\"AvailabilityZone\":\"eu-west-1c\",\"Description\":\"\",\"TagSet\":[],\"DenyAllIgwTraffic\":null,\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"RequesterManaged\":false,\"Attachment\":{\"EnaSrdSpecification\":null,\"InstanceId\":\"i-019d7a07c9f19f536\",\"Status\":\"attached\",\"AttachTime\":\"2023-11-23T17:57:43Z\",\"AttachmentId\":\"eni-attach-07683f57bd30d824d\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-08921648b0ef5fcdb\",\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-36-59.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.36.59\",\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-250-14-183.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"3.250.14.183\"}}],\"ConnectionTrackingConfiguration\":null,\"MacAddress\":\"0a:9b:c7:1f:6a:75\",\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-31-36-59.eu-west-1.compute.internal\",\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.36.59\",\"VpcId\":\"vpc-6cb55a15\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-08921648b0ef5fcdb\",\"eni-08921648b0ef5fcdb\"],\"name\":\"eni-08921648b0ef5fcdb\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-02bf634a541c372e7\",\"eni-02bf634a541c372e7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-02bf634a541c372e7\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-02bf634a541c372e7\",\"eni-02bf634a541c372e7\"],\"name\":\"eni-02bf634a541c372e7\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Status\":\"in-use\",\"AvailabilityZone\":\"eu-west-1b\",\"Groups\":[{\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":\"kuba-logs-node-20241119125157867500000006\"},{\"GroupId\":\"sg-045d46bcaaf8b30a2\",\"GroupName\":\"kuba-logs_120241119125157866600000005\"},{\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\",\"GroupId\":\"sg-066a56ecc9a45761c\"}],\"PrivateIpAddress\":\"10.0.2.106\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-2-106.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.2.106\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-2-226.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.2.226\"},{\"PrivateDnsName\":\"ip-10-0-2-109.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.2.109\",\"Association\":null,\"Primary\":false},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-2-15.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.2.15\"}],\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"Attachment\":{\"NetworkCardIndex\":0,\"AttachmentId\":\"eni-attach-0d62d2a0b490bed3a\",\"InstanceId\":\"i-060d8336958181039\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T13:01:32Z\",\"DeleteOnTermination\":true},\"Ipv6Address\":null,\"NetworkInterfaceId\":\"eni-02bf634a541c372e7\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-10-0-2-106.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"Association\":null,\"RequesterManaged\":false,\"VpcId\":\"vpc-08d87433815da7907\",\"Ipv6Native\":null,\"MacAddress\":\"06:99:c1:c4:b6:0f\",\"RequesterId\":null,\"Description\":\"\",\"Ipv4Prefixes\":null,\"DenyAllIgwTraffic\":null,\"Ipv6Prefixes\":null,\"OutpostArn\":null,\"SubnetId\":\"subnet-0cdfa229831a9689c\",\"TagSet\":[{\"Value\":\"kuba-logs\",\"Key\":\"deployment\"},{\"Value\":\"kuba-logs-1\",\"Key\":\"Name\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Key\":\"eks:nodegroup-name\",\"Value\":\"kuba-logs-1-2024111913004541080000000e\"},{\"Value\":\"i-060d8336958181039\",\"Key\":\"node.k8s.amazonaws.com/instance_id\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"eks:cluster-name\",\"Value\":\"kuba-logs\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"kuba-logs\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"project\",\"Value\":\"kubasobon\"}]}}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"security_group_ids\":[\"sg-042dc17560e6f8374\",\"sg-045d46bcaaf8b30a2\",\"sg-066a56ecc9a45761c\"],\"subnet_ids\":[\"subnet-0cdfa229831a9689c\"],\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"security_group_ids\":[\"sg-073a4f4d84a89c002\"],\"subnet_ids\":[\"subnet-b50028fd\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-013f518899e414455\",\"eni-013f518899e414455\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-013f518899e414455\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Groups\":[{\"GroupId\":\"sg-073a4f4d84a89c002\",\"GroupName\":\"launch-wizard-120\"}],\"InterfaceType\":\"interface\",\"SubnetId\":\"subnet-b50028fd\",\"ConnectionTrackingConfiguration\":null,\"NetworkInterfaceId\":\"eni-013f518899e414455\",\"Status\":\"in-use\",\"TagSet\":[],\"AvailabilityZone\":\"eu-west-1b\",\"Ipv6Native\":null,\"Ipv6Address\":null,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"Ipv6Prefixes\":null,\"MacAddress\":\"06:90:46:b6:ec:d5\",\"PrivateIpAddress\":\"172.31.28.145\",\"SourceDestCheck\":true,\"Association\":null,\"Attachment\":{\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-08-13T10:05:10Z\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-0a1a605847492e9a2\",\"DeviceIndex\":0,\"InstanceId\":\"i-09d8f12a0d43961fd\"},\"PrivateDnsName\":\"ip-172-31-28-145.eu-west-1.compute.internal\",\"VpcId\":\"vpc-6cb55a15\",\"Ipv6Addresses\":[],\"RequesterManaged\":false,\"Ipv4Prefixes\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-28-145.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.28.145\"}],\"RequesterId\":null,\"DenyAllIgwTraffic\":null,\"Description\":\"\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-013f518899e414455\",\"eni-013f518899e414455\"],\"name\":\"eni-013f518899e414455\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"],\"security_group_ids\":[\"sg-0b3e465206111809c\"],\"subnet_ids\":[\"subnet-b50028fd\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0940d0d06498e3205\",\"eni-0940d0d06498e3205\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0940d0d06498e3205\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"tags\":null,\"raw\":{\"network_interface\":{\"AvailabilityZone\":\"eu-west-1b\",\"Ipv6Native\":null,\"Groups\":[{\"GroupId\":\"sg-0b3e465206111809c\",\"GroupName\":\"elastic-agent-security-group-25f51ed0-5a41-11ef-86b7-061640a59457\"}],\"RequesterId\":null,\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"RequesterManaged\":false,\"VpcId\":\"vpc-6cb55a15\",\"ConnectionTrackingConfiguration\":null,\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"SubnetId\":\"subnet-b50028fd\",\"Ipv4Prefixes\":null,\"MacAddress\":\"06:3f:da:89:c1:15\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-20-187.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.20.187\",\"Association\":null,\"Primary\":true}],\"NetworkInterfaceId\":\"eni-0940d0d06498e3205\",\"OutpostArn\":null,\"PrivateIpAddress\":\"172.31.20.187\",\"PrivateDnsName\":\"ip-172-31-20-187.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"Association\":null,\"Attachment\":{\"InstanceId\":\"i-0b842923561575f11\",\"Status\":\"attached\",\"AttachTime\":\"2024-08-14T13:29:24Z\",\"AttachmentId\":\"eni-attach-0f9af12a7a2503985\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"DeleteOnTermination\":true,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"Description\":\"\",\"Status\":\"in-use\",\"TagSet\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0940d0d06498e3205\",\"eni-0940d0d06498e3205\"],\"name\":\"eni-0940d0d06498e3205\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-06e0a7290379b2582\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"tags\":null,\"raw\":{\"network_interface\":{\"Description\":\"\",\"InterfaceType\":\"interface\",\"SourceDestCheck\":true,\"TagSet\":[],\"Attachment\":{\"InstanceId\":\"i-0da69cc5594ceeaf0\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"DeleteOnTermination\":true,\"Status\":\"attached\",\"AttachTime\":\"2024-10-13T14:00:08Z\",\"AttachmentId\":\"eni-attach-0b6d272bbd7d4efd7\"},\"DenyAllIgwTraffic\":null,\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"PrivateDnsName\":\"ip-172-31-31-201.eu-west-1.compute.internal\",\"Status\":\"in-use\",\"AvailabilityZone\":\"eu-west-1b\",\"Groups\":[{\"GroupId\":\"sg-06f6b809d5e053c55\",\"GroupName\":\"elastic-agent-security-group-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\"}],\"Ipv6Prefixes\":null,\"RequesterManaged\":false,\"MacAddress\":\"06:da:16:bd:8a:ff\",\"NetworkInterfaceId\":\"eni-06e0a7290379b2582\",\"Association\":null,\"Ipv6Address\":null,\"OutpostArn\":null,\"ConnectionTrackingConfiguration\":null,\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.31.201\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-31-201.eu-west-1.compute.internal\"}],\"VpcId\":\"vpc-6cb55a15\",\"PrivateIpAddress\":\"172.31.31.201\",\"RequesterId\":null,\"Ipv6Native\":null,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-b50028fd\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-06e0a7290379b2582\",\"eni-06e0a7290379b2582\"],\"name\":\"eni-06e0a7290379b2582\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-06f6b809d5e053c55\"],\"subnet_ids\":[\"subnet-b50028fd\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-06e0a7290379b2582\",\"eni-06e0a7290379b2582\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a0d25d0d80ff70b4\",\"eni-0a0d25d0d80ff70b4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a0d25d0d80ff70b4\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"MacAddress\":\"06:31:11:6e:4a:27\",\"OwnerId\":\"704479110758\",\"Association\":null,\"Ipv4Prefixes\":null,\"RequesterManaged\":true,\"TagSet\":[],\"DenyAllIgwTraffic\":null,\"Status\":\"in-use\",\"Attachment\":{\"NetworkCardIndex\":0,\"AttachTime\":\"2024-11-17T20:10:27Z\",\"AttachmentId\":\"eni-attach-0620b03a44ff649c9\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"424995565255\",\"InstanceId\":null,\"Status\":\"attached\"},\"Ipv6Address\":null,\"OutpostArn\":null,\"SourceDestCheck\":true,\"VpcId\":\"vpc-00103fb710b9960ab\",\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-2-46.eu-west-1.compute.internal\",\"Ipv6Native\":null,\"AvailabilityZone\":\"eu-west-1b\",\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-06c15b89b2816c94b\",\"GroupName\":\"benchmark-rules-cluster-20240530133042015600000007\"},{\"GroupId\":\"sg-06db863f6566691fb\",\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\"}],\"RequesterId\":\"424995565255\",\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"10.0.2.46\",\"InterfaceType\":\"interface\",\"NetworkInterfaceId\":\"eni-0a0d25d0d80ff70b4\",\"Description\":\"Amazon EKS benchmark-rules\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"10.0.2.46\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-2-46.eu-west-1.compute.internal\"}],\"SubnetId\":\"subnet-03aa6072b34eae6a9\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a0d25d0d80ff70b4\",\"eni-0a0d25d0d80ff70b4\"],\"name\":\"eni-0a0d25d0d80ff70b4\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"security_group_ids\":[\"sg-06c15b89b2816c94b\",\"sg-06db863f6566691fb\"],\"subnet_ids\":[\"subnet-03aa6072b34eae6a9\"],\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0069575d03045f48a\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0069575d03045f48a\",\"eni-0069575d03045f48a\"],\"name\":\"eni-0069575d03045f48a\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"MacAddress\":\"06:55:26:46:38:13\",\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-10-0-2-144.eu-west-1.compute.internal\",\"VpcId\":\"vpc-08d87433815da7907\",\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"Ipv6Native\":null,\"NetworkInterfaceId\":\"eni-0069575d03045f48a\",\"Status\":\"in-use\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-2-144.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.2.144\"}],\"RequesterId\":\"851725637175\",\"SourceDestCheck\":true,\"DenyAllIgwTraffic\":null,\"Ipv6Addresses\":[],\"TagSet\":[],\"Association\":null,\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"SubnetId\":\"subnet-0cdfa229831a9689c\",\"Groups\":[{\"GroupId\":\"sg-035fed423cfdb5c55\",\"GroupName\":\"kuba-logs-cluster-20241119125158938900000007\"},{\"GroupId\":\"sg-066a56ecc9a45761c\",\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\"}],\"Ipv6Address\":null,\"RequesterManaged\":true,\"Attachment\":{\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-025ae918ac96e3408\",\"DeviceIndex\":1,\"InstanceId\":null,\"NetworkCardIndex\":0,\"AttachTime\":\"2024-11-19T13:03:58Z\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"851725637175\"},\"Description\":\"Amazon EKS kuba-logs\",\"AvailabilityZone\":\"eu-west-1b\",\"PrivateIpAddress\":\"10.0.2.144\"}}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"subnet_ids\":[\"subnet-0cdfa229831a9689c\"],\"vpc_ids\":[\"vpc-08d87433815da7907\"],\"security_group_ids\":[\"sg-035fed423cfdb5c55\",\"sg-066a56ecc9a45761c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0069575d03045f48a\",\"eni-0069575d03045f48a\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"subnet_ids\":[\"subnet-b50028fd\"],\"vpc_ids\":[\"vpc-6cb55a15\"],\"security_group_ids\":[\"sg-0b9e34e4623e664a4\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0aa73f770116623da\",\"eni-0aa73f770116623da\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0aa73f770116623da\":{\"type\":\"interface\",\"category\":\"infrastructure\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Attachment\":{\"AttachTime\":\"2024-11-19T13:12:14Z\",\"AttachmentId\":\"eni-attach-00257e54813a7a96a\",\"DeviceIndex\":0,\"Status\":\"attached\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-02ca59e683aa491e1\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"Description\":\"\",\"PrivateDnsName\":\"ip-172-31-18-232.eu-west-1.compute.internal\",\"SubnetId\":\"subnet-b50028fd\",\"AvailabilityZone\":\"eu-west-1b\",\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-0aa73f770116623da\",\"RequesterId\":null,\"Status\":\"in-use\",\"ConnectionTrackingConfiguration\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Association\":{\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-74-168-56.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.74.168.56\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-18-232.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.18.232\"}],\"TagSet\":[],\"Ipv4Prefixes\":null,\"OutpostArn\":null,\"Groups\":[{\"GroupId\":\"sg-0b9e34e4623e664a4\",\"GroupName\":\"elastic-agent-security-group-d2594700-a677-11ef-a9ff-0a22d85204c3\"}],\"Ipv6Address\":null,\"Ipv6Native\":null,\"MacAddress\":\"06:1d:ba:95:06:03\",\"SourceDestCheck\":true,\"VpcId\":\"vpc-6cb55a15\",\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-74-168-56.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.74.168.56\",\"AllocationId\":null},\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"PrivateIpAddress\":\"172.31.18.232\",\"RequesterManaged\":false,\"Ipv6Addresses\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0aa73f770116623da\",\"eni-0aa73f770116623da\"],\"name\":\"eni-0aa73f770116623da\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f1b98f2bd817b1b4\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Association\":null,\"Ipv6Prefixes\":null,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-19-164.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-19-164.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.19.164\",\"Association\":null}],\"Status\":\"in-use\",\"Attachment\":{\"InstanceId\":\"i-08a268eb03f5a9488\",\"Status\":\"attached\",\"AttachTime\":\"2024-10-31T17:44:59Z\",\"AttachmentId\":\"eni-attach-00a18024d6802f854\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"SourceDestCheck\":true,\"TagSet\":[],\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-0f1b98f2bd817b1b4\",\"PrivateIpAddress\":\"172.31.19.164\",\"VpcId\":\"vpc-6cb55a15\",\"Groups\":[{\"GroupId\":\"sg-00fffedaddecb00e3\",\"GroupName\":\"launch-wizard-132\"}],\"Ipv6Address\":null,\"MacAddress\":\"06:ae:af:23:f5:db\",\"DenyAllIgwTraffic\":null,\"RequesterManaged\":false,\"SubnetId\":\"subnet-b50028fd\",\"AvailabilityZone\":\"eu-west-1b\",\"Ipv6Native\":null,\"RequesterId\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f1b98f2bd817b1b4\",\"eni-0f1b98f2bd817b1b4\"],\"name\":\"eni-0f1b98f2bd817b1b4\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-00fffedaddecb00e3\"],\"subnet_ids\":[\"subnet-b50028fd\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f1b98f2bd817b1b4\",\"eni-0f1b98f2bd817b1b4\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-08333bb50c1c476d0\",\"eni-08333bb50c1c476d0\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-08333bb50c1c476d0\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"SourceDestCheck\":true,\"PrivateDnsName\":\"ip-10-0-2-209.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-2-209.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.2.209\"}],\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"VpcId\":\"vpc-096d5aaf84103883c\",\"MacAddress\":\"06:9b:20:2a:37:17\",\"PrivateIpAddress\":\"10.0.2.209\",\"SubnetId\":\"subnet-0b9742a3beed3221a\",\"TagSet\":[],\"ConnectionTrackingConfiguration\":null,\"DenyAllIgwTraffic\":null,\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"RequesterId\":\"953806780543\",\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"Association\":null,\"Attachment\":{\"DeviceIndex\":1,\"NetworkCardIndex\":0,\"InstanceId\":null,\"InstanceOwnerId\":\"953806780543\",\"Status\":\"attached\",\"AttachTime\":\"2024-11-18T01:45:05Z\",\"AttachmentId\":\"eni-attach-03ecbbd3363651373\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null},\"Description\":\"Amazon EKS long-running-project\",\"NetworkInterfaceId\":\"eni-08333bb50c1c476d0\",\"OutpostArn\":null,\"AvailabilityZone\":\"eu-west-1b\",\"Groups\":[{\"GroupId\":\"sg-09db5f76c7009971b\",\"GroupName\":\"long-running-project-cluster-20231123175752291300000006\"},{\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\"}],\"RequesterManaged\":true,\"Status\":\"in-use\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-08333bb50c1c476d0\",\"eni-08333bb50c1c476d0\"],\"name\":\"eni-08333bb50c1c476d0\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"security_group_ids\":[\"sg-09db5f76c7009971b\",\"sg-068c07cd665c64b73\"],\"subnet_ids\":[\"subnet-0b9742a3beed3221a\"],\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0fbf0aa0d5789d9d8\",\"eni-0fbf0aa0d5789d9d8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0fbf0aa0d5789d9d8\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"DenyAllIgwTraffic\":null,\"PrivateDnsName\":\"ip-172-31-30-36.eu-west-1.compute.internal\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-0fbf0aa0d5789d9d8\",\"RequesterManaged\":false,\"Status\":\"in-use\",\"Attachment\":{\"AttachTime\":\"2024-05-07T08:33:39Z\",\"AttachmentId\":\"eni-attach-0d61b95bf57a82ec7\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-05629eb9e58620424\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"RequesterId\":null,\"SourceDestCheck\":true,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"\",\"InterfaceType\":\"interface\",\"PrivateIpAddress\":\"172.31.30.36\",\"SubnetId\":\"subnet-b50028fd\",\"AvailabilityZone\":\"eu-west-1b\",\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-30-36.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.30.36\"}],\"TagSet\":[],\"Ipv6Native\":null,\"Ipv6Address\":null,\"OutpostArn\":null,\"Association\":null,\"MacAddress\":\"06:01:e5:6f:7a:89\",\"Groups\":[{\"GroupId\":\"sg-0daee1caa0a282c25\",\"GroupName\":\"elastic-agent-security-group-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0fbf0aa0d5789d9d8\",\"eni-0fbf0aa0d5789d9d8\"],\"name\":\"eni-0fbf0aa0d5789d9d8\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-0daee1caa0a282c25\"],\"subnet_ids\":[\"subnet-b50028fd\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0459394252f9b0558\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"ConnectionTrackingConfiguration\":null,\"Ipv6Address\":null,\"RequesterId\":null,\"VpcId\":\"vpc-6cb55a15\",\"RequesterManaged\":false,\"SubnetId\":\"subnet-b50028fd\",\"OutpostArn\":null,\"Association\":null,\"AvailabilityZone\":\"eu-west-1b\",\"Ipv6Native\":null,\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-21-28.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.21.28\",\"Association\":null,\"Primary\":true}],\"SourceDestCheck\":true,\"Groups\":[{\"GroupId\":\"sg-0080ac16b8a9372b6\",\"GroupName\":\"launch-wizard-96\"}],\"Ipv4Prefixes\":null,\"MacAddress\":\"06:01:f4:18:b7:6d\",\"InterfaceType\":\"interface\",\"PrivateDnsName\":\"ip-172-31-21-28.eu-west-1.compute.internal\",\"DenyAllIgwTraffic\":null,\"OwnerId\":\"704479110758\",\"Status\":\"in-use\",\"TagSet\":[],\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-0459394252f9b0558\",\"Attachment\":{\"NetworkCardIndex\":0,\"AttachTime\":\"2024-04-03T06:33:36Z\",\"InstanceOwnerId\":\"704479110758\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0e531b67000896609\",\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-0ab724cd81072ba59\",\"DeleteOnTermination\":true},\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.21.28\",\"Description\":\"\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0459394252f9b0558\",\"eni-0459394252f9b0558\"],\"name\":\"eni-0459394252f9b0558\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-0080ac16b8a9372b6\"],\"subnet_ids\":[\"subnet-b50028fd\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0459394252f9b0558\",\"eni-0459394252f9b0558\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"security_group_ids\":[\"sg-0f931cb570d325929\"],\"subnet_ids\":[\"subnet-b50028fd\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0ee1875bbc2a2c735\",\"eni-0ee1875bbc2a2c735\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0ee1875bbc2a2c735\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"MacAddress\":\"06:8b:6c:6f:63:45\",\"PrivateDnsName\":\"ip-172-31-29-165.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.29.165\",\"Ipv4Prefixes\":null,\"Status\":\"in-use\",\"TagSet\":[],\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"Groups\":[{\"GroupId\":\"sg-0f931cb570d325929\",\"GroupName\":\"launch-wizard-131\"}],\"NetworkInterfaceId\":\"eni-0ee1875bbc2a2c735\",\"SourceDestCheck\":true,\"VpcId\":\"vpc-6cb55a15\",\"OutpostArn\":null,\"RequesterId\":null,\"DenyAllIgwTraffic\":null,\"Description\":\"\",\"RequesterManaged\":false,\"OwnerId\":\"704479110758\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Address\":null,\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-29-165.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.29.165\",\"Association\":null}],\"SubnetId\":\"subnet-b50028fd\",\"Association\":null,\"Attachment\":{\"AttachTime\":\"2024-10-31T16:34:55Z\",\"DeviceIndex\":0,\"InstanceId\":\"i-05a12421713f8b648\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-06cb59d9ff302acce\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\"},\"AvailabilityZone\":\"eu-west-1b\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0ee1875bbc2a2c735\",\"eni-0ee1875bbc2a2c735\"],\"name\":\"eni-0ee1875bbc2a2c735\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-03d9da63ff4a291fa\",\"eni-03d9da63ff4a291fa\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-03d9da63ff4a291fa\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Native\":null,\"OutpostArn\":null,\"AvailabilityZone\":\"eu-west-1b\",\"MacAddress\":\"06:4b:92:c7:46:09\",\"NetworkInterfaceId\":\"eni-03d9da63ff4a291fa\",\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-27-25.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.27.25\"}],\"ConnectionTrackingConfiguration\":null,\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.31.27.25\",\"RequesterManaged\":false,\"Association\":null,\"Attachment\":{\"AttachmentId\":\"eni-attach-079035fd87b4b097c\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"AttachTime\":\"2024-09-23T22:28:46Z\",\"DeviceIndex\":0,\"InstanceId\":\"i-0e30a87924b029ae4\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"PrivateDnsName\":\"ip-172-31-27-25.eu-west-1.compute.internal\",\"VpcId\":\"vpc-6cb55a15\",\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"RequesterId\":null,\"SourceDestCheck\":true,\"Status\":\"in-use\",\"DenyAllIgwTraffic\":null,\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-0539555fe9c649856\",\"GroupName\":\"elastic-agent-security-group-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\"}],\"TagSet\":[],\"SubnetId\":\"subnet-b50028fd\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-03d9da63ff4a291fa\",\"eni-03d9da63ff4a291fa\"],\"name\":\"eni-03d9da63ff4a291fa\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"security_group_ids\":[\"sg-0539555fe9c649856\"],\"subnet_ids\":[\"subnet-b50028fd\"],\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"],\"security_group_ids\":[\"sg-0054cc356c3f84c21\",\"sg-03b969e6a0eb74e43\",\"sg-06db863f6566691fb\"],\"subnet_ids\":[\"subnet-0ed154aa70918550b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-00ab93e4e009536d9\",\"eni-00ab93e4e009536d9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-00ab93e4e009536d9\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-00ab93e4e009536d9\",\"eni-00ab93e4e009536d9\"],\"name\":\"eni-00ab93e4e009536d9\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Groups\":[{\"GroupName\":\"benchmark-rules_120240530133039418700000004\",\"GroupId\":\"sg-0054cc356c3f84c21\"},{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":\"benchmark-rules-node-20240530133041754900000006\"},{\"GroupId\":\"sg-06db863f6566691fb\",\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\"}],\"Ipv4Prefixes\":null,\"Description\":\"\",\"Ipv6Native\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-154.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.154\"},{\"PrivateDnsName\":\"ip-10-0-1-93.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.93\",\"Association\":null,\"Primary\":false},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-173.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.173\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-239.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.239\"}],\"RequesterId\":null,\"RequesterManaged\":false,\"DenyAllIgwTraffic\":null,\"VpcId\":\"vpc-00103fb710b9960ab\",\"AvailabilityZone\":\"eu-west-1a\",\"Status\":\"in-use\",\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"Association\":null,\"Attachment\":{\"NetworkCardIndex\":0,\"Status\":\"attached\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-05e62676300221669\",\"InstanceOwnerId\":\"704479110758\",\"AttachTime\":\"2024-08-26T17:05:12Z\",\"AttachmentId\":\"eni-attach-09a025fc313fe30c9\",\"DeleteOnTermination\":true},\"PrivateDnsName\":\"ip-10-0-1-154.eu-west-1.compute.internal\",\"SubnetId\":\"subnet-0ed154aa70918550b\",\"Ipv6Address\":null,\"NetworkInterfaceId\":\"eni-00ab93e4e009536d9\",\"PrivateIpAddress\":\"10.0.1.154\",\"TagSet\":[{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"benchmark-rules\"},{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-05e62676300221669\"}],\"OutpostArn\":null,\"MacAddress\":\"02:bf:4c:14:6f:ff\",\"SourceDestCheck\":true}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-03f1f0a6b894aaeb4\",\"eni-03f1f0a6b894aaeb4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-03f1f0a6b894aaeb4\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"name\":\"eni-03f1f0a6b894aaeb4\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"AvailabilityZone\":\"eu-west-1a\",\"SourceDestCheck\":false,\"MacAddress\":\"02:0f:0c:2f:f8:a3\",\"PrivateDnsName\":\"ip-10-0-4-73.eu-west-1.compute.internal\",\"RequesterId\":\"194251917446\",\"Association\":{\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-78-93-158.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.78.93.158\",\"AllocationId\":\"eipalloc-0dd9c6e0fa790b0c5\",\"AssociationId\":\"eipassoc-0b3c09123430bd588\",\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Ipv4Prefixes\":null,\"Groups\":[],\"OwnerId\":\"704479110758\",\"RequesterManaged\":true,\"ConnectionTrackingConfiguration\":null,\"DenyAllIgwTraffic\":null,\"NetworkInterfaceId\":\"eni-03f1f0a6b894aaeb4\",\"OutpostArn\":null,\"TagSet\":[],\"VpcId\":\"vpc-0bf78569aaae50b84\",\"Ipv6Address\":null,\"Ipv6Native\":null,\"Attachment\":{\"AttachmentId\":\"ela-attach-06c9c31b770625bfe\",\"DeleteOnTermination\":false,\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"amazon-aws\",\"AttachTime\":null,\"InstanceId\":null,\"NetworkCardIndex\":null,\"Status\":\"attached\"},\"PrivateIpAddress\":\"10.0.4.73\",\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-78-93-158.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.78.93.158\",\"AllocationId\":\"eipalloc-0dd9c6e0fa790b0c5\",\"AssociationId\":\"eipassoc-0b3c09123430bd588\"},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-73.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.73\"}],\"Description\":\"Interface for NAT Gateway nat-0c75e70cbdb367a75\",\"Ipv6Prefixes\":null,\"Status\":\"in-use\",\"SubnetId\":\"subnet-059a72f44f27a917a\",\"InterfaceType\":\"nat_gateway\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-03f1f0a6b894aaeb4\",\"eni-03f1f0a6b894aaeb4\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-059a72f44f27a917a\"],\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.090+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"security_group_ids\":[\"sg-0453b067a0757ec2d\"],\"subnet_ids\":[\"subnet-d4cf96b2\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0fa5374495b457c22\",\"eni-0fa5374495b457c22\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0fa5374495b457c22\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-d4cf96b2\",\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0cee6c8e97dc3c2af\",\"Status\":\"attached\",\"AttachTime\":\"2024-07-27T01:03:48Z\",\"AttachmentId\":\"eni-attach-04d71eb771bd3a10e\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"ConnectionTrackingConfiguration\":null,\"MacAddress\":\"02:ab:b4:01:e2:47\",\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-31-2-25.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"Ipv6Prefixes\":null,\"RequesterId\":null,\"Status\":\"in-use\",\"AvailabilityZone\":\"eu-west-1a\",\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-0fa5374495b457c22\",\"Description\":\"\",\"TagSet\":[],\"Association\":null,\"Ipv6Address\":null,\"Ipv6Native\":null,\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-2-25.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.2.25\",\"Association\":null,\"Primary\":true}],\"VpcId\":\"vpc-6cb55a15\",\"Groups\":[{\"GroupId\":\"sg-0453b067a0757ec2d\",\"GroupName\":\"launch-wizard-119\"}],\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.2.25\",\"RequesterManaged\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0fa5374495b457c22\",\"eni-0fa5374495b457c22\"],\"name\":\"eni-0fa5374495b457c22\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-05aaeea558b2ef107\",\"eni-05aaeea558b2ef107\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-05aaeea558b2ef107\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-05aaeea558b2ef107\",\"eni-05aaeea558b2ef107\"],\"name\":\"eni-05aaeea558b2ef107\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-05aaeea558b2ef107\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-198.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.198\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-97.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.97\"},{\"PrivateIpAddress\":\"10.0.1.70\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-70.eu-west-1.compute.internal\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-219.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.219\"}],\"RequesterManaged\":false,\"Groups\":[{\"GroupId\":\"sg-0133ee02b1d6a0bd0\",\"GroupName\":\"long-running-project_120231123175751595700000004\"},{\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":\"long-running-project-node-20231123175752373900000007\"},{\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\"}],\"Ipv6Prefixes\":null,\"Ipv6Native\":null,\"Status\":\"in-use\",\"AvailabilityZone\":\"eu-west-1a\",\"InterfaceType\":\"interface\",\"Attachment\":{\"AttachTime\":\"2023-11-23T18:06:42Z\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-07ef7e2fdfaa31310\",\"AttachmentId\":\"eni-attach-00fedb992df796eb5\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"Ipv4Prefixes\":null,\"MacAddress\":\"02:e7:1d:44:58:75\",\"PrivateDnsName\":\"ip-10-0-1-198.eu-west-1.compute.internal\",\"Description\":\"aws-K8S-i-07ef7e2fdfaa31310\",\"OutpostArn\":null,\"PrivateIpAddress\":\"10.0.1.198\",\"SubnetId\":\"subnet-013417b28485abce5\",\"Association\":null,\"DenyAllIgwTraffic\":null,\"OwnerId\":\"704479110758\",\"RequesterId\":\"AROA2IBR2EZTFAU3OINNT:i-07ef7e2fdfaa31310\",\"SourceDestCheck\":true,\"TagSet\":[{\"Key\":\"node.k8s.amazonaws.com/createdAt\",\"Value\":\"2023-11-23T18:06:41Z\"},{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-07ef7e2fdfaa31310\"}],\"VpcId\":\"vpc-096d5aaf84103883c\",\"ConnectionTrackingConfiguration\":null}}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"security_group_ids\":[\"sg-0133ee02b1d6a0bd0\",\"sg-081a33d48a4a9086f\",\"sg-068c07cd665c64b73\"],\"subnet_ids\":[\"subnet-013417b28485abce5\"],\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"OwnerId\":\"704479110758\",\"TagSet\":[],\"VpcId\":\"vpc-096d5aaf84103883c\",\"AvailabilityZone\":\"eu-west-1a\",\"DenyAllIgwTraffic\":null,\"Ipv6Addresses\":[],\"Ipv6Prefixes\":null,\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-4-197.eu-west-1.compute.internal\",\"Description\":\"Interface for NAT Gateway nat-0de20130ce9fca08b\",\"RequesterId\":\"194251917446\",\"Association\":{\"AllocationId\":\"eipalloc-00ce67f94d22b0b08\",\"AssociationId\":\"eipassoc-0e3c7cda65f6882d1\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-99-80-103-100.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"99.80.103.100\"},\"Groups\":[],\"Ipv6Address\":null,\"OutpostArn\":null,\"Status\":\"in-use\",\"RequesterManaged\":true,\"InterfaceType\":\"nat_gateway\",\"NetworkInterfaceId\":\"eni-024cb66ae0788dd46\",\"MacAddress\":\"02:69:08:46:dd:8d\",\"PrivateIpAddress\":\"10.0.4.197\",\"SubnetId\":\"subnet-0db44e7206e0bf6e7\",\"Attachment\":{\"EnaSrdSpecification\":null,\"InstanceId\":null,\"NetworkCardIndex\":null,\"AttachTime\":null,\"AttachmentId\":\"ela-attach-045b631d0f4c26266\",\"DeleteOnTermination\":false,\"DeviceIndex\":1,\"InstanceOwnerId\":\"amazon-aws\",\"Status\":\"attached\"},\"ConnectionTrackingConfiguration\":null,\"Ipv6Native\":null,\"PrivateIpAddresses\":[{\"Association\":{\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-99-80-103-100.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"99.80.103.100\",\"AllocationId\":\"eipalloc-00ce67f94d22b0b08\",\"AssociationId\":\"eipassoc-0e3c7cda65f6882d1\",\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-197.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.197\"}],\"SourceDestCheck\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-024cb66ae0788dd46\",\"eni-024cb66ae0788dd46\"],\"name\":\"eni-024cb66ae0788dd46\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"subnet_ids\":[\"subnet-0db44e7206e0bf6e7\"],\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-024cb66ae0788dd46\",\"eni-024cb66ae0788dd46\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-024cb66ae0788dd46\":{\"type\":\"interface\",\"category\":\"infrastructure\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"AvailabilityZone\":\"eu-west-1a\",\"VpcId\":\"vpc-6cb55a15\",\"PrivateIpAddress\":\"172.31.10.159\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-d4cf96b2\",\"TagSet\":[],\"PrivateDnsName\":\"ip-172-31-10-159.eu-west-1.compute.internal\",\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"RequesterManaged\":false,\"RequesterId\":null,\"Description\":\"\",\"MacAddress\":\"02:49:c4:57:8a:b7\",\"NetworkInterfaceId\":\"eni-0a3441a9ab67480fd\",\"OutpostArn\":null,\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.10.159\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-10-159.eu-west-1.compute.internal\"}],\"Status\":\"in-use\",\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"Association\":null,\"ConnectionTrackingConfiguration\":null,\"Ipv6Native\":null,\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"InstanceId\":\"i-0ff4fad15fd457aca\",\"AttachTime\":\"2024-05-02T14:53:49Z\",\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-0e7f10a3289cbe4fd\"},\"Groups\":[{\"GroupId\":\"sg-0c3d5a1a87fe80dcb\",\"GroupName\":\"orestis-onweek\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a3441a9ab67480fd\",\"eni-0a3441a9ab67480fd\"],\"name\":\"eni-0a3441a9ab67480fd\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"security_group_ids\":[\"sg-0c3d5a1a87fe80dcb\"],\"subnet_ids\":[\"subnet-d4cf96b2\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a3441a9ab67480fd\",\"eni-0a3441a9ab67480fd\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a3441a9ab67480fd\":{\"category\":\"infrastructure\",\"type\":\"interface\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0824a530263ae8402\":{\"type\":\"interface\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"DenyAllIgwTraffic\":null,\"PrivateIpAddress\":\"10.0.4.27\",\"Status\":\"in-use\",\"Groups\":[],\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-16-62-255.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.16.62.255\",\"AllocationId\":\"eipalloc-0f7697093ac7e5a01\",\"AssociationId\":\"eipassoc-0ebd9ed0399961e53\",\"CarrierIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-27.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.27\"}],\"RequesterId\":\"194251917446\",\"AvailabilityZone\":\"eu-west-1a\",\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"nat_gateway\",\"NetworkInterfaceId\":\"eni-0824a530263ae8402\",\"TagSet\":[],\"Association\":{\"AllocationId\":\"eipalloc-0f7697093ac7e5a01\",\"AssociationId\":\"eipassoc-0ebd9ed0399961e53\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-16-62-255.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.16.62.255\"},\"Ipv4Prefixes\":null,\"OutpostArn\":null,\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"RequesterManaged\":true,\"SubnetId\":\"subnet-0a5b112f21481c793\",\"Description\":\"Interface for NAT Gateway nat-0122f4480c4c979d3\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":false,\"Attachment\":{\"AttachTime\":null,\"InstanceId\":null,\"NetworkCardIndex\":null,\"InstanceOwnerId\":\"amazon-aws\",\"Status\":\"attached\",\"AttachmentId\":\"ela-attach-0c57af11d0dbcabd3\",\"DeleteOnTermination\":false,\"DeviceIndex\":1,\"EnaSrdSpecification\":null},\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"MacAddress\":\"02:d8:e8:bb:c8:d7\",\"Ipv6Native\":null,\"PrivateDnsName\":\"ip-10-0-4-27.eu-west-1.compute.internal\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0824a530263ae8402\",\"eni-0824a530263ae8402\"],\"name\":\"eni-0824a530263ae8402\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"],\"subnet_ids\":[\"subnet-0a5b112f21481c793\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0824a530263ae8402\",\"eni-0824a530263ae8402\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-03b066524255a77b4\"],\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-03a7d19de6f5d0f6f\",\"eni-03a7d19de6f5d0f6f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-03a7d19de6f5d0f6f\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-03a7d19de6f5d0f6f\",\"eni-03a7d19de6f5d0f6f\"],\"name\":\"eni-03a7d19de6f5d0f6f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Prefixes\":null,\"SubnetId\":\"subnet-03b066524255a77b4\",\"VpcId\":\"vpc-0a74788000c2f0013\",\"Attachment\":{\"AttachTime\":null,\"DeleteOnTermination\":false,\"DeviceIndex\":1,\"InstanceOwnerId\":\"amazon-aws\",\"AttachmentId\":\"ela-attach-0d48aea21861a9748\",\"EnaSrdSpecification\":null,\"InstanceId\":null,\"NetworkCardIndex\":null,\"Status\":\"attached\"},\"AvailabilityZone\":\"eu-west-1a\",\"PrivateIpAddresses\":[{\"Association\":{\"PublicIp\":\"54.247.187.90\",\"AllocationId\":\"eipalloc-070cc2eab27bc62d5\",\"AssociationId\":\"eipassoc-0d55d9719db6461a0\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-247-187-90.eu-west-1.compute.amazonaws.com\"},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-181.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.181\"}],\"MacAddress\":\"02:03:96:06:1a:55\",\"Ipv6Native\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"10.0.4.181\",\"RequesterManaged\":true,\"SourceDestCheck\":false,\"ConnectionTrackingConfiguration\":null,\"TagSet\":[],\"DenyAllIgwTraffic\":null,\"OutpostArn\":null,\"RequesterId\":\"194251917446\",\"Description\":\"Interface for NAT Gateway nat-0fb5c87f6e63ca90a\",\"Groups\":[],\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-03a7d19de6f5d0f6f\",\"PrivateDnsName\":\"ip-10-0-4-181.eu-west-1.compute.internal\",\"Status\":\"in-use\",\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"Association\":{\"AllocationId\":\"eipalloc-070cc2eab27bc62d5\",\"AssociationId\":\"eipassoc-0d55d9719db6461a0\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-247-187-90.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.247.187.90\"},\"InterfaceType\":\"nat_gateway\"}}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-09db5f76c7009971b\",\"sg-068c07cd665c64b73\"],\"subnet_ids\":[\"subnet-013417b28485abce5\"],\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-01cbc52f8563059bf\",\"eni-01cbc52f8563059bf\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-01cbc52f8563059bf\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"name\":\"eni-01cbc52f8563059bf\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Attachment\":{\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"AttachTime\":\"2024-11-18T01:39:12Z\",\"AttachmentId\":\"eni-attach-066f69b22291e1f57\",\"DeleteOnTermination\":true,\"InstanceId\":null,\"InstanceOwnerId\":\"953806780543\",\"Status\":\"attached\"},\"Ipv6Addresses\":[],\"PrivateDnsName\":\"ip-10-0-1-42.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-42.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.42\"}],\"RequesterId\":\"953806780543\",\"RequesterManaged\":true,\"DenyAllIgwTraffic\":null,\"Description\":\"Amazon EKS long-running-project\",\"Ipv6Address\":null,\"NetworkInterfaceId\":\"eni-01cbc52f8563059bf\",\"Groups\":[{\"GroupId\":\"sg-09db5f76c7009971b\",\"GroupName\":\"long-running-project-cluster-20231123175752291300000006\"},{\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\"}],\"OutpostArn\":null,\"AvailabilityZone\":\"eu-west-1a\",\"InterfaceType\":\"interface\",\"SourceDestCheck\":true,\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"10.0.1.42\",\"ConnectionTrackingConfiguration\":null,\"OwnerId\":\"704479110758\",\"TagSet\":[],\"VpcId\":\"vpc-096d5aaf84103883c\",\"Association\":null,\"Ipv4Prefixes\":null,\"MacAddress\":\"02:ea:22:d6:7f:b1\",\"Status\":\"in-use\",\"SubnetId\":\"subnet-013417b28485abce5\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-01cbc52f8563059bf\",\"eni-01cbc52f8563059bf\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-062020a010ac4e984\",\"eni-062020a010ac4e984\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-062020a010ac4e984\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"name\":\"eni-062020a010ac4e984\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"SourceDestCheck\":true,\"TagSet\":[],\"Groups\":[{\"GroupName\":\"kuba-logs-cluster-20241119125158938900000007\",\"GroupId\":\"sg-035fed423cfdb5c55\"},{\"GroupId\":\"sg-066a56ecc9a45761c\",\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\"}],\"Ipv6Native\":null,\"RequesterId\":\"851725637175\",\"OutpostArn\":null,\"VpcId\":\"vpc-08d87433815da7907\",\"Attachment\":{\"AttachmentId\":\"eni-attach-093f3101be9d3a6cd\",\"DeviceIndex\":1,\"InstanceOwnerId\":\"851725637175\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T13:10:23Z\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":null},\"Description\":\"Amazon EKS kuba-logs\",\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-062020a010ac4e984\",\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-0a77aa794e2e89e95\",\"RequesterManaged\":true,\"Association\":null,\"MacAddress\":\"02:95:92:64:65:e1\",\"PrivateIpAddress\":\"10.0.1.35\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"10.0.1.35\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-35.eu-west-1.compute.internal\"}],\"Status\":\"in-use\",\"AvailabilityZone\":\"eu-west-1a\",\"DenyAllIgwTraffic\":null,\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-1-35.eu-west-1.compute.internal\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-062020a010ac4e984\",\"eni-062020a010ac4e984\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"],\"security_group_ids\":[\"sg-035fed423cfdb5c55\",\"sg-066a56ecc9a45761c\"],\"subnet_ids\":[\"subnet-0a77aa794e2e89e95\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a9a73e030de516cc\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"name\":\"eni-0a9a73e030de516cc\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"DenyAllIgwTraffic\":null,\"Ipv6Native\":null,\"PrivateDnsName\":\"ip-10-0-1-162.eu-west-1.compute.internal\",\"AvailabilityZone\":\"eu-west-1a\",\"NetworkInterfaceId\":\"eni-0a9a73e030de516cc\",\"Status\":\"in-use\",\"Attachment\":{\"AttachTime\":\"2023-11-23T18:05:59Z\",\"DeleteOnTermination\":true,\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-0fa153c36e05e1234\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-07ef7e2fdfaa31310\",\"NetworkCardIndex\":0},\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-162.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.162\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-241.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.241\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-67.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.67\"},{\"PrivateDnsName\":\"ip-10-0-1-230.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.230\",\"Association\":null,\"Primary\":false}],\"SubnetId\":\"subnet-013417b28485abce5\",\"Association\":null,\"Groups\":[{\"GroupId\":\"sg-0133ee02b1d6a0bd0\",\"GroupName\":\"long-running-project_120231123175751595700000004\"},{\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":\"long-running-project-node-20231123175752373900000007\"},{\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\"}],\"OwnerId\":\"704479110758\",\"Description\":\"\",\"Ipv6Address\":null,\"SourceDestCheck\":true,\"TagSet\":[{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-07ef7e2fdfaa31310\"}],\"InterfaceType\":\"interface\",\"MacAddress\":\"02:8c:04:38:23:27\",\"OutpostArn\":null,\"PrivateIpAddress\":\"10.0.1.162\",\"RequesterId\":null,\"RequesterManaged\":false,\"VpcId\":\"vpc-096d5aaf84103883c\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a9a73e030de516cc\",\"eni-0a9a73e030de516cc\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-0133ee02b1d6a0bd0\",\"sg-081a33d48a4a9086f\",\"sg-068c07cd665c64b73\"],\"subnet_ids\":[\"subnet-013417b28485abce5\"],\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0a9a73e030de516cc\",\"eni-0a9a73e030de516cc\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-06a751ed42279f224\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"PrivateIpAddress\":\"10.0.1.233\",\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"Ipv4Prefixes\":null,\"RequesterId\":null,\"DenyAllIgwTraffic\":null,\"Groups\":[{\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":\"kuba-logs-node-20241119125157867500000006\"},{\"GroupId\":\"sg-045d46bcaaf8b30a2\",\"GroupName\":\"kuba-logs_120241119125157866600000005\"},{\"GroupId\":\"sg-066a56ecc9a45761c\",\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\"}],\"MacAddress\":\"02:17:bb:dc:4f:93\",\"VpcId\":\"vpc-08d87433815da7907\",\"Association\":null,\"AvailabilityZone\":\"eu-west-1a\",\"Description\":\"\",\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-1-233.eu-west-1.compute.internal\",\"SourceDestCheck\":true,\"SubnetId\":\"subnet-0a77aa794e2e89e95\",\"Ipv6Native\":null,\"OutpostArn\":null,\"NetworkInterfaceId\":\"eni-06a751ed42279f224\",\"TagSet\":[{\"Value\":\"kuba-logs\",\"Key\":\"eks:cluster-name\"},{\"Value\":\"kubasobon\",\"Key\":\"project\"},{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"kuba-logs\"},{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-00ed4d0e65b8cbdfd\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-1\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Key\":\"deployment\",\"Value\":\"kuba-logs\"},{\"Key\":\"eks:nodegroup-name\",\"Value\":\"kuba-logs-1-2024111913004541080000000e\"}],\"RequesterManaged\":false,\"ConnectionTrackingConfiguration\":null,\"Ipv6Address\":null,\"Attachment\":{\"InstanceId\":\"i-00ed4d0e65b8cbdfd\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"AttachTime\":\"2024-11-19T13:01:32Z\",\"AttachmentId\":\"eni-attach-001635fd3f7c3a52e\",\"InstanceOwnerId\":\"704479110758\"},\"InterfaceType\":\"interface\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-233.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.233\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-80.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.80\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-165.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.165\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-120.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.120\"}],\"Status\":\"in-use\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-06a751ed42279f224\",\"eni-06a751ed42279f224\"],\"name\":\"eni-06a751ed42279f224\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-042dc17560e6f8374\",\"sg-045d46bcaaf8b30a2\",\"sg-066a56ecc9a45761c\"],\"subnet_ids\":[\"subnet-0a77aa794e2e89e95\"],\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-06a751ed42279f224\",\"eni-06a751ed42279f224\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0540610d90c320baf\",\"eni-0540610d90c320baf\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0540610d90c320baf\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"AvailabilityZone\":\"eu-west-1a\",\"Ipv4Prefixes\":null,\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"InterfaceType\":\"nat_gateway\",\"TagSet\":[],\"Attachment\":{\"DeviceIndex\":1,\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-aws\",\"NetworkCardIndex\":null,\"AttachmentId\":\"ela-attach-0b38d77c6f9d1763b\",\"DeleteOnTermination\":false,\"EnaSrdSpecification\":null,\"Status\":\"attached\",\"AttachTime\":null},\"ConnectionTrackingConfiguration\":null,\"SubnetId\":\"subnet-06cb2b521f07177a4\",\"Groups\":[],\"OwnerId\":\"704479110758\",\"RequesterManaged\":true,\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-228-205-121.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.228.205.121\",\"AllocationId\":\"eipalloc-023b7b137aa687a28\",\"AssociationId\":\"eipassoc-072df43c5ce284196\"},\"Ipv6Prefixes\":null,\"OutpostArn\":null,\"PrivateDnsName\":\"ip-10-0-4-18.eu-west-1.compute.internal\",\"Status\":\"in-use\",\"Description\":\"Interface for NAT Gateway nat-011d114360045275b\",\"Ipv6Address\":null,\"MacAddress\":\"02:09:44:98:b2:19\",\"RequesterId\":\"194251917446\",\"SourceDestCheck\":false,\"DenyAllIgwTraffic\":null,\"Ipv6Native\":null,\"NetworkInterfaceId\":\"eni-0540610d90c320baf\",\"PrivateIpAddresses\":[{\"Association\":{\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-228-205-121.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.228.205.121\",\"AllocationId\":\"eipalloc-023b7b137aa687a28\",\"AssociationId\":\"eipassoc-072df43c5ce284196\",\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-18.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.18\"}],\"PrivateIpAddress\":\"10.0.4.18\",\"Ipv6Addresses\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0540610d90c320baf\",\"eni-0540610d90c320baf\"],\"name\":\"eni-0540610d90c320baf\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"subnet_ids\":[\"subnet-06cb2b521f07177a4\"],\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-07cddecaece54d34b\",\"eni-07cddecaece54d34b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-07cddecaece54d34b\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-07cddecaece54d34b\",\"eni-07cddecaece54d34b\"],\"name\":\"eni-07cddecaece54d34b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"PrivateIpAddress\":\"10.0.4.5\",\"RequesterManaged\":true,\"Attachment\":{\"EnaSrdSpecification\":null,\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-aws\",\"Status\":\"attached\",\"AttachTime\":null,\"AttachmentId\":\"ela-attach-03e5cd40fef47bbb9\",\"NetworkCardIndex\":null,\"DeleteOnTermination\":false,\"DeviceIndex\":1},\"Association\":{\"AssociationId\":\"eipassoc-06ee92d3c7b2c8802\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-195-237-109.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.195.237.109\",\"AllocationId\":\"eipalloc-0658f5fc4383254f3\"},\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-4-5.eu-west-1.compute.internal\",\"TagSet\":[],\"OutpostArn\":null,\"Ipv6Prefixes\":null,\"AvailabilityZone\":\"eu-west-1a\",\"Description\":\"Interface for NAT Gateway nat-0f7308d9249303ad3\",\"NetworkInterfaceId\":\"eni-07cddecaece54d34b\",\"RequesterId\":\"194251917446\",\"Status\":\"in-use\",\"SubnetId\":\"subnet-02a6e1d1a76af1028\",\"VpcId\":\"vpc-06635215f51bfd343\",\"ConnectionTrackingConfiguration\":null,\"Groups\":[],\"Ipv6Native\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-5.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.5\",\"Association\":{\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-195-237-109.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.195.237.109\",\"AllocationId\":\"eipalloc-0658f5fc4383254f3\",\"AssociationId\":\"eipassoc-06ee92d3c7b2c8802\",\"CarrierIp\":null,\"CustomerOwnedIp\":null}}],\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"MacAddress\":\"02:ab:79:4f:5b:e3\",\"SourceDestCheck\":false,\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"nat_gateway\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-02a6e1d1a76af1028\"],\"vpc_ids\":[\"vpc-06635215f51bfd343\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f9fdf5009f6082c7\",\"eni-0f9fdf5009f6082c7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f9fdf5009f6082c7\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"InterfaceType\":\"interface\",\"Ipv6Address\":null,\"TagSet\":[{\"Key\":\"node.k8s.amazonaws.com/createdAt\",\"Value\":\"2024-08-26T17:06:56Z\"},{\"Value\":\"benchmark-rules\",\"Key\":\"cluster.k8s.amazonaws.com/name\"},{\"Value\":\"i-05e62676300221669\",\"Key\":\"node.k8s.amazonaws.com/instance_id\"}],\"Association\":null,\"ConnectionTrackingConfiguration\":null,\"OwnerId\":\"704479110758\",\"Attachment\":{\"AttachTime\":\"2024-08-26T17:06:57Z\",\"AttachmentId\":\"eni-attach-090839e2a88b640a6\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"Status\":\"attached\",\"DeviceIndex\":1,\"InstanceId\":\"i-05e62676300221669\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"Status\":\"in-use\",\"RequesterId\":\"AROA2IBR2EZTJWV5A4MED:i-05e62676300221669\",\"RequesterManaged\":false,\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-1-121.eu-west-1.compute.internal\",\"Groups\":[{\"GroupId\":\"sg-0054cc356c3f84c21\",\"GroupName\":\"benchmark-rules_120240530133039418700000004\"},{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":\"benchmark-rules-node-20240530133041754900000006\"},{\"GroupId\":\"sg-06db863f6566691fb\",\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\"}],\"DenyAllIgwTraffic\":null,\"Ipv6Addresses\":[],\"MacAddress\":\"02:99:07:1b:f3:57\",\"OutpostArn\":null,\"AvailabilityZone\":\"eu-west-1a\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"10.0.1.121\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-121.eu-west-1.compute.internal\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-53.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.53\",\"Association\":null},{\"PrivateDnsName\":\"ip-10-0-1-57.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.57\",\"Association\":null,\"Primary\":false},{\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-201.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.201\",\"Association\":null}],\"Ipv6Native\":null,\"SourceDestCheck\":true,\"NetworkInterfaceId\":\"eni-0f9fdf5009f6082c7\",\"PrivateIpAddress\":\"10.0.1.121\",\"SubnetId\":\"subnet-0ed154aa70918550b\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"Description\":\"aws-K8S-i-05e62676300221669\",\"Ipv6Prefixes\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0f9fdf5009f6082c7\",\"eni-0f9fdf5009f6082c7\"],\"name\":\"eni-0f9fdf5009f6082c7\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-0054cc356c3f84c21\",\"sg-03b969e6a0eb74e43\",\"sg-06db863f6566691fb\"],\"subnet_ids\":[\"subnet-0ed154aa70918550b\"],\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"subnet_ids\":[\"subnet-0d13fe1170a652ad1\"],\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0b6ee1ff5f0e8fe09\",\"eni-0b6ee1ff5f0e8fe09\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0b6ee1ff5f0e8fe09\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"SourceDestCheck\":false,\"Attachment\":{\"AttachTime\":null,\"DeviceIndex\":1,\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-aws\",\"AttachmentId\":\"ela-attach-010990d2600ec4eb0\",\"DeleteOnTermination\":false,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":null,\"Status\":\"attached\"},\"OwnerId\":\"704479110758\",\"RequesterId\":\"194251917446\",\"Status\":\"in-use\",\"DenyAllIgwTraffic\":null,\"Ipv6Prefixes\":null,\"OutpostArn\":null,\"Association\":{\"AssociationId\":\"eipassoc-03f02a30afe4cbfff\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-72-250-129.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.72.250.129\",\"AllocationId\":\"eipalloc-05fe360277c426330\"},\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"nat_gateway\",\"PrivateDnsName\":\"ip-10-0-4-97.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.97\",\"AvailabilityZone\":\"eu-west-1a\",\"Description\":\"Interface for NAT Gateway nat-07b46485e7b915209\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-97.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.97\",\"Association\":{\"AssociationId\":\"eipassoc-03f02a30afe4cbfff\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-72-250-129.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.72.250.129\",\"AllocationId\":\"eipalloc-05fe360277c426330\"}}],\"SubnetId\":\"subnet-0d13fe1170a652ad1\",\"Groups\":[],\"RequesterManaged\":true,\"VpcId\":\"vpc-00103fb710b9960ab\",\"Ipv6Native\":null,\"NetworkInterfaceId\":\"eni-0b6ee1ff5f0e8fe09\",\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"MacAddress\":\"02:44:4a:9c:13:49\",\"TagSet\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0b6ee1ff5f0e8fe09\",\"eni-0b6ee1ff5f0e8fe09\"],\"name\":\"eni-0b6ee1ff5f0e8fe09\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-039ed5d841f8a66aa\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-039ed5d841f8a66aa\",\"eni-039ed5d841f8a66aa\"],\"name\":\"eni-039ed5d841f8a66aa\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Groups\":[],\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"10.0.4.200\",\"Attachment\":{\"NetworkCardIndex\":null,\"DeleteOnTermination\":false,\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-aws\",\"Status\":\"attached\",\"AttachTime\":null,\"AttachmentId\":\"ela-attach-067d0a6b3fb5b05a2\"},\"Ipv6Address\":null,\"NetworkInterfaceId\":\"eni-039ed5d841f8a66aa\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-200.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.200\",\"Association\":{\"AssociationId\":\"eipassoc-0f2a8c1cc6e587cfa\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-208-134-157.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.208.134.157\",\"AllocationId\":\"eipalloc-05ee73c71c88d2ba5\"}}],\"AvailabilityZone\":\"eu-west-1a\",\"Description\":\"Interface for NAT Gateway nat-0a8989f16ee513965\",\"Ipv4Prefixes\":null,\"OutpostArn\":null,\"Status\":\"in-use\",\"ConnectionTrackingConfiguration\":null,\"MacAddress\":\"02:f6:d6:9e:ae:5d\",\"RequesterId\":\"194251917446\",\"DenyAllIgwTraffic\":null,\"PrivateDnsName\":\"ip-10-0-4-200.eu-west-1.compute.internal\",\"VpcId\":\"vpc-0096efe3aab3734db\",\"InterfaceType\":\"nat_gateway\",\"SourceDestCheck\":false,\"RequesterManaged\":true,\"SubnetId\":\"subnet-070b0039edbb3ea35\",\"Association\":{\"AllocationId\":\"eipalloc-05ee73c71c88d2ba5\",\"AssociationId\":\"eipassoc-0f2a8c1cc6e587cfa\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-208-134-157.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.208.134.157\"},\"OwnerId\":\"704479110758\",\"TagSet\":[]}}},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"subnet_ids\":[\"subnet-070b0039edbb3ea35\"],\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-039ed5d841f8a66aa\",\"eni-039ed5d841f8a66aa\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0afd4d06430ccbead\",\"eni-0afd4d06430ccbead\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0afd4d06430ccbead\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"tags\":null,\"raw\":{\"network_interface\":{\"RequesterId\":\"194251917446\",\"Ipv6Address\":null,\"OutpostArn\":null,\"PrivateIpAddresses\":[{\"Association\":{\"PublicDnsName\":\"ec2-52-215-76-74.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.215.76.74\",\"AllocationId\":\"eipalloc-0f2b0fe764447f12a\",\"AssociationId\":\"eipassoc-0276d128df170990f\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\"},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-215.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.215\"}],\"MacAddress\":\"02:c8:a3:a9:c2:73\",\"NetworkInterfaceId\":\"eni-0afd4d06430ccbead\",\"TagSet\":[],\"ConnectionTrackingConfiguration\":null,\"DenyAllIgwTraffic\":null,\"RequesterManaged\":true,\"Description\":\"Interface for NAT Gateway nat-02b309ab226fb5db5\",\"OwnerId\":\"704479110758\",\"SourceDestCheck\":false,\"VpcId\":\"vpc-04ece708af6c9b689\",\"AvailabilityZone\":\"eu-west-1a\",\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-4-215.eu-west-1.compute.internal\",\"Attachment\":{\"AttachTime\":null,\"DeviceIndex\":1,\"InstanceOwnerId\":\"amazon-aws\",\"Status\":\"attached\",\"AttachmentId\":\"ela-attach-0f32a3ce22aeb5a4c\",\"DeleteOnTermination\":false,\"EnaSrdSpecification\":null,\"InstanceId\":null,\"NetworkCardIndex\":null},\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"PrivateIpAddress\":\"10.0.4.215\",\"Groups\":[],\"Ipv4Prefixes\":null,\"SubnetId\":\"subnet-022a228119cb5b519\",\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-215-76-74.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.215.76.74\",\"AllocationId\":\"eipalloc-0f2b0fe764447f12a\",\"AssociationId\":\"eipassoc-0276d128df170990f\",\"CarrierIp\":null},\"InterfaceType\":\"nat_gateway\",\"Status\":\"in-use\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0afd4d06430ccbead\",\"eni-0afd4d06430ccbead\"],\"name\":\"eni-0afd4d06430ccbead\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"subnet_ids\":[\"subnet-022a228119cb5b519\"],\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-09478e7e8fecb3c92\",\"eni-09478e7e8fecb3c92\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-09478e7e8fecb3c92\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"DenyAllIgwTraffic\":null,\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"SubnetId\":\"subnet-0799634ae05f2b209\",\"Attachment\":{\"AttachTime\":null,\"AttachmentId\":\"ela-attach-0c118bd791a045115\",\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-aws\",\"NetworkCardIndex\":null,\"Status\":\"attached\",\"DeleteOnTermination\":false,\"DeviceIndex\":1,\"EnaSrdSpecification\":null},\"Description\":\"Interface for NAT Gateway nat-053ccb24cf8d0446b\",\"Groups\":[],\"NetworkInterfaceId\":\"eni-09478e7e8fecb3c92\",\"OutpostArn\":null,\"RequesterId\":\"194251917446\",\"RequesterManaged\":true,\"Status\":\"in-use\",\"VpcId\":\"vpc-08d87433815da7907\",\"Ipv6Prefixes\":null,\"Ipv6Native\":null,\"TagSet\":[],\"Association\":{\"AllocationId\":\"eipalloc-078392c9acca7dbfe\",\"AssociationId\":\"eipassoc-0c175f20cf3384042\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-19-64-102.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.19.64.102\"},\"AvailabilityZone\":\"eu-west-1a\",\"InterfaceType\":\"nat_gateway\",\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-4-163.eu-west-1.compute.internal\",\"SourceDestCheck\":false,\"ConnectionTrackingConfiguration\":null,\"MacAddress\":\"02:f8:ba:e8:80:7d\",\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"10.0.4.163\",\"PrivateIpAddresses\":[{\"Association\":{\"AssociationId\":\"eipassoc-0c175f20cf3384042\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-19-64-102.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.19.64.102\",\"AllocationId\":\"eipalloc-078392c9acca7dbfe\"},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-163.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.163\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-09478e7e8fecb3c92\",\"eni-09478e7e8fecb3c92\"],\"name\":\"eni-09478e7e8fecb3c92\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-0799634ae05f2b209\"],\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"subnet_ids\":[\"subnet-0d369ee4ec7b9c3a7\"],\"vpc_ids\":[\"vpc-061fc9c22f73c7d3e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0e042fe93429eed8b\",\"eni-0e042fe93429eed8b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0e042fe93429eed8b\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Attachment\":{\"AttachTime\":null,\"AttachmentId\":\"ela-attach-099f89a630ef596fc\",\"DeviceIndex\":1,\"InstanceOwnerId\":\"amazon-aws\",\"Status\":\"attached\",\"DeleteOnTermination\":false,\"EnaSrdSpecification\":null,\"InstanceId\":null,\"NetworkCardIndex\":null},\"InterfaceType\":\"nat_gateway\",\"Ipv6Native\":null,\"SourceDestCheck\":false,\"RequesterId\":\"194251917446\",\"PrivateIpAddress\":\"10.0.4.95\",\"VpcId\":\"vpc-061fc9c22f73c7d3e\",\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-10-0-4-95.eu-west-1.compute.internal\",\"Ipv6Address\":null,\"OwnerId\":\"704479110758\",\"Description\":\"Interface for NAT Gateway nat-09440a5d45d029b0a\",\"DenyAllIgwTraffic\":null,\"Ipv6Prefixes\":null,\"MacAddress\":\"02:c4:c0:02:87:85\",\"OutpostArn\":null,\"Association\":{\"AssociationId\":\"eipassoc-05825d518c72cd592\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-211-145-98.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.211.145.98\",\"AllocationId\":\"eipalloc-00bece890dc4b67ce\"},\"Groups\":[],\"NetworkInterfaceId\":\"eni-0e042fe93429eed8b\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-10-0-4-95.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.95\",\"Association\":{\"PublicIp\":\"52.211.145.98\",\"AllocationId\":\"eipalloc-00bece890dc4b67ce\",\"AssociationId\":\"eipassoc-05825d518c72cd592\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-211-145-98.eu-west-1.compute.amazonaws.com\"},\"Primary\":true}],\"RequesterManaged\":true,\"AvailabilityZone\":\"eu-west-1a\",\"Ipv6Addresses\":[],\"Status\":\"in-use\",\"SubnetId\":\"subnet-0d369ee4ec7b9c3a7\",\"TagSet\":[],\"ConnectionTrackingConfiguration\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0e042fe93429eed8b\",\"eni-0e042fe93429eed8b\"],\"name\":\"eni-0e042fe93429eed8b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"network_interface\":{\"Attachment\":{\"AttachTime\":null,\"EnaSrdSpecification\":null,\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-aws\",\"NetworkCardIndex\":null,\"Status\":\"attached\",\"AttachmentId\":\"ela-attach-08097c5b475cca03e\",\"DeleteOnTermination\":false,\"DeviceIndex\":1},\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"Ipv6Prefixes\":null,\"Status\":\"in-use\",\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-54-72-251-18.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.72.251.18\",\"AllocationId\":\"eipalloc-06df7209b66e265f3\",\"AssociationId\":\"eipassoc-0abded1795c188f0e\",\"CarrierIp\":null},\"Ipv6Native\":null,\"AvailabilityZone\":\"eu-west-1a\",\"ConnectionTrackingConfiguration\":null,\"Groups\":[],\"PrivateIpAddress\":\"10.0.4.164\",\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"nat_gateway\",\"RequesterId\":\"194251917446\",\"SubnetId\":\"subnet-015b984f7a5a99749\",\"VpcId\":\"vpc-06b023d1fc8665055\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"RequesterManaged\":true,\"TagSet\":[],\"PrivateDnsName\":\"ip-10-0-4-164.eu-west-1.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"PublicDnsName\":\"ec2-54-72-251-18.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"54.72.251.18\",\"AllocationId\":\"eipalloc-06df7209b66e265f3\",\"AssociationId\":\"eipassoc-0abded1795c188f0e\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\"},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-164.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.164\"}],\"Description\":\"Interface for NAT Gateway nat-05d9084ea5f3ecb87\",\"Ipv6Address\":null,\"MacAddress\":\"02:0d:45:c2:2a:a7\",\"SourceDestCheck\":false,\"NetworkInterfaceId\":\"eni-0d08c6763c44d4258\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0d08c6763c44d4258\",\"eni-0d08c6763c44d4258\"],\"name\":\"eni-0d08c6763c44d4258\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"subnet_ids\":[\"subnet-015b984f7a5a99749\"],\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0d08c6763c44d4258\",\"eni-0d08c6763c44d4258\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0d08c6763c44d4258\":{\"category\":\"infrastructure\",\"type\":\"interface\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"subnet_ids\":[\"subnet-03471f9d33d77b2d3\"],\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0201ef690bf3b1196\",\"eni-0201ef690bf3b1196\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0201ef690bf3b1196\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Description\":\"Interface for NAT Gateway nat-0ee5c20c3c6b2e753\",\"NetworkInterfaceId\":\"eni-0201ef690bf3b1196\",\"SourceDestCheck\":false,\"AvailabilityZone\":\"eu-west-1a\",\"ConnectionTrackingConfiguration\":null,\"InterfaceType\":\"nat_gateway\",\"OutpostArn\":null,\"PrivateDnsName\":\"ip-10-0-4-219.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.219\",\"Attachment\":{\"InstanceOwnerId\":\"amazon-aws\",\"AttachTime\":null,\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"InstanceId\":null,\"NetworkCardIndex\":null,\"Status\":\"attached\",\"AttachmentId\":\"ela-attach-04dae1aab25a7ee68\",\"DeleteOnTermination\":false},\"Groups\":[],\"OwnerId\":\"704479110758\",\"RequesterManaged\":true,\"Association\":{\"PublicIp\":\"34.251.141.222\",\"AllocationId\":\"eipalloc-0a82c3bec5c10159a\",\"AssociationId\":\"eipassoc-09209f9eed3ca2732\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-34-251-141-222.eu-west-1.compute.amazonaws.com\"},\"Ipv6Address\":null,\"DenyAllIgwTraffic\":null,\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"SubnetId\":\"subnet-03471f9d33d77b2d3\",\"Status\":\"in-use\",\"Ipv6Native\":null,\"PrivateIpAddresses\":[{\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-34-251-141-222.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"34.251.141.222\",\"AllocationId\":\"eipalloc-0a82c3bec5c10159a\",\"AssociationId\":\"eipassoc-09209f9eed3ca2732\",\"CarrierIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-219.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.219\"}],\"MacAddress\":\"02:8d:a1:ef:e6:a3\",\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"Ipv6Prefixes\":null,\"RequesterId\":\"194251917446\",\"TagSet\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0201ef690bf3b1196\",\"eni-0201ef690bf3b1196\"],\"name\":\"eni-0201ef690bf3b1196\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-019781fa77e1fe6f4\",\"eni-019781fa77e1fe6f4\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-019781fa77e1fe6f4\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"name\":\"eni-019781fa77e1fe6f4\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Attachment\":{\"AttachTime\":null,\"AttachmentId\":\"ela-attach-02ed2201afa8df697\",\"DeviceIndex\":1,\"Status\":\"attached\",\"NetworkCardIndex\":null,\"DeleteOnTermination\":false,\"EnaSrdSpecification\":null,\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-aws\"},\"PrivateIpAddress\":\"10.0.4.17\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-10-0-4-17.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.17\",\"Association\":{\"AssociationId\":\"eipassoc-0abc01463c287130f\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-210-91-99.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.210.91.99\",\"AllocationId\":\"eipalloc-0609d263a32ea51ea\"},\"Primary\":true}],\"SubnetId\":\"subnet-03d0cff9718e7aeb2\",\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-210-91-99.eu-west-1.compute.amazonaws.com\",\"PublicIp\":\"52.210.91.99\",\"AllocationId\":\"eipalloc-0609d263a32ea51ea\",\"AssociationId\":\"eipassoc-0abc01463c287130f\"},\"AvailabilityZone\":\"eu-west-1a\",\"DenyAllIgwTraffic\":null,\"TagSet\":[],\"InterfaceType\":\"nat_gateway\",\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"OutpostArn\":null,\"RequesterManaged\":true,\"ConnectionTrackingConfiguration\":null,\"Groups\":[],\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"MacAddress\":\"02:ae:48:ef:3c:23\",\"SourceDestCheck\":false,\"Status\":\"in-use\",\"RequesterId\":\"194251917446\",\"VpcId\":\"vpc-0de5d19ac894b58c9\",\"Description\":\"Interface for NAT Gateway nat-0c74aafd4043dffb2\",\"Ipv6Native\":null,\"NetworkInterfaceId\":\"eni-019781fa77e1fe6f4\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-10-0-4-17.eu-west-1.compute.internal\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-019781fa77e1fe6f4\",\"eni-019781fa77e1fe6f4\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"subnet_ids\":[\"subnet-03d0cff9718e7aeb2\"],\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-09ef0299d5bc5a16d\",\"eni-09ef0299d5bc5a16d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-09ef0299d5bc5a16d\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-09ef0299d5bc5a16d\",\"eni-09ef0299d5bc5a16d\"],\"name\":\"eni-09ef0299d5bc5a16d\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"TagSet\":[{\"Value\":\"i-00ed4d0e65b8cbdfd\",\"Key\":\"node.k8s.amazonaws.com/instance_id\"},{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"kuba-logs\"},{\"Value\":\"2024-11-19T13:02:16Z\",\"Key\":\"node.k8s.amazonaws.com/createdAt\"}],\"Description\":\"aws-K8S-i-00ed4d0e65b8cbdfd\",\"NetworkInterfaceId\":\"eni-09ef0299d5bc5a16d\",\"PrivateIpAddress\":\"10.0.1.24\",\"SubnetId\":\"subnet-0a77aa794e2e89e95\",\"InterfaceType\":\"interface\",\"OutpostArn\":null,\"SourceDestCheck\":true,\"AvailabilityZone\":\"eu-west-1a\",\"Ipv6Addresses\":[],\"Status\":\"in-use\",\"DenyAllIgwTraffic\":null,\"Groups\":[{\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":\"kuba-logs-node-20241119125157867500000006\"},{\"GroupId\":\"sg-045d46bcaaf8b30a2\",\"GroupName\":\"kuba-logs_120241119125157866600000005\"},{\"GroupId\":\"sg-066a56ecc9a45761c\",\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\"}],\"Ipv6Address\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-24.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.24\"},{\"PrivateDnsName\":\"ip-10-0-1-113.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.113\",\"Association\":null,\"Primary\":false},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-10-0-1-84.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.84\"},{\"PrivateDnsName\":\"ip-10-0-1-219.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"10.0.1.219\",\"Association\":null,\"Primary\":false}],\"RequesterId\":\"AROA2IBR2EZTFISYGPFKH:i-00ed4d0e65b8cbdfd\",\"VpcId\":\"vpc-08d87433815da7907\",\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"ConnectionTrackingConfiguration\":null,\"MacAddress\":\"02:83:db:6b:8f:ed\",\"PrivateDnsName\":\"ip-10-0-1-24.eu-west-1.compute.internal\",\"Association\":null,\"Attachment\":{\"InstanceId\":\"i-00ed4d0e65b8cbdfd\",\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\",\"AttachTime\":\"2024-11-19T13:02:17Z\",\"AttachmentId\":\"eni-attach-0151e7ad51457d995\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0},\"Ipv6Native\":null,\"RequesterManaged\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-042dc17560e6f8374\",\"sg-045d46bcaaf8b30a2\",\"sg-066a56ecc9a45761c\"],\"subnet_ids\":[\"subnet-0a77aa794e2e89e95\"],\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0e282d70e1a06e40c\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"MacAddress\":\"02:10:2f:fb:0d:8b\",\"Status\":\"in-use\",\"TagSet\":[],\"AvailabilityZone\":\"eu-west-1a\",\"NetworkInterfaceId\":\"eni-0e282d70e1a06e40c\",\"PrivateDnsName\":\"ip-172-31-0-236.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.0.236\",\"DenyAllIgwTraffic\":null,\"Ipv4Prefixes\":null,\"Association\":null,\"Ipv6Address\":null,\"Groups\":[{\"GroupId\":\"sg-0c9dfc1823afc5e9a\",\"GroupName\":\"launch-wizard-94\"}],\"InterfaceType\":\"interface\",\"Ipv6Native\":null,\"RequesterId\":null,\"Attachment\":{\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-024825541d5f05370\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-03-12T11:04:18Z\",\"AttachmentId\":\"eni-attach-0a3a081b5720c839e\",\"DeviceIndex\":0},\"Description\":\"\",\"SubnetId\":\"subnet-d4cf96b2\",\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"RequesterManaged\":false,\"SourceDestCheck\":true,\"VpcId\":\"vpc-6cb55a15\",\"ConnectionTrackingConfiguration\":null,\"OutpostArn\":null,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-0-236.eu-west-1.compute.internal\",\"PrivateIpAddress\":\"172.31.0.236\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0e282d70e1a06e40c\",\"eni-0e282d70e1a06e40c\"],\"name\":\"eni-0e282d70e1a06e40c\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"security_group_ids\":[\"sg-0c9dfc1823afc5e9a\"],\"subnet_ids\":[\"subnet-d4cf96b2\"],\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:network-interface/eni-0e282d70e1a06e40c\",\"eni-0e282d70e1a06e40c\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:network-interface/eni-060e806bc8867dc28\",\"eni-060e806bc8867dc28\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:network-interface/eni-060e806bc8867dc28\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"Ipv6Addresses\":[],\"MacAddress\":\"02:ad:0f:93:2e:0c\",\"PrivateDnsName\":\"ip-10-0-4-15.ap-south-1.compute.internal\",\"Status\":\"in-use\",\"InterfaceType\":\"nat_gateway\",\"RequesterId\":\"605939258698\",\"SourceDestCheck\":false,\"Groups\":[],\"TagSet\":[],\"PrivateIpAddress\":\"10.0.4.15\",\"RequesterManaged\":true,\"SubnetId\":\"subnet-014bc35788d91ba5e\",\"Attachment\":{\"NetworkCardIndex\":null,\"AttachTime\":null,\"AttachmentId\":\"ela-attach-06acb6d92f1ab0e7a\",\"EnaSrdSpecification\":null,\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-aws\",\"Status\":\"attached\",\"DeleteOnTermination\":false,\"DeviceIndex\":1},\"Ipv6Native\":null,\"OutpostArn\":null,\"VpcId\":\"vpc-0d34957e50abb854b\",\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-060e806bc8867dc28\",\"PrivateIpAddresses\":[{\"Association\":{\"PublicDnsName\":\"ec2-3-6-157-21.ap-south-1.compute.amazonaws.com\",\"PublicIp\":\"3.6.157.21\",\"AllocationId\":\"eipalloc-0133e0fb70a3bf4bf\",\"AssociationId\":\"eipassoc-0b455d955ddb2f03d\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\"},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-15.ap-south-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.15\"}],\"Association\":{\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-3-6-157-21.ap-south-1.compute.amazonaws.com\",\"PublicIp\":\"3.6.157.21\",\"AllocationId\":\"eipalloc-0133e0fb70a3bf4bf\",\"AssociationId\":\"eipassoc-0b455d955ddb2f03d\"},\"ConnectionTrackingConfiguration\":null,\"Description\":\"Interface for NAT Gateway nat-0605952144a413cfb\",\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"ap-south-1a\",\"DenyAllIgwTraffic\":null}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:network-interface/eni-060e806bc8867dc28\",\"eni-060e806bc8867dc28\"],\"name\":\"eni-060e806bc8867dc28\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"subnet_ids\":[\"subnet-014bc35788d91ba5e\"],\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:network-interface/eni-0bda84b4002c32802\",\"eni-0bda84b4002c32802\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:network-interface/eni-0bda84b4002c32802\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"OutpostArn\":null,\"PrivateIpAddress\":\"10.0.4.211\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-4-211.ap-south-1.compute.internal\",\"PrivateIpAddress\":\"10.0.4.211\",\"Association\":{\"AllocationId\":\"eipalloc-053e7ba56114f716d\",\"AssociationId\":\"eipassoc-060f99d0f0fd265d2\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-3-6-101-145.ap-south-1.compute.amazonaws.com\",\"PublicIp\":\"3.6.101.145\"}}],\"Description\":\"Interface for NAT Gateway nat-0702e318745658a73\",\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"SubnetId\":\"subnet-0477cccc31d37da62\",\"TagSet\":[],\"NetworkInterfaceId\":\"eni-0bda84b4002c32802\",\"Attachment\":{\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"Status\":\"attached\",\"AttachTime\":null,\"DeleteOnTermination\":false,\"InstanceOwnerId\":\"amazon-aws\",\"NetworkCardIndex\":null,\"AttachmentId\":\"ela-attach-0bcb16d84f5b90fc4\",\"InstanceId\":null},\"RequesterId\":\"605939258698\",\"SourceDestCheck\":false,\"InterfaceType\":\"nat_gateway\",\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"ap-south-1a\",\"ConnectionTrackingConfiguration\":null,\"Groups\":[],\"Ipv6Addresses\":[],\"RequesterManaged\":true,\"Status\":\"in-use\",\"VpcId\":\"vpc-0400c449f7d20cd09\",\"Association\":{\"PublicIp\":\"3.6.101.145\",\"AllocationId\":\"eipalloc-053e7ba56114f716d\",\"AssociationId\":\"eipassoc-060f99d0f0fd265d2\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-3-6-101-145.ap-south-1.compute.amazonaws.com\"},\"DenyAllIgwTraffic\":null,\"MacAddress\":\"02:af:da:af:79:b4\",\"PrivateDnsName\":\"ip-10-0-4-211.ap-south-1.compute.internal\"}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:network-interface/eni-0bda84b4002c32802\",\"eni-0bda84b4002c32802\"],\"name\":\"eni-0bda84b4002c32802\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"subnet_ids\":[\"subnet-0477cccc31d37da62\"],\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0b81394a3bd777a9f\",\"eni-0b81394a3bd777a9f\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0b81394a3bd777a9f\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"PrivateIpAddress\":\"172.31.82.21\",\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"us-east-1b\",\"DenyAllIgwTraffic\":null,\"NetworkInterfaceId\":\"eni-0b81394a3bd777a9f\",\"OutpostArn\":null,\"SourceDestCheck\":true,\"Ipv6Address\":null,\"Ipv6Native\":null,\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.82.21\",\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-87-0-19.compute-1.amazonaws.com\",\"PublicIp\":\"3.87.0.19\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-82-21.ec2.internal\"}],\"RequesterManaged\":false,\"Status\":\"in-use\",\"TagSet\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"AWS re:Invent demo\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"},{\"Key\":\"Name\",\"Value\":\"tin-demo-instance\"}],\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-3-87-0-19.compute-1.amazonaws.com\",\"PublicIp\":\"3.87.0.19\"},\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"SubnetId\":\"subnet-fee506df\",\"VpcId\":\"vpc-73d2e309\",\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-006d0decaf51b405e\",\"GroupName\":\"launch-wizard-16\"}],\"Attachment\":{\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0a6f5db394ad729f3\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-15T21:39:16Z\",\"AttachmentId\":\"eni-attach-0e403827d80d30caa\",\"DeleteOnTermination\":true,\"DeviceIndex\":0},\"ConnectionTrackingConfiguration\":null,\"RequesterId\":null,\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"MacAddress\":\"12:4e:2b:a6:bf:3d\",\"PrivateDnsName\":\"ip-172-31-82-21.ec2.internal\"}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0b81394a3bd777a9f\",\"eni-0b81394a3bd777a9f\"],\"name\":\"eni-0b81394a3bd777a9f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"],\"security_group_ids\":[\"sg-006d0decaf51b405e\"],\"subnet_ids\":[\"subnet-fee506df\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0300f51e1aa4c664b\",\"eni-0300f51e1aa4c664b\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0300f51e1aa4c664b\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"raw\":{\"network_interface\":{\"Attachment\":{\"Status\":\"attached\",\"AttachTime\":\"2024-10-15T21:39:16Z\",\"DeviceIndex\":0,\"InstanceId\":\"i-060467a2500d7a8a5\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"AttachmentId\":\"eni-attach-05059cc641c439a05\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null},\"InterfaceType\":\"interface\",\"VpcId\":\"vpc-73d2e309\",\"DenyAllIgwTraffic\":null,\"Description\":\"\",\"TagSet\":[{\"Key\":\"Name\",\"Value\":\"tin-demo-instance\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"AWS re:Invent demo\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"}],\"Ipv6Addresses\":[],\"OutpostArn\":null,\"RequesterId\":null,\"RequesterManaged\":false,\"SourceDestCheck\":true,\"SubnetId\":\"subnet-fee506df\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Address\":null,\"MacAddress\":\"12:6d:ee:6b:07:b3\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-92-40.ec2.internal\",\"Ipv4Prefixes\":null,\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-92-40.ec2.internal\",\"PrivateIpAddress\":\"172.31.92.40\",\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-234-79-103.compute-1.amazonaws.com\",\"PublicIp\":\"18.234.79.103\",\"AllocationId\":null},\"Primary\":true}],\"Association\":{\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-18-234-79-103.compute-1.amazonaws.com\",\"PublicIp\":\"18.234.79.103\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"AvailabilityZone\":\"us-east-1b\",\"NetworkInterfaceId\":\"eni-0300f51e1aa4c664b\",\"Groups\":[{\"GroupId\":\"sg-006d0decaf51b405e\",\"GroupName\":\"launch-wizard-16\"}],\"Status\":\"in-use\",\"PrivateIpAddress\":\"172.31.92.40\"}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0300f51e1aa4c664b\",\"eni-0300f51e1aa4c664b\"],\"name\":\"eni-0300f51e1aa4c664b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-006d0decaf51b405e\"],\"subnet_ids\":[\"subnet-fee506df\"],\"vpc_ids\":[\"vpc-73d2e309\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0d09a13fffddbaa13\",\"eni-0d09a13fffddbaa13\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0d09a13fffddbaa13\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"name\":\"eni-0d09a13fffddbaa13\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Description\":\"\",\"InterfaceType\":\"interface\",\"NetworkInterfaceId\":\"eni-0d09a13fffddbaa13\",\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"172.31.87.172\",\"SourceDestCheck\":true,\"Groups\":[{\"GroupId\":\"sg-006d0decaf51b405e\",\"GroupName\":\"launch-wizard-16\"}],\"Status\":\"in-use\",\"Ipv6Address\":null,\"MacAddress\":\"12:76:d9:f7:82:95\",\"OutpostArn\":null,\"RequesterId\":null,\"AvailabilityZone\":\"us-east-1b\",\"DenyAllIgwTraffic\":null,\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"RequesterManaged\":false,\"VpcId\":\"vpc-73d2e309\",\"Attachment\":{\"DeviceIndex\":0,\"InstanceId\":\"i-0082fa03d05ed60a5\",\"DeleteOnTermination\":true,\"AttachmentId\":\"eni-attach-0592593363bd517bd\",\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-10-15T21:39:16Z\"},\"Ipv6Prefixes\":null,\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-87-172.ec2.internal\",\"PrivateIpAddress\":\"172.31.87.172\",\"Association\":{\"PublicIp\":\"52.90.110.172\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-52-90-110-172.compute-1.amazonaws.com\"}}],\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-52-90-110-172.compute-1.amazonaws.com\",\"PublicIp\":\"52.90.110.172\"},\"Ipv4Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-87-172.ec2.internal\",\"TagSet\":[{\"Key\":\"project\",\"Value\":\"AWS re:Invent demo\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"},{\"Value\":\"tin-demo-instance\",\"Key\":\"Name\"},{\"Value\":\"engineering\",\"Key\":\"division\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"ConnectionTrackingConfiguration\":null,\"SubnetId\":\"subnet-fee506df\"}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0d09a13fffddbaa13\",\"eni-0d09a13fffddbaa13\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-006d0decaf51b405e\"],\"subnet_ids\":[\"subnet-fee506df\"],\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0c6b09613e31ec7b4\",\"eni-0c6b09613e31ec7b4\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0c6b09613e31ec7b4\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Description\":\"\",\"Groups\":[{\"GroupName\":\"launch-wizard-15\",\"GroupId\":\"sg-0458bbec1fdae9123\"}],\"PrivateIpAddress\":\"172.31.65.89\",\"Status\":\"in-use\",\"TagSet\":[],\"VpcId\":\"vpc-73d2e309\",\"Attachment\":{\"AttachmentId\":\"eni-attach-0d5cdb9472a71d04d\",\"DeviceIndex\":0,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-06-06T08:32:20Z\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-05c0f5c23428eb2f9\",\"Status\":\"attached\"},\"DenyAllIgwTraffic\":null,\"OwnerId\":\"704479110758\",\"RequesterManaged\":false,\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-65-89.ec2.internal\",\"PrivateIpAddress\":\"172.31.65.89\"}],\"SubnetId\":\"subnet-37391109\",\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-0c6b09613e31ec7b4\",\"Association\":null,\"AvailabilityZone\":\"us-east-1e\",\"ConnectionTrackingConfiguration\":null,\"OutpostArn\":null,\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"PrivateDnsName\":\"ip-172-31-65-89.ec2.internal\",\"MacAddress\":\"06:fa:1a:f0:3a:6f\",\"RequesterId\":null,\"SourceDestCheck\":true}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0c6b09613e31ec7b4\",\"eni-0c6b09613e31ec7b4\"],\"name\":\"eni-0c6b09613e31ec7b4\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"security_group_ids\":[\"sg-0458bbec1fdae9123\"],\"subnet_ids\":[\"subnet-37391109\"],\"vpc_ids\":[\"vpc-73d2e309\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0f318e12e44df57d5\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"RequesterId\":null,\"PrivateDnsName\":\"ip-172-31-25-54.ec2.internal\",\"InterfaceType\":\"interface\",\"Status\":\"in-use\",\"MacAddress\":\"0a:ff:df:be:92:31\",\"VpcId\":\"vpc-73d2e309\",\"PrivateIpAddress\":\"172.31.25.54\",\"Description\":\"\",\"Ipv4Prefixes\":null,\"OutpostArn\":null,\"Attachment\":{\"InstanceId\":\"i-0dfdf8d70ea3f391f\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"AttachTime\":\"2024-05-02T14:55:58Z\",\"AttachmentId\":\"eni-attach-021dbb7cf91c9fa2e\"},\"AvailabilityZone\":\"us-east-1c\",\"Ipv6Address\":null,\"SubnetId\":\"subnet-8bdf6bc6\",\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-0f318e12e44df57d5\",\"OwnerId\":\"704479110758\",\"Association\":{\"AllocationId\":\"eipalloc-0873b150e7e514de0\",\"AssociationId\":\"eipassoc-03f94cfcdb95e9257\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-44-223-163-119.compute-1.amazonaws.com\",\"PublicIp\":\"44.223.163.119\"},\"DenyAllIgwTraffic\":null,\"Groups\":[{\"GroupId\":\"sg-0e216cd0fdb8e7d68\",\"GroupName\":\"orestis-onweek\"}],\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-25-54.ec2.internal\",\"PrivateIpAddress\":\"172.31.25.54\",\"Association\":{\"AllocationId\":\"eipalloc-0873b150e7e514de0\",\"AssociationId\":\"eipassoc-03f94cfcdb95e9257\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-44-223-163-119.compute-1.amazonaws.com\",\"PublicIp\":\"44.223.163.119\"},\"Primary\":true}],\"RequesterManaged\":false,\"SourceDestCheck\":true,\"ConnectionTrackingConfiguration\":null,\"TagSet\":[]}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0f318e12e44df57d5\",\"eni-0f318e12e44df57d5\"],\"name\":\"eni-0f318e12e44df57d5\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"],\"security_group_ids\":[\"sg-0e216cd0fdb8e7d68\"],\"subnet_ids\":[\"subnet-8bdf6bc6\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0f318e12e44df57d5\",\"eni-0f318e12e44df57d5\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0636444b03046a6e5\",\"eni-0636444b03046a6e5\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0636444b03046a6e5\":{\"type\":\"interface\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"ConnectionTrackingConfiguration\":null,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-28-104.ec2.internal\",\"PrivateIpAddress\":\"172.31.28.104\"}],\"RequesterId\":null,\"SubnetId\":\"subnet-8bdf6bc6\",\"AvailabilityZone\":\"us-east-1c\",\"Description\":\"\",\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"PrivateDnsName\":\"ip-172-31-28-104.ec2.internal\",\"VpcId\":\"vpc-73d2e309\",\"Association\":null,\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"Ipv6Address\":null,\"PrivateIpAddress\":\"172.31.28.104\",\"Ipv4Prefixes\":null,\"Ipv6Addresses\":[],\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Attachment\":{\"EnaSrdSpecification\":null,\"Status\":\"attached\",\"AttachTime\":\"2024-10-14T11:56:49Z\",\"DeviceIndex\":0,\"InstanceId\":\"i-03211b0335accab56\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"AttachmentId\":\"eni-attach-01eb62d8ea0e05e79\",\"DeleteOnTermination\":true},\"RequesterManaged\":false,\"TagSet\":[],\"Groups\":[{\"GroupId\":\"sg-4e483165\",\"GroupName\":\"default\"}],\"MacAddress\":\"0a:ff:d1:3b:2f:15\",\"NetworkInterfaceId\":\"eni-0636444b03046a6e5\"}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0636444b03046a6e5\",\"eni-0636444b03046a6e5\"],\"name\":\"eni-0636444b03046a6e5\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"],\"security_group_ids\":[\"sg-4e483165\"],\"subnet_ids\":[\"subnet-8bdf6bc6\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-088febaeb5ff279d6\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"DenyAllIgwTraffic\":null,\"Groups\":[{\"GroupId\":\"sg-0e216cd0fdb8e7d68\",\"GroupName\":\"orestis-onweek\"}],\"Status\":\"in-use\",\"VpcId\":\"vpc-73d2e309\",\"MacAddress\":\"0a:ff:fb:09:11:57\",\"PrivateIpAddress\":\"172.31.23.246\",\"InterfaceType\":\"interface\",\"RequesterId\":null,\"Attachment\":{\"DeviceIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-05-02T14:56:48Z\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0a77491c9b1393ec8\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"AttachmentId\":\"eni-attach-04114abbe44f790d9\"},\"OutpostArn\":null,\"PrivateIpAddresses\":[{\"Association\":{\"AllocationId\":\"eipalloc-0e1258d0ad905be40\",\"AssociationId\":\"eipassoc-01a4e28efa1da316d\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-100-27-136-248.compute-1.amazonaws.com\",\"PublicIp\":\"100.27.136.248\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-23-246.ec2.internal\",\"PrivateIpAddress\":\"172.31.23.246\"}],\"SourceDestCheck\":true,\"ConnectionTrackingConfiguration\":null,\"TagSet\":[],\"Ipv6Prefixes\":null,\"Ipv4Prefixes\":null,\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"RequesterManaged\":false,\"SubnetId\":\"subnet-8bdf6bc6\",\"Association\":{\"PublicIp\":\"100.27.136.248\",\"AllocationId\":\"eipalloc-0e1258d0ad905be40\",\"AssociationId\":\"eipassoc-01a4e28efa1da316d\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-100-27-136-248.compute-1.amazonaws.com\"},\"AvailabilityZone\":\"us-east-1c\",\"NetworkInterfaceId\":\"eni-088febaeb5ff279d6\",\"PrivateDnsName\":\"ip-172-31-23-246.ec2.internal\",\"Description\":\"\",\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-088febaeb5ff279d6\",\"eni-088febaeb5ff279d6\"],\"name\":\"eni-088febaeb5ff279d6\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"],\"security_group_ids\":[\"sg-0e216cd0fdb8e7d68\"],\"subnet_ids\":[\"subnet-8bdf6bc6\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-088febaeb5ff279d6\",\"eni-088febaeb5ff279d6\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-034bde1a09b5d9fa3\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"raw\":{\"network_interface\":{\"Status\":\"in-use\",\"Ipv4Prefixes\":null,\"Attachment\":{\"AttachmentId\":\"eni-attach-0ec8a594b61836670\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"AttachTime\":\"2024-04-25T17:19:37Z\",\"InstanceId\":\"i-099968d1110a8d149\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"DeleteOnTermination\":true},\"PrivateDnsName\":\"ip-172-31-55-96.ec2.internal\",\"RequesterId\":null,\"Ipv6Native\":null,\"OutpostArn\":null,\"RequesterManaged\":false,\"SubnetId\":\"subnet-bf6ab5b1\",\"VpcId\":\"vpc-73d2e309\",\"AvailabilityZone\":\"us-east-1f\",\"Ipv6Addresses\":[],\"PrivateIpAddress\":\"172.31.55.96\",\"Description\":\"\",\"Ipv6Prefixes\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-55-96.ec2.internal\",\"PrivateIpAddress\":\"172.31.55.96\"}],\"Association\":null,\"OwnerId\":\"704479110758\",\"SourceDestCheck\":true,\"Groups\":[{\"GroupName\":\"elastic-agent-security-group-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\",\"GroupId\":\"sg-0eb5d6011d232e16e\"}],\"InterfaceType\":\"interface\",\"Ipv6Address\":null,\"MacAddress\":\"16:ff:f0:16:3b:5b\",\"NetworkInterfaceId\":\"eni-034bde1a09b5d9fa3\",\"TagSet\":[],\"ConnectionTrackingConfiguration\":null,\"DenyAllIgwTraffic\":null}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-034bde1a09b5d9fa3\",\"eni-034bde1a09b5d9fa3\"],\"name\":\"eni-034bde1a09b5d9fa3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-0eb5d6011d232e16e\"],\"subnet_ids\":[\"subnet-bf6ab5b1\"],\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-034bde1a09b5d9fa3\",\"eni-034bde1a09b5d9fa3\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-0a5842d62f18ab237\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-42-220.ec2.internal\",\"PrivateIpAddress\":\"172.31.42.220\",\"Association\":null}],\"PrivateIpAddress\":\"172.31.42.220\",\"Association\":null,\"OutpostArn\":null,\"Status\":\"in-use\",\"SubnetId\":\"subnet-c4bf5e9b\",\"VpcId\":\"vpc-73d2e309\",\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"Ipv4Prefixes\":null,\"MacAddress\":\"0e:8b:3a:3b:b5:e9\",\"Ipv6Prefixes\":null,\"RequesterManaged\":false,\"AvailabilityZone\":\"us-east-1d\",\"Groups\":[{\"GroupId\":\"sg-4e483165\",\"GroupName\":\"default\"}],\"InterfaceType\":\"interface\",\"Ipv6Native\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-42-220.ec2.internal\",\"RequesterId\":null,\"Attachment\":{\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-084fb4233aaf2e60f\",\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\",\"AttachTime\":\"2024-10-14T09:04:55Z\",\"AttachmentId\":\"eni-attach-072f1fe0c20e169da\",\"DeviceIndex\":0,\"NetworkCardIndex\":0},\"Ipv6Address\":null,\"SourceDestCheck\":true,\"TagSet\":[],\"DenyAllIgwTraffic\":null}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0a5842d62f18ab237\",\"eni-0a5842d62f18ab237\"],\"name\":\"eni-0a5842d62f18ab237\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-4e483165\"],\"subnet_ids\":[\"subnet-c4bf5e9b\"],\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0a5842d62f18ab237\",\"eni-0a5842d62f18ab237\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:network-interface/eni-0a5842d62f18ab237\":{\"category\":\"infrastructure\",\"type\":\"interface\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:network-interface/eni-01ee6589b164a2c1d\",\"eni-01ee6589b164a2c1d\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:network-interface/eni-01ee6589b164a2c1d\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"ConnectionTrackingConfiguration\":null,\"Description\":\"\",\"OutpostArn\":null,\"Association\":null,\"Attachment\":{\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0f65de455ea507d64\",\"Status\":\"attached\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-10-21T14:20:01Z\",\"AttachmentId\":\"eni-attach-0be3d2c28ec0ef354\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"InstanceOwnerId\":\"704479110758\"},\"DenyAllIgwTraffic\":null,\"AvailabilityZone\":\"ap-northeast-3a\",\"Groups\":[{\"GroupId\":\"sg-06a3c2327b0c74906\",\"GroupName\":\"elastic-agent-security-group-7c201840-8fb7-11ef-b631-06d7d70edc93\"}],\"PrivateIpAddress\":\"172.31.38.165\",\"SourceDestCheck\":true,\"Status\":\"in-use\",\"Ipv4Prefixes\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-38-165.ap-northeast-3.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-38-165.ap-northeast-3.compute.internal\",\"PrivateIpAddress\":\"172.31.38.165\"}],\"TagSet\":[],\"RequesterManaged\":false,\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"SubnetId\":\"subnet-3135917c\",\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"MacAddress\":\"0e:bc:44:e9:68:c3\",\"NetworkInterfaceId\":\"eni-01ee6589b164a2c1d\",\"RequesterId\":null,\"VpcId\":\"vpc-04076d6d\"}},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:network-interface/eni-01ee6589b164a2c1d\",\"eni-01ee6589b164a2c1d\"],\"name\":\"eni-01ee6589b164a2c1d\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"],\"security_group_ids\":[\"sg-06a3c2327b0c74906\"],\"subnet_ids\":[\"subnet-3135917c\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0c673073e0f387d6f\",\"eni-0c673073e0f387d6f\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0c673073e0f387d6f\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"AvailabilityZone\":\"us-west-2a\",\"DenyAllIgwTraffic\":null,\"OutpostArn\":null,\"Status\":\"in-use\",\"PrivateDnsName\":\"ip-10-0-1-229.us-west-2.compute.internal\",\"PrivateIpAddress\":\"10.0.1.229\",\"SourceDestCheck\":false,\"TagSet\":[],\"VpcId\":\"vpc-0180a1dc90512f144\",\"SubnetId\":\"subnet-0e40d676cc223ac12\",\"Association\":{\"AllocationId\":\"eipalloc-0cefcfd607d504cb3\",\"AssociationId\":\"eipassoc-0105b5bdf5d4abe6d\",\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-12-92-147.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"52.12.92.147\"},\"Ipv6Prefixes\":null,\"Ipv6Address\":null,\"PrivateIpAddresses\":[{\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"704479110758\",\"PublicDnsName\":\"ec2-52-12-92-147.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"52.12.92.147\",\"AllocationId\":\"eipalloc-0cefcfd607d504cb3\",\"AssociationId\":\"eipassoc-0105b5bdf5d4abe6d\",\"CarrierIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-10-0-1-229.us-west-2.compute.internal\",\"PrivateIpAddress\":\"10.0.1.229\"}],\"InterfaceType\":\"nat_gateway\",\"Ipv6Native\":null,\"OwnerId\":\"704479110758\",\"Attachment\":{\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":null,\"Status\":\"attached\",\"AttachmentId\":\"ela-attach-0831c3efcc0a03acd\",\"DeleteOnTermination\":false,\"InstanceId\":null,\"InstanceOwnerId\":\"amazon-aws\",\"AttachTime\":null},\"Groups\":[],\"Ipv4Prefixes\":null,\"MacAddress\":\"06:96:09:3c:66:1f\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-0c673073e0f387d6f\",\"RequesterManaged\":true,\"Description\":\"Interface for NAT Gateway nat-0237508616dbe3a38\",\"RequesterId\":\"159007097412\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0c673073e0f387d6f\",\"eni-0c673073e0f387d6f\"],\"name\":\"eni-0c673073e0f387d6f\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"subnet_ids\":[\"subnet-0e40d676cc223ac12\"],\"vpc_ids\":[\"vpc-0180a1dc90512f144\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-02233909779b23ce1\"],\"subnet_ids\":[\"subnet-5283762a\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0f94f6eff298bf8cf\",\"eni-0f94f6eff298bf8cf\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0f94f6eff298bf8cf\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Addresses\":[],\"Ipv6Address\":null,\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"SubnetId\":\"subnet-5283762a\",\"Association\":null,\"DenyAllIgwTraffic\":null,\"Description\":\"Amazon EKS e2e-cdr-demo-k8s\",\"RequesterId\":\"305882430652\",\"NetworkInterfaceId\":\"eni-0f94f6eff298bf8cf\",\"SourceDestCheck\":true,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-22-146.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.22.146\"}],\"Attachment\":{\"DeviceIndex\":1,\"InstanceId\":null,\"InstanceOwnerId\":\"305882430652\",\"NetworkCardIndex\":0,\"AttachTime\":\"2024-11-18T18:40:54Z\",\"AttachmentId\":\"eni-attach-0d5b87720635f1ce0\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"Status\":\"attached\"},\"AvailabilityZone\":\"us-west-2b\",\"Groups\":[{\"GroupId\":\"sg-02233909779b23ce1\",\"GroupName\":\"eks-cluster-sg-e2e-cdr-demo-k8s-1011743187\"}],\"InterfaceType\":\"interface\",\"OutpostArn\":null,\"PrivateIpAddress\":\"172.31.22.146\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-22-146.us-west-2.compute.internal\",\"RequesterManaged\":true,\"ConnectionTrackingConfiguration\":null,\"Ipv4Prefixes\":null,\"MacAddress\":\"02:6a:5d:23:28:b5\",\"TagSet\":[],\"Status\":\"in-use\",\"VpcId\":\"vpc-36a1394e\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0f94f6eff298bf8cf\",\"eni-0f94f6eff298bf8cf\"],\"name\":\"eni-0f94f6eff298bf8cf\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0f64b1336d3d13bdd\",\"eni-0f64b1336d3d13bdd\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0f64b1336d3d13bdd\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"DenyAllIgwTraffic\":null,\"Groups\":[{\"GroupId\":\"sg-02dc68e5abb998260\",\"GroupName\":\"launch-wizard-8\"}],\"Ipv4Prefixes\":null,\"PrivateIpAddress\":\"172.31.17.206\",\"TagSet\":[],\"Association\":null,\"AvailabilityZone\":\"us-west-2b\",\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"ConnectionTrackingConfiguration\":null,\"RequesterId\":null,\"SubnetId\":\"subnet-5283762a\",\"VpcId\":\"vpc-36a1394e\",\"Description\":\"\",\"SourceDestCheck\":true,\"PrivateDnsName\":\"ip-172-31-17-206.us-west-2.compute.internal\",\"MacAddress\":\"02:58:f7:9e:67:45\",\"NetworkInterfaceId\":\"eni-0f64b1336d3d13bdd\",\"RequesterManaged\":false,\"Attachment\":{\"AttachTime\":\"2024-10-30T19:20:56Z\",\"AttachmentId\":\"eni-attach-0468e25ef09cd8ab3\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0c804d494c564ee63\"},\"Ipv6Prefixes\":null,\"Status\":\"in-use\",\"InterfaceType\":\"interface\",\"Ipv6Address\":null,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-17-206.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.17.206\"}]}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0f64b1336d3d13bdd\",\"eni-0f64b1336d3d13bdd\"],\"name\":\"eni-0f64b1336d3d13bdd\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"security_group_ids\":[\"sg-02dc68e5abb998260\"],\"subnet_ids\":[\"subnet-5283762a\"],\"vpc_ids\":[\"vpc-36a1394e\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0b0954da267a1508a\",\"eni-0b0954da267a1508a\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0b0954da267a1508a\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Prefixes\":null,\"TagSet\":[{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"e2e-cdr-demo-k8s\"},{\"Key\":\"node.k8s.amazonaws.com/createdAt\",\"Value\":\"2024-10-24T01:49:19Z\"},{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-0df628b1ae494eb56\"}],\"DenyAllIgwTraffic\":null,\"Description\":\"aws-K8S-i-0df628b1ae494eb56\",\"SourceDestCheck\":true,\"AvailabilityZone\":\"us-west-2b\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-25-242.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.25.242\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-19-143.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.19.143\"},{\"PrivateDnsName\":\"ip-172-31-29-222.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.29.222\",\"Association\":null,\"Primary\":false},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-29-202.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.29.202\",\"Association\":null},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-22-232.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.22.232\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-17-40.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.17.40\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-16-247.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.16.247\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-30-22.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.30.22\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-28-118.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.28.118\"},{\"PrivateIpAddress\":\"172.31.16.21\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-16-21.us-west-2.compute.internal\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-18-112.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.18.112\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-20-80.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.20.80\",\"Association\":null}],\"RequesterManaged\":false,\"PrivateDnsName\":\"ip-172-31-25-242.us-west-2.compute.internal\",\"SubnetId\":\"subnet-5283762a\",\"VpcId\":\"vpc-36a1394e\",\"Association\":null,\"Attachment\":{\"AttachTime\":\"2024-10-24T01:49:20Z\",\"AttachmentId\":\"eni-attach-09bc74786862a8bf6\",\"DeleteOnTermination\":true,\"InstanceId\":\"i-0df628b1ae494eb56\",\"InstanceOwnerId\":\"704479110758\",\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"Groups\":[{\"GroupId\":\"sg-08cfc0c23c2c819c4\",\"GroupName\":\"eks-remoteAccess-7ac95e1a-9954-4821-8641-1effa5718724\"},{\"GroupId\":\"sg-02233909779b23ce1\",\"GroupName\":\"eks-cluster-sg-e2e-cdr-demo-k8s-1011743187\"}],\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"ConnectionTrackingConfiguration\":null,\"Status\":\"in-use\",\"MacAddress\":\"02:b2:78:e0:6e:31\",\"OutpostArn\":null,\"RequesterId\":\"AROA2IBR2EZTJWV5A4MED:i-0df628b1ae494eb56\",\"Ipv6Native\":null,\"NetworkInterfaceId\":\"eni-0b0954da267a1508a\",\"OwnerId\":\"704479110758\",\"PrivateIpAddress\":\"172.31.25.242\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0b0954da267a1508a\",\"eni-0b0954da267a1508a\"],\"name\":\"eni-0b0954da267a1508a\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"security_group_ids\":[\"sg-08cfc0c23c2c819c4\",\"sg-02233909779b23ce1\"],\"subnet_ids\":[\"subnet-5283762a\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"],\"security_group_ids\":[\"sg-08cfc0c23c2c819c4\",\"sg-02233909779b23ce1\"],\"subnet_ids\":[\"subnet-5283762a\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-07c8b9331b79d7ab5\",\"eni-07c8b9331b79d7ab5\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-07c8b9331b79d7ab5\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"raw\":{\"network_interface\":{\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupId\":\"sg-08cfc0c23c2c819c4\",\"GroupName\":\"eks-remoteAccess-7ac95e1a-9954-4821-8641-1effa5718724\"},{\"GroupId\":\"sg-02233909779b23ce1\",\"GroupName\":\"eks-cluster-sg-e2e-cdr-demo-k8s-1011743187\"}],\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-95-24-16.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.95.24.16\",\"AllocationId\":null},\"DenyAllIgwTraffic\":null,\"RequesterId\":null,\"NetworkInterfaceId\":\"eni-07c8b9331b79d7ab5\",\"TagSet\":[{\"Key\":\"cluster.k8s.amazonaws.com/name\",\"Value\":\"e2e-cdr-demo-k8s\"},{\"Key\":\"node.k8s.amazonaws.com/instance_id\",\"Value\":\"i-0df628b1ae494eb56\"}],\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"AttachmentId\":\"eni-attach-0a00f79bcd941f4cd\",\"DeleteOnTermination\":true,\"Status\":\"attached\",\"AttachTime\":\"2024-10-24T01:48:28Z\",\"InstanceId\":\"i-0df628b1ae494eb56\"},\"AvailabilityZone\":\"us-west-2b\",\"Ipv6Native\":null,\"RequesterManaged\":false,\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"OutpostArn\":null,\"PrivateIpAddresses\":[{\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-95-24-16.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.95.24.16\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-22-221.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.22.221\"},{\"PrivateDnsName\":\"ip-172-31-19-45.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.19.45\",\"Association\":null,\"Primary\":false},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-18-172.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.18.172\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-17-44.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.17.44\",\"Association\":null},{\"PrivateDnsName\":\"ip-172-31-31-138.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.31.138\",\"Association\":null,\"Primary\":false},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-26-54.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.26.54\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-22-69.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.22.69\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-25-21.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.25.21\"},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-23-212.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.23.212\"},{\"PrivateIpAddress\":\"172.31.27.35\",\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-27-35.us-west-2.compute.internal\"},{\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-19-129.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.19.129\",\"Association\":null},{\"Association\":null,\"Primary\":false,\"PrivateDnsName\":\"ip-172-31-16-240.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.16.240\"}],\"SourceDestCheck\":true,\"VpcId\":\"vpc-36a1394e\",\"Description\":\"\",\"PrivateIpAddress\":\"172.31.22.221\",\"Status\":\"in-use\",\"Ipv6Address\":null,\"MacAddress\":\"02:dc:ff:88:69:83\",\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-22-221.us-west-2.compute.internal\",\"SubnetId\":\"subnet-5283762a\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-07c8b9331b79d7ab5\",\"eni-07c8b9331b79d7ab5\"],\"name\":\"eni-07c8b9331b79d7ab5\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Association\":{\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-95-25-78.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.95.25.78\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"ConnectionTrackingConfiguration\":null,\"MacAddress\":\"02:99:be:1e:6b:8b\",\"RequesterId\":null,\"Groups\":[{\"GroupName\":\"launch-wizard-9\",\"GroupId\":\"sg-02bcac1e2159394c9\"}],\"NetworkInterfaceId\":\"eni-004e05930f9fd556a\",\"PrivateIpAddress\":\"172.31.19.239\",\"SourceDestCheck\":true,\"Ipv6Native\":null,\"AvailabilityZone\":\"us-west-2b\",\"TagSet\":[],\"VpcId\":\"vpc-36a1394e\",\"Attachment\":{\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachTime\":\"2024-11-05T21:10:41Z\",\"AttachmentId\":\"eni-attach-0af52ee3201e941c3\",\"EnaSrdSpecification\":null,\"InstanceId\":\"i-00f065dbe95e4ab95\",\"InstanceOwnerId\":\"704479110758\"},\"InterfaceType\":\"interface\",\"Ipv6Address\":null,\"PrivateIpAddresses\":[{\"Association\":{\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-95-25-78.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.95.25.78\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-19-239.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.19.239\"}],\"RequesterManaged\":false,\"Status\":\"in-use\",\"Ipv4Prefixes\":null,\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-31-19-239.us-west-2.compute.internal\",\"Description\":\"\",\"Ipv6Prefixes\":null,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-5283762a\",\"DenyAllIgwTraffic\":null,\"Ipv6Addresses\":[]}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-004e05930f9fd556a\",\"eni-004e05930f9fd556a\"],\"name\":\"eni-004e05930f9fd556a\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"security_group_ids\":[\"sg-02bcac1e2159394c9\"],\"subnet_ids\":[\"subnet-5283762a\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-004e05930f9fd556a\",\"eni-004e05930f9fd556a\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-004e05930f9fd556a\":{\"category\":\"infrastructure\",\"type\":\"interface\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"network\":{\"security_group_ids\":[\"sg-0be0988f8b09ddb77\"],\"subnet_ids\":[\"subnet-5283762a\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-04da94d05d3924c01\",\"eni-04da94d05d3924c01\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-04da94d05d3924c01\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"RequesterId\":null,\"RequesterManaged\":false,\"Association\":{\"PublicIp\":\"54.71.206.42\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-71-206-42.us-west-2.compute.amazonaws.com\"},\"Ipv6Native\":null,\"SourceDestCheck\":true,\"Attachment\":{\"AttachTime\":\"2024-11-05T21:33:53Z\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-0c8278e48a197d315\",\"DeviceIndex\":0,\"InstanceId\":\"i-0d16c961e37715412\",\"InstanceOwnerId\":\"704479110758\"},\"Groups\":[{\"GroupId\":\"sg-0be0988f8b09ddb77\",\"GroupName\":\"launch-wizard-10\"}],\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"NetworkInterfaceId\":\"eni-04da94d05d3924c01\",\"ConnectionTrackingConfiguration\":null,\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"Status\":\"in-use\",\"DenyAllIgwTraffic\":null,\"MacAddress\":\"02:e2:59:e8:39:0b\",\"OutpostArn\":null,\"PrivateIpAddresses\":[{\"Association\":{\"PublicIp\":\"54.71.206.42\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-54-71-206-42.us-west-2.compute.amazonaws.com\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-20-43.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.20.43\"}],\"TagSet\":[],\"VpcId\":\"vpc-36a1394e\",\"AvailabilityZone\":\"us-west-2b\",\"Description\":\"\",\"PrivateDnsName\":\"ip-172-31-20-43.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.20.43\",\"SubnetId\":\"subnet-5283762a\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-04da94d05d3924c01\",\"eni-04da94d05d3924c01\"],\"name\":\"eni-04da94d05d3924c01\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0901db0fe00220044\",\"eni-0901db0fe00220044\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0901db0fe00220044\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"MacAddress\":\"02:7c:fa:38:c9:c7\",\"DenyAllIgwTraffic\":null,\"Description\":\"\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"Ipv6Prefixes\":null,\"PrivateIpAddress\":\"172.31.31.236\",\"TagSet\":[],\"RequesterManaged\":false,\"SourceDestCheck\":true,\"Groups\":[{\"GroupId\":\"sg-0f1bcb6c9f518a248\",\"GroupName\":\"launch-wizard-3\"}],\"OwnerId\":\"704479110758\",\"PrivateDnsName\":\"ip-172-31-31-236.us-west-2.compute.internal\",\"PrivateIpAddresses\":[{\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-89-254-71.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.89.254.71\",\"AllocationId\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-31-236.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.31.236\"}],\"Attachment\":{\"AttachTime\":\"2024-10-18T18:48:19Z\",\"AttachmentId\":\"eni-attach-0d6d904f9e65dd11f\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-08f90f31e66de69fd\",\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"RequesterId\":null,\"VpcId\":\"vpc-36a1394e\",\"Ipv6Address\":null,\"AvailabilityZone\":\"us-west-2b\",\"Ipv6Native\":null,\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-89-254-71.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.89.254.71\",\"AllocationId\":null},\"Status\":\"in-use\",\"NetworkInterfaceId\":\"eni-0901db0fe00220044\",\"Ipv6Addresses\":[],\"OutpostArn\":null,\"SubnetId\":\"subnet-5283762a\",\"ConnectionTrackingConfiguration\":null}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0901db0fe00220044\",\"eni-0901db0fe00220044\"],\"name\":\"eni-0901db0fe00220044\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"security_group_ids\":[\"sg-0f1bcb6c9f518a248\"],\"subnet_ids\":[\"subnet-5283762a\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"],\"security_group_ids\":[\"sg-056115801a45a367e\"],\"subnet_ids\":[\"subnet-dc1cd881\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0d55d8b0b17e665df\",\"eni-0d55d8b0b17e665df\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0d55d8b0b17e665df\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"raw\":{\"network_interface\":{\"AvailabilityZone\":\"us-west-2c\",\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"TagSet\":[],\"DenyAllIgwTraffic\":null,\"Description\":\"\",\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-52-42-245-80.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"52.42.245.80\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-15-13.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.15.13\"}],\"RequesterId\":null,\"ConnectionTrackingConfiguration\":null,\"Groups\":[{\"GroupName\":\"launch-wizard-5\",\"GroupId\":\"sg-056115801a45a367e\"}],\"MacAddress\":\"0a:35:f4:db:0d:e9\",\"PrivateDnsName\":\"ip-172-31-15-13.us-west-2.compute.internal\",\"Association\":{\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-52-42-245-80.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"52.42.245.80\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null},\"OutpostArn\":null,\"VpcId\":\"vpc-36a1394e\",\"Status\":\"in-use\",\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-0d55d8b0b17e665df\",\"PrivateIpAddress\":\"172.31.15.13\",\"RequesterManaged\":false,\"InterfaceType\":\"interface\",\"Ipv6Native\":null,\"SourceDestCheck\":true,\"SubnetId\":\"subnet-dc1cd881\",\"Ipv4Prefixes\":null,\"Attachment\":{\"InstanceId\":\"i-0759096ea1b6f4102\",\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"DeviceIndex\":0,\"NetworkCardIndex\":0,\"AttachTime\":\"2024-10-30T12:23:33Z\",\"AttachmentId\":\"eni-attach-00a0749f20a5bafca\"}}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0d55d8b0b17e665df\",\"eni-0d55d8b0b17e665df\"],\"name\":\"eni-0d55d8b0b17e665df\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0233e604366df7d1c\",\"eni-0233e604366df7d1c\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0233e604366df7d1c\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"tags\":null,\"raw\":{\"network_interface\":{\"Attachment\":{\"AttachTime\":\"2024-11-18T18:46:47Z\",\"AttachmentId\":\"eni-attach-00af9f3dfb3d79b8c\",\"InstanceOwnerId\":\"305882430652\",\"DeleteOnTermination\":true,\"DeviceIndex\":1,\"EnaSrdSpecification\":null,\"InstanceId\":null,\"NetworkCardIndex\":0,\"Status\":\"attached\"},\"OutpostArn\":null,\"Ipv6Address\":null,\"Ipv6Prefixes\":null,\"ConnectionTrackingConfiguration\":null,\"RequesterManaged\":true,\"TagSet\":[],\"MacAddress\":\"0a:9b:15:aa:99:69\",\"PrivateIpAddress\":\"172.31.11.104\",\"OwnerId\":\"704479110758\",\"Ipv6Addresses\":[],\"SubnetId\":\"subnet-dc1cd881\",\"Groups\":[{\"GroupId\":\"sg-02233909779b23ce1\",\"GroupName\":\"eks-cluster-sg-e2e-cdr-demo-k8s-1011743187\"}],\"PrivateDnsName\":\"ip-172-31-11-104.us-west-2.compute.internal\",\"SourceDestCheck\":true,\"Description\":\"Amazon EKS e2e-cdr-demo-k8s\",\"InterfaceType\":\"interface\",\"Ipv6Native\":null,\"Association\":null,\"AvailabilityZone\":\"us-west-2c\",\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-11-104.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.11.104\"}],\"RequesterId\":\"305882430652\",\"NetworkInterfaceId\":\"eni-0233e604366df7d1c\",\"DenyAllIgwTraffic\":null,\"Ipv4Prefixes\":null,\"Status\":\"in-use\",\"VpcId\":\"vpc-36a1394e\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0233e604366df7d1c\",\"eni-0233e604366df7d1c\"],\"name\":\"eni-0233e604366df7d1c\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"network\":{\"security_group_ids\":[\"sg-02233909779b23ce1\"],\"subnet_ids\":[\"subnet-dc1cd881\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"],\"security_group_ids\":[\"sg-0b9a7eeea55cd2485\"],\"subnet_ids\":[\"subnet-dc1cd881\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-06b18e265a938710f\",\"eni-06b18e265a938710f\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-06b18e265a938710f\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"OwnerId\":\"704479110758\",\"ConnectionTrackingConfiguration\":null,\"MacAddress\":\"0a:42:cc:b6:f6:47\",\"SourceDestCheck\":true,\"TagSet\":[],\"Attachment\":{\"DeviceIndex\":0,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"DeleteOnTermination\":true,\"AttachmentId\":\"eni-attach-0d08d76f0b5ea5c5a\",\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0688a2682c84edbb2\",\"AttachTime\":\"2024-11-06T17:35:24Z\"},\"Groups\":[{\"GroupId\":\"sg-0b9a7eeea55cd2485\",\"GroupName\":\"launch-wizard-13\"}],\"NetworkInterfaceId\":\"eni-06b18e265a938710f\",\"PrivateIpAddress\":\"172.31.0.42\",\"Association\":null,\"Description\":\"\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":null,\"Status\":\"in-use\",\"OutpostArn\":null,\"SubnetId\":\"subnet-dc1cd881\",\"DenyAllIgwTraffic\":null,\"Ipv6Addresses\":[],\"Ipv6Address\":null,\"Ipv6Native\":null,\"PrivateDnsName\":\"ip-172-31-0-42.us-west-2.compute.internal\",\"VpcId\":\"vpc-36a1394e\",\"AvailabilityZone\":\"us-west-2c\",\"RequesterManaged\":false,\"Ipv6Prefixes\":null,\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-0-42.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.0.42\"}],\"RequesterId\":null}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-06b18e265a938710f\",\"eni-06b18e265a938710f\"],\"name\":\"eni-06b18e265a938710f\",\"category\":\"infrastructure\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-066d021d99aabb840\",\"eni-066d021d99aabb840\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-066d021d99aabb840\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"name\":\"eni-066d021d99aabb840\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Prefixes\":null,\"RequesterId\":null,\"ConnectionTrackingConfiguration\":null,\"SourceDestCheck\":true,\"AvailabilityZone\":\"us-west-2c\",\"InterfaceType\":\"interface\",\"Ipv6Native\":null,\"MacAddress\":\"0a:1f:97:b9:9b:dd\",\"Association\":null,\"Attachment\":{\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-07d0f0842f029da0f\",\"DeleteOnTermination\":true,\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-020b9bc8084c22628\",\"InstanceOwnerId\":\"704479110758\",\"AttachTime\":\"2024-11-06T11:23:35Z\",\"NetworkCardIndex\":0},\"Description\":\"\",\"Ipv6Addresses\":[],\"OwnerId\":\"704479110758\",\"PrivateIpAddresses\":[{\"PrivateIpAddress\":\"172.31.4.241\",\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-4-241.us-west-2.compute.internal\"}],\"TagSet\":[],\"Ipv6Address\":null,\"Groups\":[{\"GroupName\":\"launch-wizard-11\",\"GroupId\":\"sg-039bc1a54f17e2d3b\"}],\"Ipv4Prefixes\":null,\"SubnetId\":\"subnet-dc1cd881\",\"DenyAllIgwTraffic\":null,\"Status\":\"in-use\",\"PrivateDnsName\":\"ip-172-31-4-241.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.4.241\",\"RequesterManaged\":false,\"VpcId\":\"vpc-36a1394e\",\"NetworkInterfaceId\":\"eni-066d021d99aabb840\",\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-066d021d99aabb840\",\"eni-066d021d99aabb840\"]},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"security_group_ids\":[\"sg-039bc1a54f17e2d3b\"],\"subnet_ids\":[\"subnet-dc1cd881\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"security_group_ids\":[\"sg-02b1ba689936cb3b3\"],\"subnet_ids\":[\"subnet-dc1cd881\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-038644fa2f16c27c5\",\"eni-038644fa2f16c27c5\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-038644fa2f16c27c5\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"tags\":null,\"raw\":{\"network_interface\":{\"TagSet\":[],\"Attachment\":{\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-00c72f39d2943d88e\",\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\",\"AttachTime\":\"2024-11-06T11:24:30Z\",\"AttachmentId\":\"eni-attach-04db579ab4434edcf\",\"DeleteOnTermination\":true,\"NetworkCardIndex\":0},\"DenyAllIgwTraffic\":null,\"NetworkInterfaceId\":\"eni-038644fa2f16c27c5\",\"SourceDestCheck\":true,\"Association\":null,\"Ipv6Native\":null,\"OutpostArn\":null,\"PrivateIpAddress\":\"172.31.1.201\",\"AvailabilityZone\":\"us-west-2c\",\"Groups\":[{\"GroupId\":\"sg-02b1ba689936cb3b3\",\"GroupName\":\"launch-wizard-12\"}],\"Ipv4Prefixes\":null,\"RequesterId\":null,\"ConnectionTrackingConfiguration\":null,\"Ipv6Address\":null,\"Ipv6Addresses\":[],\"PrivateDnsName\":\"ip-172-31-1-201.us-west-2.compute.internal\",\"RequesterManaged\":false,\"Description\":\"\",\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-dc1cd881\",\"InterfaceType\":\"interface\",\"Ipv6Prefixes\":null,\"MacAddress\":\"0a:87:16:37:31:85\",\"PrivateIpAddresses\":[{\"PrivateDnsName\":\"ip-172-31-1-201.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.1.201\",\"Association\":null,\"Primary\":true}],\"Status\":\"in-use\",\"VpcId\":\"vpc-36a1394e\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-038644fa2f16c27c5\",\"eni-038644fa2f16c27c5\"],\"name\":\"eni-038644fa2f16c27c5\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-06bf06c459685f715\",\"eni-06bf06c459685f715\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-06bf06c459685f715\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Native\":null,\"SubnetId\":\"subnet-10e39f3b\",\"Association\":{\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-94-206-252.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.94.206.252\"},\"DenyAllIgwTraffic\":null,\"InterfaceType\":\"interface\",\"Ipv6Address\":null,\"RequesterId\":null,\"SourceDestCheck\":true,\"TagSet\":[],\"AvailabilityZone\":\"us-west-2d\",\"OutpostArn\":null,\"PrivateDnsName\":\"ip-172-31-33-178.us-west-2.compute.internal\",\"Status\":\"in-use\",\"Groups\":[{\"GroupName\":\"elastic-agent-security-group-4dfb5900-03fa-11ef-b226-0a9c50dbbe7f\",\"GroupId\":\"sg-035ac0cfb33c18ca6\"}],\"MacAddress\":\"0e:3f:bf:34:7e:13\",\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-94-206-252.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.94.206.252\",\"AllocationId\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-33-178.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.33.178\"}],\"Attachment\":{\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-0abf5d29e17a2d66a\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-03efedd47dd5a14b5\",\"AttachTime\":\"2024-04-26T18:25:38Z\",\"DeviceIndex\":0,\"NetworkCardIndex\":0},\"ConnectionTrackingConfiguration\":null,\"VpcId\":\"vpc-36a1394e\",\"Ipv6Prefixes\":null,\"NetworkInterfaceId\":\"eni-06bf06c459685f715\",\"RequesterManaged\":false,\"Description\":\"\",\"OwnerId\":\"704479110758\",\"Ipv4Prefixes\":null,\"PrivateIpAddress\":\"172.31.33.178\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-06bf06c459685f715\",\"eni-06bf06c459685f715\"],\"name\":\"eni-06bf06c459685f715\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"security_group_ids\":[\"sg-035ac0cfb33c18ca6\"],\"subnet_ids\":[\"subnet-10e39f3b\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0d6714bbfe3f03780\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"PrivateIpAddresses\":[{\"Association\":null,\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-34-172.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.34.172\"}],\"Association\":null,\"Description\":\"\",\"Ipv6Prefixes\":null,\"AvailabilityZone\":\"us-west-2d\",\"OwnerId\":\"704479110758\",\"Ipv6Addresses\":[],\"VpcId\":\"vpc-36a1394e\",\"TagSet\":[],\"MacAddress\":\"0e:7f:c7:29:2a:27\",\"NetworkInterfaceId\":\"eni-0d6714bbfe3f03780\",\"PrivateDnsName\":\"ip-172-31-34-172.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.34.172\",\"RequesterId\":null,\"Status\":\"in-use\",\"SourceDestCheck\":true,\"ConnectionTrackingConfiguration\":null,\"DenyAllIgwTraffic\":null,\"OutpostArn\":null,\"Attachment\":{\"AttachTime\":\"2024-10-18T15:41:39Z\",\"DeviceIndex\":0,\"InstanceId\":\"i-0cc79d156768bda80\",\"Status\":\"attached\",\"AttachmentId\":\"eni-attach-0fe8152bbb3ac8664\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0},\"RequesterManaged\":false,\"Ipv4Prefixes\":null,\"Ipv6Native\":null,\"SubnetId\":\"subnet-10e39f3b\",\"Groups\":[{\"GroupId\":\"sg-063f67e6d1e8397e4\",\"GroupName\":\"elastic-agent-security-group-63f7b220-8d67-11ef-9f4c-067d0aea149f\"}],\"InterfaceType\":\"interface\",\"Ipv6Address\":null}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0d6714bbfe3f03780\",\"eni-0d6714bbfe3f03780\"],\"name\":\"eni-0d6714bbfe3f03780\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"security_group_ids\":[\"sg-063f67e6d1e8397e4\"],\"subnet_ids\":[\"subnet-10e39f3b\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0d6714bbfe3f03780\",\"eni-0d6714bbfe3f03780\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"security_group_ids\":[\"sg-0b6f928505d13494c\"],\"subnet_ids\":[\"subnet-10e39f3b\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0eafe2b40446f8be6\",\"eni-0eafe2b40446f8be6\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0eafe2b40446f8be6\":{\"category\":\"infrastructure\",\"type\":\"interface\"}},\"asset\":{\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Ipv6Address\":null,\"NetworkInterfaceId\":\"eni-0eafe2b40446f8be6\",\"VpcId\":\"vpc-36a1394e\",\"OutpostArn\":null,\"PrivateIpAddress\":\"172.31.36.247\",\"SubnetId\":\"subnet-10e39f3b\",\"AvailabilityZone\":\"us-west-2d\",\"ConnectionTrackingConfiguration\":null,\"OwnerId\":\"704479110758\",\"Status\":\"in-use\",\"Groups\":[{\"GroupId\":\"sg-0b6f928505d13494c\",\"GroupName\":\"elastic-agent-security-group-b6825a40-9c44-11ef-b077-0a7b4e013dbd\"}],\"MacAddress\":\"0e:67:8b:12:ac:35\",\"PrivateIpAddresses\":[{\"Association\":{\"PublicDnsName\":\"ec2-35-94-161-189.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.94.161.189\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-36-247.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.36.247\"}],\"Description\":\"\",\"RequesterId\":null,\"SourceDestCheck\":true,\"PrivateDnsName\":\"ip-172-31-36-247.us-west-2.compute.internal\",\"Ipv4Prefixes\":null,\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"Ipv6Native\":null,\"Ipv6Prefixes\":null,\"Association\":{\"PublicDnsName\":\"ec2-35-94-161-189.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.94.161.189\",\"AllocationId\":null,\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\"},\"Attachment\":{\"AttachTime\":\"2024-11-06T13:41:13Z\",\"AttachmentId\":\"eni-attach-02a2e6e1045c4574e\",\"DeleteOnTermination\":true,\"InstanceOwnerId\":\"704479110758\",\"NetworkCardIndex\":0,\"Status\":\"attached\",\"DeviceIndex\":0,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0e83736e9cec16bb4\"},\"DenyAllIgwTraffic\":null,\"RequesterManaged\":false,\"TagSet\":[]}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-0eafe2b40446f8be6\",\"eni-0eafe2b40446f8be6\"],\"name\":\"eni-0eafe2b40446f8be6\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-09155fdf257633309\":{\"type\":\"interface\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"interface\",\"sub_type\":\"ec2-network-interface\",\"tags\":null,\"raw\":{\"network_interface\":{\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-80-10-173.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.80.10.173\",\"AllocationId\":null},\"Ipv6Native\":null,\"NetworkInterfaceId\":\"eni-09155fdf257633309\",\"SubnetId\":\"subnet-10e39f3b\",\"TagSet\":[],\"AvailabilityZone\":\"us-west-2d\",\"InterfaceType\":\"interface\",\"Ipv6Addresses\":[],\"DenyAllIgwTraffic\":null,\"OutpostArn\":null,\"PrivateIpAddress\":\"172.31.38.174\",\"RequesterManaged\":false,\"Status\":\"in-use\",\"Ipv4Prefixes\":null,\"SourceDestCheck\":true,\"Ipv6Address\":null,\"PrivateDnsName\":\"ip-172-31-38-174.us-west-2.compute.internal\",\"VpcId\":\"vpc-36a1394e\",\"Description\":\"\",\"Groups\":[{\"GroupId\":\"sg-0195d033368a43696\",\"GroupName\":\"elastic-agent-security-group-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\"}],\"MacAddress\":\"0e:c0:0e:12:e6:d7\",\"OwnerId\":\"704479110758\",\"RequesterId\":null,\"Attachment\":{\"NetworkCardIndex\":0,\"AttachmentId\":\"eni-attach-0d31b3456022ae32c\",\"DeleteOnTermination\":true,\"EnaSrdSpecification\":null,\"InstanceId\":\"i-0eeaf91da844ddc66\",\"InstanceOwnerId\":\"704479110758\",\"Status\":\"attached\",\"AttachTime\":\"2024-10-24T00:54:03Z\",\"DeviceIndex\":0},\"PrivateIpAddresses\":[{\"Association\":{\"AssociationId\":null,\"CarrierIp\":null,\"CustomerOwnedIp\":null,\"IpOwnerId\":\"amazon\",\"PublicDnsName\":\"ec2-35-80-10-173.us-west-2.compute.amazonaws.com\",\"PublicIp\":\"35.80.10.173\",\"AllocationId\":null},\"Primary\":true,\"PrivateDnsName\":\"ip-172-31-38-174.us-west-2.compute.internal\",\"PrivateIpAddress\":\"172.31.38.174\"}],\"ConnectionTrackingConfiguration\":null,\"Ipv6Prefixes\":null}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-09155fdf257633309\",\"eni-09155fdf257633309\"],\"name\":\"eni-09155fdf257633309\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"security_group_ids\":[\"sg-0195d033368a43696\"],\"subnet_ids\":[\"subnet-10e39f3b\"],\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:network-interface/eni-09155fdf257633309\",\"eni-09155fdf257633309\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-003fdae4280b9bd67\",\"sg-003fdae4280b9bd67\"],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-003fdae4280b9bd67\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"VpcId\":\"vpc-ed6da487\",\"Description\":\"ec2group\",\"GroupName\":\"ec2group\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-003fdae4280b9bd67\",\"Tags\":null,\"GroupId\":\"sg-003fdae4280b9bd67\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-003fdae4280b9bd67\",\"sg-003fdae4280b9bd67\"],\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-0b287eddd119ec079\",\"sg-0b287eddd119ec079\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-0b287eddd119ec079\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0b287eddd119ec079\",\"GroupName\":\"launch-wizard-1\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-ed6da487\",\"Description\":\"launch-wizard-1 created 2023-06-19T14:21:10.665Z\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-0b287eddd119ec079\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}]},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-0b287eddd119ec079\",\"sg-0b287eddd119ec079\"],\"name\":\"launch-wizard-1\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-02585f085f18ed4cc\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-02585f085f18ed4cc\",\"Tags\":[{\"Value\":\"eks-cluster-sg-poc-111172\",\"Key\":\"Name\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"poc\"},{\"Key\":\"kubernetes.io/cluster/poc\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-ed6da487\",\"GroupName\":\"eks-cluster-sg-poc-111172\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}]},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-02585f085f18ed4cc\",\"sg-02585f085f18ed4cc\"],\"name\":\"eks-cluster-sg-poc-111172\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-02585f085f18ed4cc\",\"sg-02585f085f18ed4cc\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-02585f085f18ed4cc\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-0aa4d66fe76125c24\",\"sg-0aa4d66fe76125c24\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-0aa4d66fe76125c24\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-0aa4d66fe76125c24\",\"Tags\":null,\"GroupId\":\"sg-0aa4d66fe76125c24\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":0,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"88.217.180.56/32\",\"Description\":\"tmp: Allow my ip traffic\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":65535},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"18.199.254.49/32\",\"Description\":null},{\"CidrIp\":\"100.27.136.248/32\",\"Description\":null},{\"CidrIp\":\"44.223.163.119/32\",\"Description\":null}]},{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"52.48.42.125/32\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-ed6da487\",\"Description\":\"launch-wizard-3 created 2024-05-02T14:44:15.073Z\",\"GroupName\":\"ofloros-onweek\"},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-0aa4d66fe76125c24\",\"sg-0aa4d66fe76125c24\"],\"name\":\"ofloros-onweek\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-048111597dbaca13e\",\"sg-048111597dbaca13e\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-048111597dbaca13e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"ec2group12\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-048111597dbaca13e\",\"Tags\":null,\"VpcId\":\"vpc-ed6da487\",\"Description\":\"ec2group12\",\"GroupId\":\"sg-048111597dbaca13e\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-048111597dbaca13e\",\"sg-048111597dbaca13e\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-central-1\"},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-04a569f3a96b1faee\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-2 created 2024-01-09T10:06:09.368Z\",\"GroupId\":\"sg-04a569f3a96b1faee\",\"GroupName\":\"launch-wizard-2\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-04a569f3a96b1faee\",\"Tags\":null,\"VpcId\":\"vpc-ed6da487\"},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-04a569f3a96b1faee\",\"sg-04a569f3a96b1faee\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-04a569f3a96b1faee\",\"sg-04a569f3a96b1faee\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-fc6f559b\",\"sg-fc6f559b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-fc6f559b\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-fc6f559b\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-fc6f559b\",\"VpcId\":\"vpc-ed6da487\",\"Tags\":null,\"Description\":\"default VPC security group\",\"GroupName\":\"default\",\"IpPermissions\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-fc6f559b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null}],\"FromPort\":null}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-fc6f559b\",\"sg-fc6f559b\"],\"name\":\"default\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-078afd1abb7e0d49d\",\"sg-078afd1abb7e0d49d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-078afd1abb7e0d49d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-078afd1abb7e0d49d\",\"Tags\":null,\"GroupName\":\"ec2group1\",\"GroupId\":\"sg-078afd1abb7e0d49d\",\"IpPermissions\":[],\"VpcId\":\"vpc-ed6da487\",\"Description\":\"ec2group1\"},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:security-group/sg-078afd1abb7e0d49d\",\"sg-078afd1abb7e0d49d\"],\"name\":\"ec2group1\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-north-1:704479110758:security-group/sg-09d40cef7312fb69e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-1\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"Tags\":[{\"Key\":\"devision\",\"Value\":\"engineering\"},{\"Key\":\"project\",\"Value\":\"weekly-environmnet\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"}],\"Description\":\"launch-wizard-1 created 2023-02-12T12:55:34.734Z\",\"GroupId\":\"sg-09d40cef7312fb69e\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-north-1:704479110758:security-group/sg-09d40cef7312fb69e\",\"VpcId\":\"vpc-e6e43c8f\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-north-1:704479110758:security-group/sg-09d40cef7312fb69e\",\"sg-09d40cef7312fb69e\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-north-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-e6e43c8f\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-north-1:704479110758:security-group/sg-09d40cef7312fb69e\",\"sg-09d40cef7312fb69e\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-north-1:704479110758:security-group/sg-c1519cad\",\"sg-c1519cad\"],\"entity.metadata\":{\"arn:aws:ec2:eu-north-1:704479110758:security-group/sg-c1519cad\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-e6e43c8f\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-north-1:704479110758:security-group/sg-c1519cad\",\"GroupId\":\"sg-c1519cad\",\"GroupName\":\"default\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-c1519cad\",\"GroupName\":null}]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:eu-north-1:704479110758:security-group/sg-c1519cad\",\"sg-c1519cad\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-north-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-e6e43c8f\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-0e4b5c650a5bc0bdd\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-01267ecc55fa61cfe\",\"sg-01267ecc55fa61cfe\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-01267ecc55fa61cfe\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-01267ecc55fa61cfe\",\"GroupName\":\"terraform-20210316102744432400000003\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":8181,\"UserIdGroupPairs\":[],\"FromPort\":8181,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"ssh-allowed\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-01267ecc55fa61cfe\",\"VpcId\":\"vpc-0e4b5c650a5bc0bdd\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-01267ecc55fa61cfe\",\"sg-01267ecc55fa61cfe\"],\"name\":\"terraform-20210316102744432400000003\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-040cd7fead887cb16\",\"sg-040cd7fead887cb16\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-040cd7fead887cb16\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-040cd7fead887cb16\"}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-040cd7fead887cb16\",\"VpcId\":\"vpc-0e4b5c650a5bc0bdd\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-040cd7fead887cb16\",\"GroupName\":\"default\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-040cd7fead887cb16\",\"sg-040cd7fead887cb16\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0e4b5c650a5bc0bdd\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-041dd95fa7aeded57\",\"sg-041dd95fa7aeded57\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-041dd95fa7aeded57\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupName\":\"ec2group12\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-041dd95fa7aeded57\",\"Tags\":null,\"Description\":\"ec2group12\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-cf796aa6\",\"GroupId\":\"sg-041dd95fa7aeded57\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-041dd95fa7aeded57\",\"sg-041dd95fa7aeded57\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\"},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0bd2fd80c3a1c5359\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"name\":\"eks-cluster-sg-qa-8-8-bc3-658505835\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-0bcb5768ab0ca697f\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-0bd2fd80c3a1c5359\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0bd2fd80c3a1c5359\",\"Tags\":[{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"qa-8-8-bc3\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-qa-8-8-bc3-658505835\"},{\"Key\":\"kubernetes.io/cluster/qa-8-8-bc3\",\"Value\":\"owned\"}],\"GroupName\":\"eks-cluster-sg-qa-8-8-bc3-658505835\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0bd2fd80c3a1c5359\",\"sg-0bd2fd80c3a1c5359\"]},\"cloud\":{\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0bcb5768ab0ca697f\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0bd2fd80c3a1c5359\",\"sg-0bd2fd80c3a1c5359\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-044ef6b543c032c7f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-044ef6b543c032c7f\",\"GroupName\":\"ec2group\",\"IpPermissions\":[],\"Tags\":null,\"VpcId\":\"vpc-cf796aa6\",\"Description\":\"ec2group\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-044ef6b543c032c7f\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-044ef6b543c032c7f\",\"sg-044ef6b543c032c7f\"],\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-044ef6b543c032c7f\",\"sg-044ef6b543c032c7f\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-07361e0d9a7c0ecc1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-07361e0d9a7c0ecc1\",\"sg-07361e0d9a7c0ecc1\"],\"name\":\"launch-wizard-1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-07361e0d9a7c0ecc1\",\"GroupName\":\"launch-wizard-1\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard created 2023-05-11T12:12:03.881Z\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-07361e0d9a7c0ecc1\",\"Tags\":null,\"VpcId\":\"vpc-cf796aa6\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-07361e0d9a7c0ecc1\",\"sg-07361e0d9a7c0ecc1\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0758949ec9fc0c98a\",\"sg-0758949ec9fc0c98a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0758949ec9fc0c98a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0758949ec9fc0c98a\",\"Tags\":[{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Value\":\"dima-8-9-fgz\",\"Key\":\"Name\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Value\":\"cloud-security-posture\",\"Key\":\"team\"},{\"Key\":\"id\",\"Value\":\"678161d0\"}],\"VpcId\":\"vpc-cf796aa6\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0758949ec9fc0c98a\",\"GroupName\":\"terraform-20230607094404005700000002\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0758949ec9fc0c98a\",\"sg-0758949ec9fc0c98a\"],\"name\":\"terraform-20230607094404005700000002\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-05b1c5f2b7eacc520\",\"sg-05b1c5f2b7eacc520\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-05b1c5f2b7eacc520\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-05b1c5f2b7eacc520\",\"Tags\":null,\"VpcId\":\"vpc-0bcb5768ab0ca697f\",\"GroupId\":\"sg-05b1c5f2b7eacc520\",\"GroupName\":\"default\",\"IpPermissions\":[{\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-05b1c5f2b7eacc520\",\"GroupName\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Description\":\"default VPC security group\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-05b1c5f2b7eacc520\",\"sg-05b1c5f2b7eacc520\"],\"name\":\"default\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0bcb5768ab0ca697f\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0bf728898a9113b7f\",\"sg-0bf728898a9113b7f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0bf728898a9113b7f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0bf728898a9113b7f\",\"Tags\":[{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Value\":\"terraform\",\"Key\":\"provisioner\"},{\"Value\":\"cspm\",\"Key\":\"ec2_type\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Key\":\"Name\",\"Value\":\"dima-8-9-fgz\"},{\"Key\":\"id\",\"Value\":\"323fabe8\"}],\"VpcId\":\"vpc-cf796aa6\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0bf728898a9113b7f\",\"GroupName\":\"terraform-20230607094403999700000001\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-0bf728898a9113b7f\",\"sg-0bf728898a9113b7f\"],\"name\":\"terraform-20230607094403999700000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-fc101293\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-fc101293\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-cf796aa6\",\"Description\":\"default VPC security group\",\"GroupName\":\"default\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-fc101293\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-fc101293\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-fc101293\",\"sg-fc101293\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-fc101293\",\"sg-fc101293\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-04b8560871eafe051\",\"sg-04b8560871eafe051\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-04b8560871eafe051\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-2\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-04b8560871eafe051\",\"Tags\":null,\"VpcId\":\"vpc-cf796aa6\",\"GroupId\":\"sg-04b8560871eafe051\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"Description\":\"launch-wizard created 2023-05-22T10:14:53.361Z\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-04b8560871eafe051\",\"sg-04b8560871eafe051\"],\"name\":\"launch-wizard-2\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-010651a109c7ea7fa\",\"sg-010651a109c7ea7fa\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-010651a109c7ea7fa\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"VpcId\":\"vpc-cf796aa6\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"Tags\":null,\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-010651a109c7ea7fa\",\"Description\":\"ec2group1\",\"GroupId\":\"sg-010651a109c7ea7fa\",\"GroupName\":\"ec2group1\"},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-010651a109c7ea7fa\",\"sg-010651a109c7ea7fa\"],\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-014011909aaa0779e\",\"sg-014011909aaa0779e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-014011909aaa0779e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-014011909aaa0779e\",\"Tags\":null,\"VpcId\":\"vpc-cf796aa6\",\"GroupId\":\"sg-014011909aaa0779e\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-3 created 2023-07-31T16:07:44.491Z\",\"GroupName\":\"launch-wizard-3\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:security-group/sg-014011909aaa0779e\",\"sg-014011909aaa0779e\"],\"name\":\"launch-wizard-3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-b9e903db\",\"sg-b9e903db\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-b9e903db\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"GroupId\":\"sg-b9e903db\",\"GroupName\":\"default\",\"IpPermissions\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-b9e903db\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":null}],\"Tags\":null,\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-b9e903db\",\"VpcId\":\"vpc-7d397e15\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-b9e903db\",\"sg-b9e903db\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-05d0d758dfd7b292f\",\"sg-05d0d758dfd7b292f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-05d0d758dfd7b292f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-05d0d758dfd7b292f\",\"Tags\":[{\"Key\":\"KubernetesCluster\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Value\":\"nodes.kops-csp-demo-1.k8s.local\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\",\"Value\":\"owned\"}],\"GroupId\":\"sg-05d0d758dfd7b292f\",\"IpPermissions\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-01d2bb676d927f227\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null},{\"Description\":null,\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\"},{\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"Description\":\"Security group for nodes\",\"GroupName\":\"nodes.kops-csp-demo-1.k8s.local\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-05d0d758dfd7b292f\",\"sg-05d0d758dfd7b292f\"],\"name\":\"nodes.kops-csp-demo-1.k8s.local\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"GroupId\":\"sg-01d2bb676d927f227\",\"Tags\":[{\"Key\":\"KubernetesCluster\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Value\":\"masters.kops-csp-demo-1.k8s.local\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-01d2bb676d927f227\",\"Description\":\"Security group for masters\",\"GroupName\":\"masters.kops-csp-demo-1.k8s.local\",\"IpPermissions\":[{\"ToPort\":65535,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-05d0d758dfd7b292f\"}],\"FromPort\":4003,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":4000,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":null}],\"FromPort\":2382,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-01d2bb676d927f227\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null},{\"Description\":null,\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"},{\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":65535,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":1},{\"FromPort\":1,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":2379,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-05d0d758dfd7b292f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}]},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-035d6dc68c125f46b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-01d2bb676d927f227\",\"sg-01d2bb676d927f227\"],\"name\":\"masters.kops-csp-demo-1.k8s.local\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-01d2bb676d927f227\",\"sg-01d2bb676d927f227\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-01d2bb676d927f227\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-0655e251b572f3c6c\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0d3ca96abe32913d5\",\"sg-0d3ca96abe32913d5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0d3ca96abe32913d5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-0655e251b572f3c6c\",\"GroupId\":\"sg-0d3ca96abe32913d5\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[],\"FromPort\":443,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0d3ca96abe32913d5\",\"Tags\":null,\"Description\":\"Managed by Terraform\",\"GroupName\":\"terraform-20210316160408862000000002\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0d3ca96abe32913d5\",\"sg-0d3ca96abe32913d5\"],\"name\":\"terraform-20210316160408862000000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0bbefce841f731604\",\"sg-0bbefce841f731604\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0bbefce841f731604\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0bbefce841f731604\",\"Tags\":null,\"VpcId\":\"vpc-7d397e15\",\"Description\":\"ec2group\",\"GroupId\":\"sg-0bbefce841f731604\",\"GroupName\":\"ec2group\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0bbefce841f731604\",\"sg-0bbefce841f731604\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-1\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-023e7570cefcd460b\",\"Tags\":null,\"Description\":\"launch-wizard-1 created 2022-09-28T11:10:39.381Z\",\"GroupId\":\"sg-023e7570cefcd460b\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-7d397e15\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-023e7570cefcd460b\",\"sg-023e7570cefcd460b\"],\"name\":\"launch-wizard-1\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-023e7570cefcd460b\",\"sg-023e7570cefcd460b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-023e7570cefcd460b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-035d6dc68c125f46b\",\"sg-035d6dc68c125f46b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-035d6dc68c125f46b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Security group for api ELB\",\"GroupId\":\"sg-035d6dc68c125f46b\",\"GroupName\":\"api-elb.kops-csp-demo-1.k8s.local\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":-1,\"IpProtocol\":\"icmpv6\",\"IpRanges\":[],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[],\"ToPort\":-1},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":4,\"UserIdGroupPairs\":[],\"FromPort\":3,\"IpProtocol\":\"icmp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]},{\"ToPort\":443,\"UserIdGroupPairs\":[],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[{\"Description\":null,\"CidrIpv6\":\"::/0\"}],\"PrefixListIds\":[]}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"api-elb.kops-csp-demo-1.k8s.local\"},{\"Key\":\"KubernetesCluster\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Key\":\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-035d6dc68c125f46b\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-035d6dc68c125f46b\",\"sg-035d6dc68c125f46b\"],\"name\":\"api-elb.kops-csp-demo-1.k8s.local\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Pulumi\",\"GroupId\":\"sg-05533bf99ef5067b7\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-7d397e15\",\"GroupName\":\"eks-config-2-nodeSecurityGroup-1e1ce45\",\"IpPermissions\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Allow nodes to communicate with each other\",\"GroupId\":\"sg-05533bf99ef5067b7\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\"},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":65535,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Allow worker Kubelets and pods to receive communication from the cluster control plane\",\"GroupId\":\"sg-08b9f6734d5c7945f\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":1025,\"IpProtocol\":\"tcp\"},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Allow pods running extension API servers on port 443 to receive communication from cluster control plane\",\"GroupId\":\"sg-08b9f6734d5c7945f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Allow internet access.\"}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-05533bf99ef5067b7\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/eks-config-2-eksCluster-d513c96\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"eks-config-2-nodeSecurityGroup\"}]},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-05533bf99ef5067b7\",\"sg-05533bf99ef5067b7\"],\"name\":\"eks-config-2-nodeSecurityGroup-1e1ce45\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-05533bf99ef5067b7\",\"sg-05533bf99ef5067b7\"],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-05533bf99ef5067b7\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-051b3a37438c3b4c4\",\"sg-051b3a37438c3b4c4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-051b3a37438c3b4c4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-051b3a37438c3b4c4\",\"sg-051b3a37438c3b4c4\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-051b3a37438c3b4c4\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-051b3a37438c3b4c4\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-051b3a37438c3b4c4\",\"Tags\":null,\"Description\":\"default VPC security group\",\"GroupName\":\"default\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-058b21b3bf0f435b0\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0812ea8b0ae614308\",\"sg-0812ea8b0ae614308\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0812ea8b0ae614308\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0812ea8b0ae614308\",\"GroupId\":\"sg-0812ea8b0ae614308\",\"GroupName\":\"ec2group12\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Tags\":null,\"VpcId\":\"vpc-7d397e15\",\"Description\":\"ec2group12\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0812ea8b0ae614308\",\"sg-0812ea8b0ae614308\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-06149701fdcab92f0\",\"sg-06149701fdcab92f0\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-06149701fdcab92f0\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"GroupId\":\"sg-06149701fdcab92f0\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-06149701fdcab92f0\",\"Tags\":null,\"VpcId\":\"vpc-7d397e15\",\"Description\":\"ec2group1\",\"GroupName\":\"ec2group1\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-06149701fdcab92f0\",\"sg-06149701fdcab92f0\"],\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-072b44dd270e0de3d\",\"sg-072b44dd270e0de3d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-072b44dd270e0de3d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-7d397e15\",\"GroupName\":\"launch-wizard-3\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-072b44dd270e0de3d\",\"Description\":\"launch-wizard-3 created 2024-08-27T06:39:31.175Z\",\"GroupId\":\"sg-072b44dd270e0de3d\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-072b44dd270e0de3d\",\"sg-072b44dd270e0de3d\"],\"name\":\"launch-wizard-3\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0086dac1b04450e06\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupName\":\"launch-wizard-2\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Description\":\"launch-wizard-2 created 2022-09-28T11:14:38.190Z\",\"GroupId\":\"sg-0086dac1b04450e06\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0086dac1b04450e06\",\"Tags\":null,\"VpcId\":\"vpc-7d397e15\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0086dac1b04450e06\",\"sg-0086dac1b04450e06\"],\"name\":\"launch-wizard-2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0086dac1b04450e06\",\"sg-0086dac1b04450e06\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0abba6440d8850fb9\",\"sg-0abba6440d8850fb9\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0abba6440d8850fb9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0abba6440d8850fb9\",\"sg-0abba6440d8850fb9\"],\"name\":\"my-cluster-eksClusterSecurityGroup-ddd1ec3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Allow pods to communicate with the cluster API Server\",\"GroupId\":\"sg-0f7d3bedfcd9f6ace\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":\"Allow internet access.\",\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0abba6440d8850fb9\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"my-cluster-eksClusterSecurityGroup\"}],\"VpcId\":\"vpc-7d397e15\",\"Description\":\"Managed by Pulumi\",\"GroupName\":\"my-cluster-eksClusterSecurityGroup-ddd1ec3\",\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-0abba6440d8850fb9\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"GroupName\":\"terraform-20210316160408864600000003\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"ssh-allowed\"}],\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0c1be3c3b07a58466\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"},{\"FromPort\":8181,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":8181,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0c1be3c3b07a58466\",\"VpcId\":\"vpc-0655e251b572f3c6c\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0c1be3c3b07a58466\",\"sg-0c1be3c3b07a58466\"],\"name\":\"terraform-20210316160408864600000003\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-0655e251b572f3c6c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0c1be3c3b07a58466\",\"sg-0c1be3c3b07a58466\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0c1be3c3b07a58466\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0f7d3bedfcd9f6ace\",\"sg-0f7d3bedfcd9f6ace\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0f7d3bedfcd9f6ace\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"my-cluster-nodeSecurityGroup-231ca77\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Allow internet access.\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"my-cluster-nodeSecurityGroup\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/my-cluster-eksCluster-8cc76d8\",\"Value\":\"owned\"}],\"Description\":\"Managed by Pulumi\",\"GroupId\":\"sg-0f7d3bedfcd9f6ace\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0f7d3bedfcd9f6ace\",\"VpcId\":\"vpc-7d397e15\",\"GroupName\":\"my-cluster-nodeSecurityGroup-231ca77\",\"IpPermissions\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":\"Allow nodes to communicate with each other\",\"GroupId\":\"sg-0f7d3bedfcd9f6ace\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null},{\"FromPort\":1025,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":65535,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Allow worker Kubelets and pods to receive communication from the cluster control plane\",\"GroupId\":\"sg-0abba6440d8850fb9\",\"GroupName\":null}]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Allow pods running extension API servers on port 443 to receive communication from cluster control plane\",\"GroupId\":\"sg-0abba6440d8850fb9\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":443}]},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0f7d3bedfcd9f6ace\",\"sg-0f7d3bedfcd9f6ace\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-08b9f6734d5c7945f\",\"sg-08b9f6734d5c7945f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-08b9f6734d5c7945f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Pulumi\",\"GroupId\":\"sg-08b9f6734d5c7945f\",\"GroupName\":\"eks-config-2-eksClusterSecurityGroup-0cf95d8\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Allow pods to communicate with the cluster API Server\",\"GroupId\":\"sg-05533bf99ef5067b7\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-08b9f6734d5c7945f\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Allow internet access.\"}]}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-config-2-eksClusterSecurityGroup\"}],\"VpcId\":\"vpc-7d397e15\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-08b9f6734d5c7945f\",\"sg-08b9f6734d5c7945f\"],\"name\":\"eks-config-2-eksClusterSecurityGroup-0cf95d8\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0a5dc3074dbab27d3\",\"sg-0a5dc3074dbab27d3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0a5dc3074dbab27d3\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"name\":\"terraform-20210316160408862000000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0a5dc3074dbab27d3\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0a5dc3074dbab27d3\",\"GroupName\":\"terraform-20210316160408862000000001\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":6379,\"UserIdGroupPairs\":[],\"FromPort\":6379}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-0655e251b572f3c6c\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0a5dc3074dbab27d3\",\"sg-0a5dc3074dbab27d3\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0655e251b572f3c6c\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0655e251b572f3c6c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0506b0ea42395a5f0\",\"sg-0506b0ea42395a5f0\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0506b0ea42395a5f0\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"default VPC security group\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"IpPermissions\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-0506b0ea42395a5f0\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0506b0ea42395a5f0\",\"VpcId\":\"vpc-0655e251b572f3c6c\",\"GroupId\":\"sg-0506b0ea42395a5f0\",\"GroupName\":\"default\"},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:security-group/sg-0506b0ea42395a5f0\",\"sg-0506b0ea42395a5f0\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-06e324ab2e1881d8f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Description\":\"ec2group12\",\"GroupId\":\"sg-06e324ab2e1881d8f\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-06e324ab2e1881d8f\",\"VpcId\":\"vpc-8bb1fde3\",\"GroupName\":\"ec2group12\",\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-06e324ab2e1881d8f\",\"sg-06e324ab2e1881d8f\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ca-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-8bb1fde3\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-06e324ab2e1881d8f\",\"sg-06e324ab2e1881d8f\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ca-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-8bb1fde3\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-09bc8a17b02cc5109\",\"sg-09bc8a17b02cc5109\"],\"entity.metadata\":{\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-09bc8a17b02cc5109\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"ec2group1\",\"GroupName\":\"ec2group1\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-09bc8a17b02cc5109\",\"Tags\":null,\"GroupId\":\"sg-09bc8a17b02cc5109\",\"IpPermissions\":[],\"VpcId\":\"vpc-8bb1fde3\"},\"id\":[\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-09bc8a17b02cc5109\",\"sg-09bc8a17b02cc5109\"],\"name\":\"ec2group1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-8bb1fde3\"]},\"resource_policies\":[],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-0e850c5efd595a105\",\"sg-0e850c5efd595a105\"],\"entity.metadata\":{\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-0e850c5efd595a105\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"IpPermissions\":[],\"GroupId\":\"sg-0e850c5efd595a105\",\"GroupName\":\"ec2group\",\"SecurityGroupArn\":\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-0e850c5efd595a105\",\"VpcId\":\"vpc-8bb1fde3\",\"Description\":\"ec2group\"},\"id\":[\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-0e850c5efd595a105\",\"sg-0e850c5efd595a105\"],\"name\":\"ec2group\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ca-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-8bb1fde3\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-6c16830c\",\"sg-6c16830c\"],\"entity.metadata\":{\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-6c16830c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-6c16830c\",\"Tags\":null,\"Description\":\"default VPC security group\",\"GroupName\":\"default\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-6c16830c\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[]}],\"GroupId\":\"sg-6c16830c\",\"VpcId\":\"vpc-8bb1fde3\"},\"id\":[\"arn:aws:ec2:ca-central-1:704479110758:security-group/sg-6c16830c\",\"sg-6c16830c\"],\"name\":\"default\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ca-central-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.091+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"name\":\"cloudbeat-tf-T5Z-cluster-20230125192537310500000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS cluster security group\",\"GroupId\":\"sg-09379eb4b1c6d3ce4\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-08ae870367715eb3f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]}],\"VpcId\":\"vpc-0d34957e50abb854b\",\"GroupName\":\"cloudbeat-tf-T5Z-cluster-20230125192537310500000004\",\"IpPermissionsEgress\":[{\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-08ae870367715eb3f\",\"GroupName\":null}]},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-08ae870367715eb3f\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-09379eb4b1c6d3ce4\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-cluster\"}]},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-09379eb4b1c6d3ce4\",\"sg-09379eb4b1c6d3ce4\"]},\"cloud\":{\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-09379eb4b1c6d3ce4\",\"sg-09379eb4b1c6d3ce4\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-09379eb4b1c6d3ce4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0526d5f75d5a9dea1\",\"sg-0526d5f75d5a9dea1\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0526d5f75d5a9dea1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0526d5f75d5a9dea1\",\"Tags\":null,\"VpcId\":\"vpc-0d34957e50abb854b\",\"GroupId\":\"sg-0526d5f75d5a9dea1\",\"GroupName\":\"default\",\"IpPermissions\":[{\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-0526d5f75d5a9dea1\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0526d5f75d5a9dea1\",\"sg-0526d5f75d5a9dea1\"],\"name\":\"default\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0b7873741a2e7480c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"cloudbeat-tf-T5Z_120230124142916276300000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0b7873741a2e7480c\",\"GroupName\":\"cloudbeat-tf-T5Z_120230124142916276300000005\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}]}],\"VpcId\":\"vpc-0400c449f7d20cd09\",\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0b7873741a2e7480c\",\"Tags\":null},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0b7873741a2e7480c\",\"sg-0b7873741a2e7480c\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0b7873741a2e7480c\",\"sg-0b7873741a2e7480c\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-node\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"owned\"}],\"IpPermissions\":[{\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-09379eb4b1c6d3ce4\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}]},{\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-08ae870367715eb3f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"ToPort\":53,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-08ae870367715eb3f\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-09379eb4b1c6d3ce4\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-08ae870367715eb3f\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-08ae870367715eb3f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"ToPort\":53,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-08ae870367715eb3f\",\"GroupName\":null}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-09379eb4b1c6d3ce4\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]},{\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\"}],\"VpcId\":\"vpc-0d34957e50abb854b\",\"Description\":\"EKS node shared security group\",\"GroupId\":\"sg-08ae870367715eb3f\",\"GroupName\":\"cloudbeat-tf-T5Z-node-20230125192537253200000003\"},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-08ae870367715eb3f\",\"sg-08ae870367715eb3f\"],\"name\":\"cloudbeat-tf-T5Z-node-20230125192537253200000003\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-08ae870367715eb3f\",\"sg-08ae870367715eb3f\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-08ae870367715eb3f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-098d8e3f305b300c4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"192.168.0.0/16\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[],\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-098d8e3f305b300c4\",\"GroupName\":\"cloudbeat-tf-T5Z_220230124142916275800000004\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-098d8e3f305b300c4\",\"Tags\":null,\"VpcId\":\"vpc-0400c449f7d20cd09\"},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-098d8e3f305b300c4\",\"sg-098d8e3f305b300c4\"],\"name\":\"cloudbeat-tf-T5Z_220230124142916275800000004\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-098d8e3f305b300c4\",\"sg-098d8e3f305b300c4\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0ba072802b99d53dd\",\"sg-0ba072802b99d53dd\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0ba072802b99d53dd\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"cloudbeat-tf-T5Z_120230125192536202100000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupName\":\"cloudbeat-tf-T5Z_120230125192536202100000002\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"Tags\":null,\"VpcId\":\"vpc-0d34957e50abb854b\",\"GroupId\":\"sg-0ba072802b99d53dd\",\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0ba072802b99d53dd\"},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0ba072802b99d53dd\",\"sg-0ba072802b99d53dd\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0e69aa77bd5a08e6c\",\"sg-0e69aa77bd5a08e6c\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0e69aa77bd5a08e6c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-07fd5f5c3a1efa93d\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\"}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-07fd5f5c3a1efa93d\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0e69aa77bd5a08e6c\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-cluster\"}],\"GroupId\":\"sg-0e69aa77bd5a08e6c\",\"GroupName\":\"cloudbeat-tf-T5Z-cluster-20230124142917751200000007\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-07fd5f5c3a1efa93d\",\"GroupName\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[]}],\"Description\":\"EKS cluster security group\",\"VpcId\":\"vpc-0400c449f7d20cd09\"},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-0e69aa77bd5a08e6c\",\"sg-0e69aa77bd5a08e6c\"],\"name\":\"cloudbeat-tf-T5Z-cluster-20230124142917751200000007\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-01eee8522c3df3295\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-01eee8522c3df3295\",\"Description\":\"default VPC security group\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-0400c449f7d20cd09\",\"GroupId\":\"sg-01eee8522c3df3295\",\"GroupName\":\"default\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-01eee8522c3df3295\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}]}]},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-01eee8522c3df3295\",\"sg-01eee8522c3df3295\"],\"name\":\"default\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\"},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-01eee8522c3df3295\",\"sg-01eee8522c3df3295\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-06b8aad5d76c9e3c1\",\"sg-06b8aad5d76c9e3c1\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-06b8aad5d76c9e3c1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-06b8aad5d76c9e3c1\",\"Tags\":null,\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-06b8aad5d76c9e3c1\",\"GroupName\":\"cloudbeat-tf-T5Z_220230125192536200600000001\",\"IpPermissionsEgress\":[],\"VpcId\":\"vpc-0d34957e50abb854b\"},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-06b8aad5d76c9e3c1\",\"sg-06b8aad5d76c9e3c1\"],\"name\":\"cloudbeat-tf-T5Z_220230125192536200600000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-64cae807\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-64cae807\",\"GroupName\":\"default\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"default VPC security group\",\"IpPermissions\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-64cae807\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":null}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-64cae807\",\"VpcId\":\"vpc-eb7e6883\"},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-64cae807\",\"sg-64cae807\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-eb7e6883\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-64cae807\",\"sg-64cae807\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-07fd5f5c3a1efa93d\",\"sg-07fd5f5c3a1efa93d\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-07fd5f5c3a1efa93d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS node shared security group\",\"GroupName\":\"cloudbeat-tf-T5Z-node-20230124142917651000000006\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-07fd5f5c3a1efa93d\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-07fd5f5c3a1efa93d\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":53},{\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-0e69aa77bd5a08e6c\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}]},{\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":\"Egress NTP/TCP to internet\",\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-07fd5f5c3a1efa93d\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0e69aa77bd5a08e6c\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":10250},{\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-07fd5f5c3a1efa93d\",\"GroupName\":null,\"PeeringStatus\":null}]},{\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-07fd5f5c3a1efa93d\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0e69aa77bd5a08e6c\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-07fd5f5c3a1efa93d\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-node\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-0400c449f7d20cd09\"},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:security-group/sg-07fd5f5c3a1efa93d\",\"sg-07fd5f5c3a1efa93d\"],\"name\":\"cloudbeat-tf-T5Z-node-20230124142917651000000006\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-04d575997abe52c57\",\"sg-04d575997abe52c57\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-04d575997abe52c57\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupName\":\"launch-wizard-2\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-04d575997abe52c57\",\"GroupId\":\"sg-04d575997abe52c57\",\"Tags\":null,\"VpcId\":\"vpc-73d2e309\",\"Description\":\"launch-wizard-2 created 2023-03-28T11:11:57.341Z\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-04d575997abe52c57\",\"sg-04d575997abe52c57\"],\"name\":\"launch-wizard-2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"Tags\":null,\"Description\":\"launch-wizard-13 created 2024-06-05T10:11:34.514Z\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0eccce5d3094b0538\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-73d2e309\",\"GroupId\":\"sg-0eccce5d3094b0538\",\"GroupName\":\"launch-wizard-13\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}]}]},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0eccce5d3094b0538\",\"sg-0eccce5d3094b0538\"],\"name\":\"launch-wizard-13\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0eccce5d3094b0538\",\"sg-0eccce5d3094b0538\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0eccce5d3094b0538\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0458bbec1fdae9123\",\"sg-0458bbec1fdae9123\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0458bbec1fdae9123\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-15 created 2024-06-06T08:31:54.050Z\",\"GroupName\":\"launch-wizard-15\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"Tags\":null,\"GroupId\":\"sg-0458bbec1fdae9123\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0458bbec1fdae9123\",\"VpcId\":\"vpc-73d2e309\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0458bbec1fdae9123\",\"sg-0458bbec1fdae9123\"],\"name\":\"launch-wizard-15\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-00df47a1b852fc695\",\"sg-00df47a1b852fc695\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-00df47a1b852fc695\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-9\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-9 created 2024-01-20T20:15:02.721Z\",\"GroupId\":\"sg-00df47a1b852fc695\",\"GroupName\":\"launch-wizard-9\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-00df47a1b852fc695\",\"VpcId\":\"vpc-73d2e309\",\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-00df47a1b852fc695\",\"sg-00df47a1b852fc695\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0bf695053381a9936\",\"sg-0bf695053381a9936\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0bf695053381a9936\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"Description\":\"launch-wizard-7 created 2023-11-30T10:02:50.165Z\",\"GroupId\":\"sg-0bf695053381a9936\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0bf695053381a9936\",\"GroupName\":\"launch-wizard-7\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-73d2e309\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0bf695053381a9936\",\"sg-0bf695053381a9936\"],\"name\":\"launch-wizard-7\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0bbd5d879c2ded062\",\"Tags\":null,\"VpcId\":\"vpc-73d2e309\",\"Description\":\"launch-wizard-12 created 2024-06-05T09:58:43.848Z\",\"GroupId\":\"sg-0bbd5d879c2ded062\",\"GroupName\":\"launch-wizard-12\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0bbd5d879c2ded062\",\"sg-0bbd5d879c2ded062\"],\"name\":\"launch-wizard-12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0bbd5d879c2ded062\",\"sg-0bbd5d879c2ded062\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0bbd5d879c2ded062\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-4e483165\",\"sg-4e483165\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-4e483165\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-4e483165\",\"Tags\":null,\"IpPermissions\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-4e483165\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\"},{\"FromPort\":3306,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"86.89.2.244/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":3306,\"UserIdGroupPairs\":[]}],\"GroupId\":\"sg-4e483165\",\"GroupName\":\"default\",\"VpcId\":\"vpc-73d2e309\",\"Description\":\"default VPC security group\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-4e483165\",\"sg-4e483165\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"name\":\"orestis-onweek\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-0e216cd0fdb8e7d68\",\"GroupName\":\"orestis-onweek\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-73d2e309\",\"Description\":\"launch-wizard-10 created 2024-05-02T14:54:32.024Z\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"100.27.136.248/32\",\"Description\":null},{\"CidrIp\":\"44.223.163.119/32\",\"Description\":null},{\"Description\":null,\"CidrIp\":\"18.199.254.49/32\"},{\"CidrIp\":\"88.217.180.56/32\",\"Description\":\"tmp my ip\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null},{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]},{\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"52.48.42.125/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0e216cd0fdb8e7d68\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0e216cd0fdb8e7d68\",\"sg-0e216cd0fdb8e7d68\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0e216cd0fdb8e7d68\",\"sg-0e216cd0fdb8e7d68\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0e216cd0fdb8e7d68\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03c9639c1df57b6ac\",\"sg-03c9639c1df57b6ac\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03c9639c1df57b6ac\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Description\":\"launch-wizard-14 created 2024-06-06T08:02:02.302Z\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"Tags\":null,\"VpcId\":\"vpc-73d2e309\",\"GroupId\":\"sg-03c9639c1df57b6ac\",\"GroupName\":\"launch-wizard-14\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03c9639c1df57b6ac\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03c9639c1df57b6ac\",\"sg-03c9639c1df57b6ac\"],\"name\":\"launch-wizard-14\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"Description\":\"launch-wizard-8 created 2023-11-30T10:28:05.126Z\",\"GroupName\":\"launch-wizard-8\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"Tags\":null,\"GroupId\":\"sg-013fddb03ca8a1f5e\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-013fddb03ca8a1f5e\",\"VpcId\":\"vpc-73d2e309\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-013fddb03ca8a1f5e\",\"sg-013fddb03ca8a1f5e\"],\"name\":\"launch-wizard-8\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-013fddb03ca8a1f5e\",\"sg-013fddb03ca8a1f5e\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-013fddb03ca8a1f5e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0eb5d6011d232e16e\",\"sg-0eb5d6011d232e16e\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0eb5d6011d232e16e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"tags\":null,\"raw\":{\"GroupId\":\"sg-0eb5d6011d232e16e\",\"GroupName\":\"elastic-agent-security-group-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"VpcId\":\"vpc-73d2e309\",\"Description\":\"Block incoming traffic\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0eb5d6011d232e16e\",\"Tags\":[{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"},{\"Value\":\"arn:aws:cloudformation:us-east-1:704479110758:stack/CSP-Paulo-QA-813-BC1/ea3d0490-0327-11ef-bfb0-0ed250d4eab7\",\"Key\":\"aws:cloudformation:stack-id\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"CSP-Paulo-QA-813-BC1\"}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0eb5d6011d232e16e\",\"sg-0eb5d6011d232e16e\"],\"name\":\"elastic-agent-security-group-ea3d0490-0327-11ef-bfb0-0ed250d4eab7\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0cac53eb3bebabff1\",\"sg-0cac53eb3bebabff1\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0cac53eb3bebabff1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-73d2e309\",\"Description\":\"ec2group12\",\"GroupId\":\"sg-0cac53eb3bebabff1\",\"GroupName\":\"ec2group12\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0cac53eb3bebabff1\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0cac53eb3bebabff1\",\"sg-0cac53eb3bebabff1\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-04fbff43174d235c2\",\"sg-04fbff43174d235c2\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-04fbff43174d235c2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-04fbff43174d235c2\",\"GroupName\":\"ec2group1\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-73d2e309\",\"Description\":\"ec2group1\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-04fbff43174d235c2\",\"Tags\":null},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-04fbff43174d235c2\",\"sg-04fbff43174d235c2\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0acbe0b3915401f33\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0acbe0b3915401f33\",\"Description\":\"launch-wizard created 2023-05-11T20:59:42.437Z\",\"GroupName\":\"launch-wizard-6\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"VpcId\":\"vpc-73d2e309\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0acbe0b3915401f33\",\"sg-0acbe0b3915401f33\"],\"name\":\"launch-wizard-6\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0acbe0b3915401f33\",\"sg-0acbe0b3915401f33\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0acbe0b3915401f33\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0ad58a936adaa01a8\",\"sg-0ad58a936adaa01a8\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0ad58a936adaa01a8\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupName\":\"terraform-20230221130010881300000001\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"owner\",\"Value\":\"\"},{\"Key\":\"project\",\"Value\":\"\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"previsioner\",\"Value\":\"tarraform\"},{\"Key\":\"id\",\"Value\":\"huge-sparrow\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0ad58a936adaa01a8\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0ad58a936adaa01a8\",\"VpcId\":\"vpc-73d2e309\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0ad58a936adaa01a8\",\"sg-0ad58a936adaa01a8\"],\"name\":\"terraform-20230221130010881300000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03ae61f6a3395f9d1\",\"sg-03ae61f6a3395f9d1\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03ae61f6a3395f9d1\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-03ae61f6a3395f9d1\",\"GroupName\":\"launch-wizard-1\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"launch-wizard created 2023-02-27T08:46:34.342Z\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03ae61f6a3395f9d1\",\"VpcId\":\"vpc-73d2e309\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03ae61f6a3395f9d1\",\"sg-03ae61f6a3395f9d1\"],\"name\":\"launch-wizard-1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-057814b77c5def442\",\"sg-057814b77c5def442\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-057814b77c5def442\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-057814b77c5def442\",\"GroupName\":\"launch-wizard-3\",\"IpPermissions\":[{\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"79.181.39.115/32\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"},{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"77.137.8.226/32\",\"Description\":\"office IL\"},{\"CidrIp\":\"147.236.152.125/32\",\"Description\":\"Amit home\"},{\"CidrIp\":\"93.172.10.72/32\",\"Description\":\"Arkady home\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-057814b77c5def442\",\"Tags\":null,\"Description\":\"launch-wizard-3 created 2021-01-02T22:11:05.791+02:00\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-73d2e309\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-057814b77c5def442\",\"sg-057814b77c5def442\"],\"name\":\"launch-wizard-3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0c2637c947ff2cbbf\",\"sg-0c2637c947ff2cbbf\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0c2637c947ff2cbbf\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-4 created 2023-04-12T19:49:57.548Z\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0c2637c947ff2cbbf\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-73d2e309\",\"GroupId\":\"sg-0c2637c947ff2cbbf\",\"GroupName\":\"launch-wizard-4\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}]},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0c2637c947ff2cbbf\",\"sg-0c2637c947ff2cbbf\"],\"name\":\"launch-wizard-4\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03270d34c5819f08b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Description\":\"Managed by Terraform\",\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-03270d34c5819f08b\",\"GroupName\":\"terraform-20230221173641283300000001\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03270d34c5819f08b\",\"Tags\":null,\"VpcId\":\"vpc-73d2e309\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03270d34c5819f08b\",\"sg-03270d34c5819f08b\"],\"name\":\"terraform-20230221173641283300000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-03270d34c5819f08b\",\"sg-03270d34c5819f08b\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0606924b6515b3b89\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0606924b6515b3b89\",\"VpcId\":\"vpc-73d2e309\",\"Description\":\"launch-wizard-10 created 2024-06-05T09:22:30.936Z\",\"GroupName\":\"launch-wizard-10\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-0606924b6515b3b89\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}]},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0606924b6515b3b89\",\"sg-0606924b6515b3b89\"],\"name\":\"launch-wizard-10\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0606924b6515b3b89\",\"sg-0606924b6515b3b89\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0722e9a762f64b097\",\"sg-0722e9a762f64b097\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0722e9a762f64b097\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"ec2group\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0722e9a762f64b097\",\"Tags\":null,\"VpcId\":\"vpc-73d2e309\",\"GroupId\":\"sg-0722e9a762f64b097\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"Description\":\"ec2group\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0722e9a762f64b097\",\"sg-0722e9a762f64b097\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-06afaa3ed13d88886\",\"sg-06afaa3ed13d88886\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-06afaa3ed13d88886\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-06afaa3ed13d88886\",\"GroupName\":\"launch-wizard-5\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"VpcId\":\"vpc-73d2e309\",\"Description\":\"launch-wizard created 2023-05-10T07:22:00.932Z\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-06afaa3ed13d88886\",\"Tags\":null},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-06afaa3ed13d88886\",\"sg-06afaa3ed13d88886\"],\"name\":\"launch-wizard-5\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-006d0decaf51b405e\",\"sg-006d0decaf51b405e\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-006d0decaf51b405e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-16 created 2024-10-15T21:31:45.964Z\",\"GroupName\":\"launch-wizard-16\",\"IpPermissions\":[{\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-006d0decaf51b405e\",\"Tags\":null,\"VpcId\":\"vpc-73d2e309\",\"GroupId\":\"sg-006d0decaf51b405e\"},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-006d0decaf51b405e\",\"sg-006d0decaf51b405e\"],\"name\":\"launch-wizard-16\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0baa0e17904d6b449\",\"sg-0baa0e17904d6b449\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0baa0e17904d6b449\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-11\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"launch-wizard-11 created 2024-06-05T09:38:33.544Z\",\"GroupName\":\"launch-wizard-11\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0baa0e17904d6b449\",\"VpcId\":\"vpc-73d2e309\",\"GroupId\":\"sg-0baa0e17904d6b449\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:security-group/sg-0baa0e17904d6b449\",\"sg-0baa0e17904d6b449\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-e4a9b483\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-7a238809\",\"sg-7a238809\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-7a238809\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-7a238809\",\"GroupName\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}]}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-7a238809\",\"Tags\":null,\"Description\":\"default VPC security group\",\"GroupId\":\"sg-7a238809\",\"GroupName\":\"default\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-e4a9b483\"},\"id\":[\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-7a238809\",\"sg-7a238809\"],\"name\":\"default\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-e4a9b483\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-086f6905c2b88b849\",\"sg-086f6905c2b88b849\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-086f6905c2b88b849\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-e4a9b483\",\"Description\":\"ec2group12\",\"GroupName\":\"ec2group12\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-086f6905c2b88b849\",\"GroupId\":\"sg-086f6905c2b88b849\",\"IpPermissions\":[]},\"id\":[\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-086f6905c2b88b849\",\"sg-086f6905c2b88b849\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-southeast-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-e4a9b483\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-038e90a5beee0b3d2\",\"sg-038e90a5beee0b3d2\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-038e90a5beee0b3d2\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"id\":[\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-038e90a5beee0b3d2\",\"sg-038e90a5beee0b3d2\"],\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"Description\":\"ec2group\",\"GroupId\":\"sg-038e90a5beee0b3d2\",\"GroupName\":\"ec2group\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-038e90a5beee0b3d2\",\"Tags\":null,\"VpcId\":\"vpc-e4a9b483\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-08ef3bef9daf8e291\",\"sg-08ef3bef9daf8e291\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-08ef3bef9daf8e291\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-08ef3bef9daf8e291\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-e4a9b483\",\"Description\":\"ec2group1\",\"GroupName\":\"ec2group1\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-08ef3bef9daf8e291\",\"Tags\":null},\"id\":[\"arn:aws:ec2:ap-southeast-1:704479110758:security-group/sg-08ef3bef9daf8e291\",\"sg-08ef3bef9daf8e291\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-e4a9b483\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0b059e3fb166341d6\",\"sg-0b059e3fb166341d6\"],\"name\":\"launch-wizard-1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-1\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0b059e3fb166341d6\",\"Tags\":null,\"VpcId\":\"vpc-0fa96564\",\"Description\":\"launch-wizard-1 created 2022-05-02T11:33:48.619Z\",\"GroupId\":\"sg-0b059e3fb166341d6\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0b059e3fb166341d6\",\"sg-0b059e3fb166341d6\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0b059e3fb166341d6\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0b55a42788ff7a48b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0b55a42788ff7a48b\",\"GroupName\":\"eks-cluster-sg-exciting-gopher-1659539920-1053808767\",\"IpPermissions\":[],\"VpcId\":\"vpc-02c354cf7457127fd\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0b55a42788ff7a48b\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-exciting-gopher-1659539920-1053808767\"},{\"Key\":\"kubernetes.io/cluster/exciting-gopher-1659539920\",\"Value\":\"owned\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"exciting-gopher-1659539920\"}]},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0b55a42788ff7a48b\",\"sg-0b55a42788ff7a48b\"],\"name\":\"eks-cluster-sg-exciting-gopher-1659539920-1053808767\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-02c354cf7457127fd\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0b55a42788ff7a48b\",\"sg-0b55a42788ff7a48b\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a6c28854c30e4d66\",\"sg-0a6c28854c30e4d66\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a6c28854c30e4d66\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a6c28854c30e4d66\",\"Tags\":null,\"VpcId\":\"vpc-0fa96564\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-14 created 2024-04-02T16:34:41.366Z\",\"GroupId\":\"sg-0a6c28854c30e4d66\",\"GroupName\":\"launch-wizard-14\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a6c28854c30e4d66\",\"sg-0a6c28854c30e4d66\"],\"name\":\"launch-wizard-14\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-05d1fa5d723677d58\",\"sg-05d1fa5d723677d58\"],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-05d1fa5d723677d58\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"ec2group12\",\"GroupId\":\"sg-05d1fa5d723677d58\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"Tags\":null,\"VpcId\":\"vpc-0fa96564\",\"GroupName\":\"ec2group12\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-05d1fa5d723677d58\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-05d1fa5d723677d58\",\"sg-05d1fa5d723677d58\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0619325150bc194fd\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-02c354cf7457127fd\",\"GroupId\":\"sg-0619325150bc194fd\",\"GroupName\":\"default\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-0619325150bc194fd\"}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0619325150bc194fd\",\"Description\":\"default VPC security group\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}]},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0619325150bc194fd\",\"sg-0619325150bc194fd\"],\"name\":\"default\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-02c354cf7457127fd\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0619325150bc194fd\",\"sg-0619325150bc194fd\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-4 created 2022-08-24T16:46:32.154Z\",\"GroupId\":\"sg-0713113b49181fe26\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0713113b49181fe26\",\"VpcId\":\"vpc-0fa96564\",\"GroupName\":\"launch-wizard-4\",\"Tags\":null},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0713113b49181fe26\",\"sg-0713113b49181fe26\"],\"name\":\"launch-wizard-4\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0713113b49181fe26\",\"sg-0713113b49181fe26\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0713113b49181fe26\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e4a8f6d49eebb711\",\"sg-0e4a8f6d49eebb711\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e4a8f6d49eebb711\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"raw\":{\"Description\":\"launch-wizard-3 created 2022-08-18T12:29:44.187Z\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e4a8f6d49eebb711\",\"VpcId\":\"vpc-0fa96564\",\"GroupId\":\"sg-0e4a8f6d49eebb711\",\"GroupName\":\"launch-wizard-3\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"194.90.142.221/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"Tags\":null},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e4a8f6d49eebb711\",\"sg-0e4a8f6d49eebb711\"],\"name\":\"launch-wizard-3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-089f6d7234f7b5f61\",\"sg-089f6d7234f7b5f61\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-089f6d7234f7b5f61\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-16\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-089f6d7234f7b5f61\",\"VpcId\":\"vpc-0fa96564\",\"Description\":\"launch-wizard-16 created 2024-04-03T10:35:37.311Z\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-089f6d7234f7b5f61\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-089f6d7234f7b5f61\",\"sg-089f6d7234f7b5f61\"],\"name\":\"launch-wizard-16\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e29a1bc9a5e4fbb4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-6\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-0fa96564\",\"Description\":\"launch-wizard-6 created 2022-10-06T16:42:01.704Z\",\"GroupId\":\"sg-0e29a1bc9a5e4fbb4\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e29a1bc9a5e4fbb4\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupName\":\"launch-wizard-6\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}]},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e29a1bc9a5e4fbb4\",\"sg-0e29a1bc9a5e4fbb4\"]},\"cloud\":{\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e29a1bc9a5e4fbb4\",\"sg-0e29a1bc9a5e4fbb4\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a51ed2c4e6f90835\",\"sg-0a51ed2c4e6f90835\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a51ed2c4e6f90835\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-0fa96564\",\"Description\":\"launch-wizard-12 created 2023-09-28T12:15:30.522Z\",\"GroupId\":\"sg-0a51ed2c4e6f90835\",\"GroupName\":\"launch-wizard-12\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}]}],\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a51ed2c4e6f90835\",\"Tags\":null},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a51ed2c4e6f90835\",\"sg-0a51ed2c4e6f90835\"],\"name\":\"launch-wizard-12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03749ee20e5e0bffe\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":[{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-east-2:704479110758:stack/Elastic-Vulnerability-Management/af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Vulnerability-Management\"}],\"VpcId\":\"vpc-0fa96564\",\"Description\":\"Block incoming traffic\",\"GroupName\":\"elastic-agent-security-group-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03749ee20e5e0bffe\",\"GroupId\":\"sg-03749ee20e5e0bffe\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03749ee20e5e0bffe\",\"sg-03749ee20e5e0bffe\"],\"name\":\"elastic-agent-security-group-af9dcf80-92ac-11ef-b3d5-023b2e3b0a81\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03749ee20e5e0bffe\",\"sg-03749ee20e5e0bffe\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e83345dc73014169\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"VpcId\":\"vpc-0fa96564\",\"Description\":\"launch-wizard-5 created 2022-10-06T16:40:36.247Z\",\"GroupId\":\"sg-0e83345dc73014169\",\"GroupName\":\"launch-wizard-5\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e83345dc73014169\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e83345dc73014169\",\"sg-0e83345dc73014169\"],\"name\":\"launch-wizard-5\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0e83345dc73014169\",\"sg-0e83345dc73014169\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-046fe732c377d4a54\",\"sg-046fe732c377d4a54\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-046fe732c377d4a54\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-046fe732c377d4a54\",\"GroupName\":\"ec2group\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-046fe732c377d4a54\",\"VpcId\":\"vpc-0fa96564\",\"Description\":\"ec2group\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-046fe732c377d4a54\",\"sg-046fe732c377d4a54\"],\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-09b1bd8bbf4508a52\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-06a19f9d2c9c54013\",\"sg-06a19f9d2c9c54013\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-06a19f9d2c9c54013\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-06a19f9d2c9c54013\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}]}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-06a19f9d2c9c54013\",\"VpcId\":\"vpc-09b1bd8bbf4508a52\",\"GroupId\":\"sg-06a19f9d2c9c54013\",\"GroupName\":\"default\",\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-06a19f9d2c9c54013\",\"sg-06a19f9d2c9c54013\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-0fa96564\",\"GroupId\":\"sg-0f60e1b915c61fc07\",\"GroupName\":\"launch-wizard-10\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0f60e1b915c61fc07\",\"Description\":\"launch-wizard-10 created 2023-08-02T09:42:35.855Z\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}]},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0f60e1b915c61fc07\",\"sg-0f60e1b915c61fc07\"],\"name\":\"launch-wizard-10\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0f60e1b915c61fc07\",\"sg-0f60e1b915c61fc07\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0f60e1b915c61fc07\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03812f1a3243e237e\",\"Tags\":null,\"VpcId\":\"vpc-0fa96564\",\"GroupName\":\"launch-wizard-17\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-17 created 2024-04-03T23:28:40.344Z\",\"GroupId\":\"sg-03812f1a3243e237e\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03812f1a3243e237e\",\"sg-03812f1a3243e237e\"],\"name\":\"launch-wizard-17\"},\"cloud\":{\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03812f1a3243e237e\",\"sg-03812f1a3243e237e\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03812f1a3243e237e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"VpcId\":\"vpc-0fa96564\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-abad8ccc\",\"GroupName\":\"default\",\"IpPermissions\":[{\"FromPort\":5432,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":5432,\"UserIdGroupPairs\":[]},{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-abad8ccc\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-abad8ccc\",\"sg-abad8ccc\"],\"name\":\"default\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-abad8ccc\",\"sg-abad8ccc\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-abad8ccc\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"GroupName\":\"launch-wizard-11\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0917bcfaddd81a5f0\",\"Tags\":null,\"VpcId\":\"vpc-0fa96564\",\"Description\":\"launch-wizard-11 created 2023-08-02T13:01:17.674Z\",\"GroupId\":\"sg-0917bcfaddd81a5f0\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}]},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0917bcfaddd81a5f0\",\"sg-0917bcfaddd81a5f0\"],\"name\":\"launch-wizard-11\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0917bcfaddd81a5f0\",\"sg-0917bcfaddd81a5f0\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0917bcfaddd81a5f0\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03749da7d65b507d6\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03749da7d65b507d6\",\"Description\":\"launch-wizard-2 created 2022-05-02T12:16:47.078Z\",\"GroupId\":\"sg-03749da7d65b507d6\",\"GroupName\":\"launch-wizard-2\",\"OwnerId\":\"704479110758\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"Tags\":null,\"VpcId\":\"vpc-0fa96564\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03749da7d65b507d6\",\"sg-03749da7d65b507d6\"],\"name\":\"launch-wizard-2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-03749da7d65b507d6\",\"sg-03749da7d65b507d6\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0f0b58b4b2e51dbe0\",\"sg-0f0b58b4b2e51dbe0\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0f0b58b4b2e51dbe0\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"ec2group1\",\"IpPermissions\":[],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0f0b58b4b2e51dbe0\",\"Tags\":null,\"VpcId\":\"vpc-0fa96564\",\"Description\":\"ec2group1\",\"GroupId\":\"sg-0f0b58b4b2e51dbe0\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0f0b58b4b2e51dbe0\",\"sg-0f0b58b4b2e51dbe0\"],\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0db1daed05772c1a1\",\"sg-0db1daed05772c1a1\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0db1daed05772c1a1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-7\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0db1daed05772c1a1\",\"Tags\":null,\"Description\":\"launch-wizard created 2023-03-28T08:46:01.476Z\",\"GroupId\":\"sg-0db1daed05772c1a1\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-0fa96564\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0db1daed05772c1a1\",\"sg-0db1daed05772c1a1\"],\"name\":\"launch-wizard-7\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-08357d8bd7b80fc4c\",\"sg-08357d8bd7b80fc4c\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-08357d8bd7b80fc4c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-08357d8bd7b80fc4c\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":80,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":80},{\"FromPort\":3,\"IpProtocol\":\"icmp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":4,\"UserIdGroupPairs\":[]},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-09b1bd8bbf4508a52\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/EKS-Elastic-agent-demo\",\"Value\":\"owned\"}],\"Description\":\"Security group for Kubernetes ELB adda9cdc89b13452e92d48be46858d37 (default/ingress-nginx-controller)\",\"GroupName\":\"k8s-elb-adda9cdc89b13452e92d48be46858d37\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-08357d8bd7b80fc4c\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-08357d8bd7b80fc4c\",\"sg-08357d8bd7b80fc4c\"],\"name\":\"k8s-elb-adda9cdc89b13452e92d48be46858d37\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-09b1bd8bbf4508a52\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-020cdd7229dbeea19\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-0fa96564\",\"GroupName\":\"launch-wizard-9\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-9 created 2023-03-29T10:03:35.665Z\",\"GroupId\":\"sg-020cdd7229dbeea19\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-020cdd7229dbeea19\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-020cdd7229dbeea19\",\"sg-020cdd7229dbeea19\"],\"name\":\"launch-wizard-9\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-020cdd7229dbeea19\",\"sg-020cdd7229dbeea19\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0618281fb17db58ad\",\"sg-0618281fb17db58ad\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0618281fb17db58ad\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0618281fb17db58ad\",\"Tags\":null,\"Description\":\"launch-wizard-8 created 2023-03-28T10:34:38.367Z\",\"GroupName\":\"launch-wizard-8\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-0fa96564\",\"GroupId\":\"sg-0618281fb17db58ad\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0618281fb17db58ad\",\"sg-0618281fb17db58ad\"],\"name\":\"launch-wizard-8\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0681a4af5f6147239\",\"sg-0681a4af5f6147239\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0681a4af5f6147239\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-13 created 2024-01-08T12:18:24.295Z\",\"GroupId\":\"sg-0681a4af5f6147239\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0681a4af5f6147239\",\"Tags\":null,\"GroupName\":\"launch-wizard-13\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"VpcId\":\"vpc-0fa96564\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0681a4af5f6147239\",\"sg-0681a4af5f6147239\"],\"name\":\"launch-wizard-13\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\"},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a5d61e413291b5bd\",\"sg-0a5d61e413291b5bd\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a5d61e413291b5bd\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"VpcId\":\"vpc-0fa96564\",\"GroupId\":\"sg-0a5d61e413291b5bd\",\"GroupName\":\"launch-wizard-15\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"Tags\":null,\"Description\":\"launch-wizard-15 created 2024-04-03T05:59:43.872Z\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a5d61e413291b5bd\"},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:security-group/sg-0a5d61e413291b5bd\",\"sg-0a5d61e413291b5bd\"],\"name\":\"launch-wizard-15\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-0f4f062f884aef257\",\"sg-0f4f062f884aef257\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-0f4f062f884aef257\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-2 created 2024-02-14T07:48:31.936Z\",\"GroupName\":\"launch-wizard-2\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"VpcId\":\"vpc-f6816890\",\"GroupId\":\"sg-0f4f062f884aef257\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-0f4f062f884aef257\"},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-0f4f062f884aef257\",\"sg-0f4f062f884aef257\"],\"name\":\"launch-wizard-2\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"ec2group\",\"GroupId\":\"sg-027f8d1cbebf60f6d\",\"GroupName\":\"ec2group\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-027f8d1cbebf60f6d\",\"Tags\":null,\"VpcId\":\"vpc-f6816890\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-027f8d1cbebf60f6d\",\"sg-027f8d1cbebf60f6d\"],\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-027f8d1cbebf60f6d\",\"sg-027f8d1cbebf60f6d\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-027f8d1cbebf60f6d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"id\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-07fd7ac23d0966c22\",\"sg-07fd7ac23d0966c22\"],\"name\":\"launch-wizard-1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-1 created 2023-09-05T15:52:14.261Z\",\"GroupName\":\"launch-wizard-1\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"GroupId\":\"sg-07fd7ac23d0966c22\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-07fd7ac23d0966c22\",\"Tags\":null,\"VpcId\":\"vpc-f6816890\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-07fd7ac23d0966c22\",\"sg-07fd7ac23d0966c22\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-07fd7ac23d0966c22\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-8e141efe\",\"sg-8e141efe\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-8e141efe\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-f6816890\",\"Description\":\"default VPC security group\",\"GroupName\":\"default\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-8e141efe\",\"GroupId\":\"sg-8e141efe\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-8e141efe\"}]}],\"Tags\":null},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-8e141efe\",\"sg-8e141efe\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-01f73bed7ac9895fc\",\"sg-01f73bed7ac9895fc\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-01f73bed7ac9895fc\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"ec2group12\",\"GroupId\":\"sg-01f73bed7ac9895fc\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-01f73bed7ac9895fc\",\"Tags\":null,\"GroupName\":\"ec2group12\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-f6816890\"},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-01f73bed7ac9895fc\",\"sg-01f73bed7ac9895fc\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"region\":\"us-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-02848b9199d6269be\",\"sg-02848b9199d6269be\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-02848b9199d6269be\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-02848b9199d6269be\",\"Tags\":null,\"Description\":\"launch-wizard-3 created 2024-02-21T09:41:08.080Z\",\"GroupName\":\"launch-wizard-3\",\"VpcId\":\"vpc-f6816890\",\"GroupId\":\"sg-02848b9199d6269be\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-02848b9199d6269be\",\"sg-02848b9199d6269be\"],\"name\":\"launch-wizard-3\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-0bb763aa765b8df53\",\"sg-0bb763aa765b8df53\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-0bb763aa765b8df53\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0bb763aa765b8df53\",\"GroupName\":\"launch-wizard-4\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-f6816890\",\"Description\":\"launch-wizard-4 created 2024-02-21T09:41:42.676Z\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-0bb763aa765b8df53\"},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-0bb763aa765b8df53\",\"sg-0bb763aa765b8df53\"],\"name\":\"launch-wizard-4\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-05312ee0f50f52282\",\"sg-05312ee0f50f52282\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-05312ee0f50f52282\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"id\":[\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-05312ee0f50f52282\",\"sg-05312ee0f50f52282\"],\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"ec2group1\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-1:704479110758:security-group/sg-05312ee0f50f52282\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":null,\"VpcId\":\"vpc-f6816890\",\"GroupId\":\"sg-05312ee0f50f52282\",\"GroupName\":\"ec2group1\",\"IpPermissions\":[]}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-01c057203abdc2d47\",\"sg-01c057203abdc2d47\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-01c057203abdc2d47\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"ec2group1\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-36a1394e\",\"GroupId\":\"sg-01c057203abdc2d47\",\"GroupName\":\"ec2group1\",\"IpPermissions\":[],\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-01c057203abdc2d47\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-01c057203abdc2d47\",\"sg-01c057203abdc2d47\"],\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0f1bcb6c9f518a248\",\"sg-0f1bcb6c9f518a248\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0f1bcb6c9f518a248\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-3 created 2024-10-18T18:45:28.561Z\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"VpcId\":\"vpc-36a1394e\",\"GroupId\":\"sg-0f1bcb6c9f518a248\",\"GroupName\":\"launch-wizard-3\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0f1bcb6c9f518a248\",\"Tags\":null},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0f1bcb6c9f518a248\",\"sg-0f1bcb6c9f518a248\"],\"name\":\"launch-wizard-3\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0b9a7eeea55cd2485\",\"sg-0b9a7eeea55cd2485\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0b9a7eeea55cd2485\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0b9a7eeea55cd2485\",\"sg-0b9a7eeea55cd2485\"],\"name\":\"launch-wizard-13\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-13 created 2024-11-06T17:34:37.992Z\",\"GroupName\":\"launch-wizard-13\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"GroupId\":\"sg-0b9a7eeea55cd2485\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[],\"FromPort\":443}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0b9a7eeea55cd2485\",\"Tags\":null,\"VpcId\":\"vpc-36a1394e\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-5\",\"Tags\":null,\"VpcId\":\"vpc-36a1394e\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-056115801a45a367e\",\"Description\":\"launch-wizard-5 created 2024-10-23T20:38:25.990Z\",\"GroupId\":\"sg-056115801a45a367e\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}]},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-056115801a45a367e\",\"sg-056115801a45a367e\"],\"name\":\"launch-wizard-5\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-056115801a45a367e\",\"sg-056115801a45a367e\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-056115801a45a367e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-0180a1dc90512f144\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0fab596cbf632870f\",\"sg-0fab596cbf632870f\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0fab596cbf632870f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":null,\"VpcId\":\"vpc-0180a1dc90512f144\",\"GroupName\":\"default\",\"IpPermissions\":[{\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-0fab596cbf632870f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0fab596cbf632870f\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-0fab596cbf632870f\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0fab596cbf632870f\",\"sg-0fab596cbf632870f\"],\"name\":\"default\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-034e94f81e50ceb1e\",\"sg-034e94f81e50ceb1e\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-034e94f81e50ceb1e\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"raw\":{\"Tags\":null,\"GroupId\":\"sg-034e94f81e50ceb1e\",\"GroupName\":\"launch-wizard-2\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-034e94f81e50ceb1e\",\"VpcId\":\"vpc-36a1394e\",\"Description\":\"launch-wizard-2 created 2024-08-09T06:55:24.168Z\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}]},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-034e94f81e50ceb1e\",\"sg-034e94f81e50ceb1e\"],\"name\":\"launch-wizard-2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0e936a20669029c9c\",\"sg-0e936a20669029c9c\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0e936a20669029c9c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-1\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-36a1394e\",\"Description\":\"launch-wizard-1 created 2024-04-29T20:13:32.597Z\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0e936a20669029c9c\",\"Tags\":null,\"GroupId\":\"sg-0e936a20669029c9c\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0e936a20669029c9c\",\"sg-0e936a20669029c9c\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"name\":\"launch-wizard-8\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-02dc68e5abb998260\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02dc68e5abb998260\",\"Tags\":null,\"VpcId\":\"vpc-36a1394e\",\"Description\":\"launch-wizard-8 created 2024-10-30T19:18:42.480Z\",\"GroupName\":\"launch-wizard-8\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02dc68e5abb998260\",\"sg-02dc68e5abb998260\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02dc68e5abb998260\",\"sg-02dc68e5abb998260\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02dc68e5abb998260\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-021b66756506f96fb\",\"sg-021b66756506f96fb\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-021b66756506f96fb\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-021b66756506f96fb\",\"Tags\":null,\"GroupId\":\"sg-021b66756506f96fb\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":80,\"UserIdGroupPairs\":[],\"FromPort\":80,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"201.203.6.234/32\",\"Description\":null}]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":8080,\"UserIdGroupPairs\":[],\"FromPort\":8080,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"201.203.6.234/32\"}]},{\"FromPort\":9999,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"201.203.6.234/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":9999,\"UserIdGroupPairs\":[]},{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"201.203.6.234/32\",\"Description\":null}],\"Ipv6Ranges\":[]},{\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-0180a1dc90512f144\",\"Description\":\"Allow inbound SSH and HTTP access\",\"GroupName\":\"aws-reinvent-2024-pwncloud-public-security-group-f934c03f\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-021b66756506f96fb\",\"sg-021b66756506f96fb\"],\"name\":\"aws-reinvent-2024-pwncloud-public-security-group-f934c03f\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0180a1dc90512f144\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0195d033368a43696\",\"sg-0195d033368a43696\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0195d033368a43696\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Block incoming traffic\",\"GroupId\":\"sg-0195d033368a43696\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"name\",\"Value\":\"tin-cnvm-host-creation\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"},{\"Key\":\"project\",\"Value\":\"AWS re:Invent Demo\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"tin-cdr-demo-cnvm-deploy\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/tin-cdr-demo-cnvm-deploy/63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\"}],\"VpcId\":\"vpc-36a1394e\",\"GroupName\":\"elastic-agent-security-group-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0195d033368a43696\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0195d033368a43696\",\"sg-0195d033368a43696\"],\"name\":\"elastic-agent-security-group-63cfb1a0-91a2-11ef-8db4-0664b9aefb3f\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-063f67e6d1e8397e4\",\"sg-063f67e6d1e8397e4\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-063f67e6d1e8397e4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"elastic-agent-security-group-63f7b220-8d67-11ef-9f4c-067d0aea149f\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-063f67e6d1e8397e4\",\"Description\":\"Block incoming traffic\",\"GroupId\":\"sg-063f67e6d1e8397e4\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":[{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/cnvm-deploy-2/63f7b220-8d67-11ef-9f4c-067d0aea149f\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"cnvm-deploy-2\"}],\"VpcId\":\"vpc-36a1394e\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-063f67e6d1e8397e4\",\"sg-063f67e6d1e8397e4\"],\"name\":\"elastic-agent-security-group-63f7b220-8d67-11ef-9f4c-067d0aea149f\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-039bc1a54f17e2d3b\",\"sg-039bc1a54f17e2d3b\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-039bc1a54f17e2d3b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-36a1394e\",\"Description\":\"launch-wizard-11 created 2024-11-06T11:21:44.426Z\",\"GroupName\":\"launch-wizard-11\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-039bc1a54f17e2d3b\",\"GroupId\":\"sg-039bc1a54f17e2d3b\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-039bc1a54f17e2d3b\",\"sg-039bc1a54f17e2d3b\"],\"name\":\"launch-wizard-11\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-36a1394e\",\"Description\":\"ec2group\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0ccb3b0d997ff90dc\",\"GroupId\":\"sg-0ccb3b0d997ff90dc\",\"GroupName\":\"ec2group\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0ccb3b0d997ff90dc\",\"sg-0ccb3b0d997ff90dc\"],\"name\":\"ec2group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0ccb3b0d997ff90dc\",\"sg-0ccb3b0d997ff90dc\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0ccb3b0d997ff90dc\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Description\":\"Block incoming traffic\",\"GroupName\":\"elastic-agent-security-group-b6825a40-9c44-11ef-b077-0a7b4e013dbd\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0b6f928505d13494c\",\"Tags\":[{\"Value\":\"cnvm-deployment-eah-demo\",\"Key\":\"name\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/cnvm-eah-demo-deploy/b6825a40-9c44-11ef-b077-0a7b4e013dbd\"},{\"Value\":\"ElasticAgentSecurityGroup\",\"Key\":\"aws:cloudformation:logical-id\"},{\"Key\":\"project\",\"Value\":\"eah-demo\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"cnvm-eah-demo-deploy\"},{\"Value\":\"engineering\",\"Key\":\"division\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"team\",\"Value\":\"cloud-security\"}],\"VpcId\":\"vpc-36a1394e\",\"GroupId\":\"sg-0b6f928505d13494c\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0b6f928505d13494c\",\"sg-0b6f928505d13494c\"],\"name\":\"elastic-agent-security-group-b6825a40-9c44-11ef-b077-0a7b4e013dbd\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0b6f928505d13494c\",\"sg-0b6f928505d13494c\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0b6f928505d13494c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-08cfc0c23c2c819c4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Security group for all nodes in the nodeGroup to allow SSH access\",\"GroupName\":\"eks-remoteAccess-7ac95e1a-9954-4821-8641-1effa5718724\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-08cfc0c23c2c819c4\",\"GroupId\":\"sg-08cfc0c23c2c819c4\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"eks:nodegroup-name\",\"Value\":\"e2e-cdr-demo-falco-k8s-node\"},{\"Key\":\"eks\",\"Value\":\"e2e-cdr-demo-falco-k8s-node\"}],\"VpcId\":\"vpc-36a1394e\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-08cfc0c23c2c819c4\",\"sg-08cfc0c23c2c819c4\"],\"name\":\"eks-remoteAccess-7ac95e1a-9954-4821-8641-1effa5718724\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-08cfc0c23c2c819c4\",\"sg-08cfc0c23c2c819c4\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0be0988f8b09ddb77\",\"sg-0be0988f8b09ddb77\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0be0988f8b09ddb77\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0be0988f8b09ddb77\",\"sg-0be0988f8b09ddb77\"],\"name\":\"launch-wizard-10\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0be0988f8b09ddb77\",\"VpcId\":\"vpc-36a1394e\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"launch-wizard-10 created 2024-11-05T21:32:08.094Z\",\"GroupId\":\"sg-0be0988f8b09ddb77\",\"GroupName\":\"launch-wizard-10\"}},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"ec2group12\",\"GroupId\":\"sg-0d4049e70466a8cc1\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-36a1394e\",\"GroupName\":\"ec2group12\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0d4049e70466a8cc1\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0d4049e70466a8cc1\",\"sg-0d4049e70466a8cc1\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0d4049e70466a8cc1\",\"sg-0d4049e70466a8cc1\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0d4049e70466a8cc1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-070ad4e302ba26b39\",\"sg-070ad4e302ba26b39\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-070ad4e302ba26b39\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-36a1394e\",\"GroupId\":\"sg-070ad4e302ba26b39\",\"GroupName\":\"launch-wizard-4\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-070ad4e302ba26b39\",\"Description\":\"launch-wizard-4 created 2024-10-23T20:36:03.580Z\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}]},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-070ad4e302ba26b39\",\"sg-070ad4e302ba26b39\"],\"name\":\"launch-wizard-4\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-035ac0cfb33c18ca6\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-36a1394e\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-035ac0cfb33c18ca6\",\"Tags\":[{\"Value\":\"ElasticAgentSecurityGroup\",\"Key\":\"aws:cloudformation:logical-id\"},{\"Value\":\"cnvm-region-BC1\",\"Key\":\"aws:cloudformation:stack-name\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-west-2:704479110758:stack/cnvm-region-BC1/4dfb5900-03fa-11ef-b226-0a9c50dbbe7f\"}],\"Description\":\"Allow SSH from anywhere\",\"GroupId\":\"sg-035ac0cfb33c18ca6\",\"GroupName\":\"elastic-agent-security-group-4dfb5900-03fa-11ef-b226-0a9c50dbbe7f\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-035ac0cfb33c18ca6\",\"sg-035ac0cfb33c18ca6\"],\"name\":\"elastic-agent-security-group-4dfb5900-03fa-11ef-b226-0a9c50dbbe7f\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-035ac0cfb33c18ca6\",\"sg-035ac0cfb33c18ca6\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0739ee4615aae0062\",\"sg-0739ee4615aae0062\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0739ee4615aae0062\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0739ee4615aae0062\",\"Tags\":null,\"Description\":\"launch-wizard-7 created 2024-10-25T17:06:50.057Z\",\"GroupId\":\"sg-0739ee4615aae0062\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-36a1394e\",\"GroupName\":\"launch-wizard-7\",\"IpPermissions\":[{\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-0739ee4615aae0062\",\"sg-0739ee4615aae0062\"],\"name\":\"launch-wizard-7\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-077c1bd6aad1d5732\",\"sg-077c1bd6aad1d5732\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-077c1bd6aad1d5732\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-077c1bd6aad1d5732\",\"sg-077c1bd6aad1d5732\"],\"name\":\"launch-wizard-6\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-6\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":null,\"GroupId\":\"sg-077c1bd6aad1d5732\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-077c1bd6aad1d5732\",\"VpcId\":\"vpc-36a1394e\",\"Description\":\"launch-wizard-6 created 2024-10-25T00:03:41.171Z\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02233909779b23ce1\",\"sg-02233909779b23ce1\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02233909779b23ce1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-02233909779b23ce1\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02233909779b23ce1\",\"VpcId\":\"vpc-36a1394e\",\"GroupName\":\"eks-cluster-sg-e2e-cdr-demo-k8s-1011743187\",\"IpPermissions\":[{\"ToPort\":null,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-02233909779b23ce1\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-e2e-cdr-demo-k8s-1011743187\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"e2e-cdr-demo-k8s\"},{\"Key\":\"kubernetes.io/cluster/e2e-cdr-demo-k8s\",\"Value\":\"owned\"}]},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02233909779b23ce1\",\"sg-02233909779b23ce1\"],\"name\":\"eks-cluster-sg-e2e-cdr-demo-k8s-1011743187\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-5d017206\",\"sg-5d017206\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-5d017206\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"GroupName\":\"default\",\"IpPermissions\":[{\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-5d017206\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-5d017206\",\"Tags\":null,\"VpcId\":\"vpc-36a1394e\",\"GroupId\":\"sg-5d017206\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-5d017206\",\"sg-5d017206\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-0180a1dc90512f144\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-00f4faadccd8faeba\",\"sg-00f4faadccd8faeba\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-00f4faadccd8faeba\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-00f4faadccd8faeba\",\"sg-00f4faadccd8faeba\"],\"name\":\"aws-reinvent-2024-pwncloud-private-security-group-f934c03f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"10.0.1.0/24\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"Allow all inbound and outbound traffic for private EC2 instance\",\"GroupName\":\"aws-reinvent-2024-pwncloud-private-security-group-f934c03f\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-00f4faadccd8faeba\",\"VpcId\":\"vpc-0180a1dc90512f144\",\"GroupId\":\"sg-00f4faadccd8faeba\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}]}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02bcac1e2159394c9\",\"sg-02bcac1e2159394c9\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02bcac1e2159394c9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-9 created 2024-11-05T21:09:02.461Z\",\"GroupId\":\"sg-02bcac1e2159394c9\",\"GroupName\":\"launch-wizard-9\",\"VpcId\":\"vpc-36a1394e\",\"Tags\":null,\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02bcac1e2159394c9\"},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02bcac1e2159394c9\",\"sg-02bcac1e2159394c9\"],\"name\":\"launch-wizard-9\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02b1ba689936cb3b3\",\"sg-02b1ba689936cb3b3\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02b1ba689936cb3b3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02b1ba689936cb3b3\",\"sg-02b1ba689936cb3b3\"],\"name\":\"launch-wizard-12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:us-west-2:704479110758:security-group/sg-02b1ba689936cb3b3\",\"Tags\":null,\"VpcId\":\"vpc-36a1394e\",\"GroupId\":\"sg-02b1ba689936cb3b3\",\"GroupName\":\"launch-wizard-12\",\"Description\":\"launch-wizard-12 created 2024-11-06T11:24:02.128Z\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0e3dfbc70613704b2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"ec2group12\",\"GroupId\":\"sg-0e3dfbc70613704b2\",\"Tags\":null,\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0e3dfbc70613704b2\",\"VpcId\":\"vpc-f7181690\",\"GroupName\":\"ec2group12\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0e3dfbc70613704b2\",\"sg-0e3dfbc70613704b2\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"sa-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-f7181690\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0e3dfbc70613704b2\",\"sg-0e3dfbc70613704b2\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0a1b29738335e1651\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"VpcId\":\"vpc-f7181690\",\"Description\":\"ec2group1\",\"GroupId\":\"sg-0a1b29738335e1651\",\"GroupName\":\"ec2group1\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0a1b29738335e1651\",\"Tags\":null,\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0a1b29738335e1651\",\"sg-0a1b29738335e1651\"],\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"sa-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-f7181690\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0a1b29738335e1651\",\"sg-0a1b29738335e1651\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-df30b9a0\",\"sg-df30b9a0\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-df30b9a0\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-df30b9a0\",\"GroupName\":\"default\",\"IpPermissions\":[],\"IpPermissionsEgress\":[],\"VpcId\":\"vpc-f7181690\",\"Description\":\"default VPC security group\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-df30b9a0\",\"Tags\":[{\"Key\":\"test_aws\",\"Value\":\"\"}]},\"id\":[\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-df30b9a0\",\"sg-df30b9a0\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"sa-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-f7181690\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0c225324b21056222\",\"sg-0c225324b21056222\"],\"entity.metadata\":{\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0c225324b21056222\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0c225324b21056222\",\"VpcId\":\"vpc-f7181690\",\"Description\":\"ec2group\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-0c225324b21056222\",\"GroupName\":\"ec2group\",\"IpPermissions\":[]},\"id\":[\"arn:aws:ec2:sa-east-1:704479110758:security-group/sg-0c225324b21056222\",\"sg-0c225324b21056222\"],\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"sa-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-f7181690\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-3e76af55\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-07b677b6a3580720d\",\"sg-07b677b6a3580720d\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-07b677b6a3580720d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Description\":\"ec2group\",\"Tags\":null,\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-07b677b6a3580720d\",\"VpcId\":\"vpc-3e76af55\",\"GroupId\":\"sg-07b677b6a3580720d\",\"GroupName\":\"ec2group\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}]},\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-07b677b6a3580720d\",\"sg-07b677b6a3580720d\"],\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-56036834\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-56036834\",\"Tags\":null,\"GroupId\":\"sg-56036834\",\"GroupName\":\"default\",\"VpcId\":\"vpc-3e76af55\",\"Description\":\"default VPC security group\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-56036834\",\"sg-56036834\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-3e76af55\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-56036834\",\"sg-56036834\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-56036834\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-0fa630e8ea23339d5\",\"sg-0fa630e8ea23339d5\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-0fa630e8ea23339d5\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"ec2group12\",\"GroupId\":\"sg-0fa630e8ea23339d5\",\"GroupName\":\"ec2group12\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-3e76af55\",\"IpPermissions\":[],\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-0fa630e8ea23339d5\",\"Tags\":null},\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-0fa630e8ea23339d5\",\"sg-0fa630e8ea23339d5\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-3e76af55\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-05e471c6df1f2fffa\",\"sg-05e471c6df1f2fffa\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-05e471c6df1f2fffa\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-3e76af55\",\"GroupId\":\"sg-05e471c6df1f2fffa\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-05e471c6df1f2fffa\",\"Tags\":null,\"Description\":\"ec2group1\",\"GroupName\":\"ec2group1\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:security-group/sg-05e471c6df1f2fffa\",\"sg-05e471c6df1f2fffa\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-3e76af55\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08d8875ca6fe8c572\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"DESCRIPTION\",\"GroupId\":\"sg-08d8875ca6fe8c572\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":14325,\"UserIdGroupPairs\":[],\"FromPort\":14325}],\"Tags\":null,\"GroupName\":\"vuls-sg-14325\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08d8875ca6fe8c572\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08d8875ca6fe8c572\",\"sg-08d8875ca6fe8c572\"],\"name\":\"vuls-sg-14325\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08d8875ca6fe8c572\",\"sg-08d8875ca6fe8c572\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05e4de7aa46b9fcb1\",\"sg-05e4de7aa46b9fcb1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05e4de7aa46b9fcb1\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-2\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-05e4de7aa46b9fcb1\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05e4de7aa46b9fcb1\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-2 created 2021-03-17T15:59:42.455+02:00\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05e4de7aa46b9fcb1\",\"sg-05e4de7aa46b9fcb1\"],\"name\":\"launch-wizard-2\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"tags\":null,\"raw\":{\"GroupId\":\"sg-03684444944ec5687\",\"GroupName\":\"Bastion-sg\",\"Description\":\"sg for the bastion host for internal aws cli\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"93.172.2.168/32\",\"Description\":\"arkady home\"},{\"CidrIp\":\"77.137.8.226/32\",\"Description\":\"main office\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03684444944ec5687\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03684444944ec5687\",\"sg-03684444944ec5687\"],\"name\":\"Bastion-sg\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03684444944ec5687\",\"sg-03684444944ec5687\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03684444944ec5687\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d45eb315fadb2fca\",\"sg-0d45eb315fadb2fca\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d45eb315fadb2fca\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"GroupId\":\"sg-0d45eb315fadb2fca\",\"GroupName\":\"launch-wizard-44\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d45eb315fadb2fca\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-44 created 2023-04-21T16:17:05.475Z\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d45eb315fadb2fca\",\"sg-0d45eb315fadb2fca\"],\"name\":\"launch-wizard-44\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05b591eb19be77ff8\",\"sg-05b591eb19be77ff8\"],\"name\":\"eks-cluster-sg-oleg-3413823\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"oleg\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-oleg-3413823\"},{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/oleg\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-05b591eb19be77ff8\",\"GroupName\":\"eks-cluster-sg-oleg-3413823\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"IpPermissions\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05b591eb19be77ff8\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05b591eb19be77ff8\",\"sg-05b591eb19be77ff8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05b591eb19be77ff8\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-062a0b1c3aff29db3\",\"sg-062a0b1c3aff29db3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-062a0b1c3aff29db3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":[{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"\"},{\"Key\":\"previsioner\",\"Value\":\"tarraform\"},{\"Value\":\"light-gannet\",\"Key\":\"id\"},{\"Key\":\"owner\",\"Value\":\"\"}],\"Description\":\"Managed by Terraform\",\"GroupName\":\"terraform-20230221155022817600000001\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-062a0b1c3aff29db3\",\"GroupId\":\"sg-062a0b1c3aff29db3\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-062a0b1c3aff29db3\",\"sg-062a0b1c3aff29db3\"],\"name\":\"terraform-20230221155022817600000001\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0abb4b6ca01ae62bc\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"Allow SSH from anywhere\",\"GroupName\":\"elastic-agent-security-group-e3232840-169e-11ee-9e02-06c2e6c532ff\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0abb4b6ca01ae62bc\",\"GroupId\":\"sg-0abb4b6ca01ae62bc\",\"Tags\":[{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"LiveEnvironmentTracking\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"},{\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/LiveEnvironmentTracking/e3232840-169e-11ee-9e02-06c2e6c532ff\",\"Key\":\"aws:cloudformation:stack-id\"}],\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0abb4b6ca01ae62bc\",\"sg-0abb4b6ca01ae62bc\"],\"name\":\"elastic-agent-security-group-e3232840-169e-11ee-9e02-06c2e6c532ff\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0abb4b6ca01ae62bc\",\"sg-0abb4b6ca01ae62bc\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f5c10e0b0af8cd2f\",\"sg-0f5c10e0b0af8cd2f\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f5c10e0b0af8cd2f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}]}],\"IpPermissionsEgress\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f5c10e0b0af8cd2f\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0f5c10e0b0af8cd2f\",\"GroupName\":\"cloudbeat-tf-AhU_120230110154206542000000003\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-05dd3a849e821fafc\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f5c10e0b0af8cd2f\",\"sg-0f5c10e0b0af8cd2f\"],\"name\":\"cloudbeat-tf-AhU_120230110154206542000000003\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c088e9e07ab62035\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-75 created 2023-09-19T12:22:31.593Z\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c088e9e07ab62035\",\"GroupId\":\"sg-0c088e9e07ab62035\",\"GroupName\":\"launch-wizard-75\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c088e9e07ab62035\",\"sg-0c088e9e07ab62035\"],\"name\":\"launch-wizard-75\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c088e9e07ab62035\",\"sg-0c088e9e07ab62035\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-022f2c1c1162d5efc\",\"sg-022f2c1c1162d5efc\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-022f2c1c1162d5efc\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-022f2c1c1162d5efc\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-022f2c1c1162d5efc\",\"GroupName\":\"eks-cluster-sg-simpleclustersdf-1077548243\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-simpleclustersdf-1077548243\"},{\"Value\":\"simpleclustersdf\",\"Key\":\"aws:eks:cluster-name\"},{\"Key\":\"kubernetes.io/cluster/simpleclustersdf\",\"Value\":\"owned\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-022f2c1c1162d5efc\",\"sg-022f2c1c1162d5efc\"],\"name\":\"eks-cluster-sg-simpleclustersdf-1077548243\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.092+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dd67cbcedfb2ea60\",\"sg-0dd67cbcedfb2ea60\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dd67cbcedfb2ea60\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"Description\":\"EKS node shared security group\",\"GroupId\":\"sg-0dd67cbcedfb2ea60\",\"GroupName\":\"test-env-ci-tf-node-20230620162415421200000006\",\"IpPermissionsEgress\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0dd67cbcedfb2ea60\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\"},{\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0dd67cbcedfb2ea60\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53},{\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-09acb419f5b35e0c7\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dd67cbcedfb2ea60\",\"Tags\":[{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/test-env-ci-tf\"},{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-node\"}],\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-09acb419f5b35e0c7\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0dd67cbcedfb2ea60\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0dd67cbcedfb2ea60\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\"}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-09acb419f5b35e0c7\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dd67cbcedfb2ea60\",\"sg-0dd67cbcedfb2ea60\"],\"name\":\"test-env-ci-tf-node-20230620162415421200000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dfc0ca778cd527c9\",\"sg-0dfc0ca778cd527c9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dfc0ca778cd527c9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"GroupId\":\"sg-0dfc0ca778cd527c9\",\"GroupName\":\"default\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-0dfc0ca778cd527c9\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dfc0ca778cd527c9\",\"VpcId\":\"vpc-0a2008710cab48539\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dfc0ca778cd527c9\",\"sg-0dfc0ca778cd527c9\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-0a2008710cab48539\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08cc34a02658d54b2\",\"sg-08cc34a02658d54b2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08cc34a02658d54b2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-19\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-08cc34a02658d54b2\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08cc34a02658d54b2\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-19 created 2023-01-24T10:39:00.423Z\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Tags\":null,\"GroupName\":\"launch-wizard-19\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08cc34a02658d54b2\",\"sg-08cc34a02658d54b2\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0690a8f93844ad49e\",\"sg-0690a8f93844ad49e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0690a8f93844ad49e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"cloudbeat-tf-Gfp_220221228114838579500000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0690a8f93844ad49e\",\"GroupName\":\"cloudbeat-tf-Gfp_220221228114838579500000002\",\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"Managed by Terraform\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0690a8f93844ad49e\",\"VpcId\":\"vpc-0de5d19ac894b58c9\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0690a8f93844ad49e\",\"sg-0690a8f93844ad49e\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05775b247b74abb81\",\"sg-05775b247b74abb81\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05775b247b74abb81\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"default\",\"Tags\":null,\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05775b247b74abb81\",\"VpcId\":\"vpc-0b5ada4550b941390\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-05775b247b74abb81\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-05775b247b74abb81\",\"GroupName\":null}]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05775b247b74abb81\",\"sg-05775b247b74abb81\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-0b5ada4550b941390\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ddff29e676c3933a\",\"sg-0ddff29e676c3933a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ddff29e676c3933a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"GroupName\":\"default\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-02190da3c759732a9\",\"GroupId\":\"sg-0ddff29e676c3933a\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-0ddff29e676c3933a\"}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ddff29e676c3933a\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ddff29e676c3933a\",\"sg-0ddff29e676c3933a\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d553fcbd0fe8ce91\",\"sg-0d553fcbd0fe8ce91\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d553fcbd0fe8ce91\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupId\":\"sg-0d553fcbd0fe8ce91\",\"IpPermissionsEgress\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0d553fcbd0fe8ce91\"}],\"FromPort\":53,\"IpProtocol\":\"udp\"},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0d553fcbd0fe8ce91\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpRanges\":[{\"Description\":\"Egress all HTTPS to internet\",\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-02b28e41eef10ad38\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\"},{\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-0096efe3aab3734db\",\"Description\":\"EKS node shared security group\",\"GroupName\":\"kfir-qa-project-node-20240404150208423200000004\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-02b28e41eef10ad38\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0d553fcbd0fe8ce91\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}]},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0d553fcbd0fe8ce91\"}],\"FromPort\":53,\"IpProtocol\":\"udp\"},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-02b28e41eef10ad38\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d553fcbd0fe8ce91\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/kfir-qa-project\",\"Value\":\"owned\"},{\"Value\":\"kfir-qa-project-node\",\"Key\":\"Name\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"owner\",\"Value\":\"kfirpeled\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Value\":\"kfirpeled\",\"Key\":\"project\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d553fcbd0fe8ce91\",\"sg-0d553fcbd0fe8ce91\"],\"name\":\"kfir-qa-project-node-20240404150208423200000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04a040e49debe7864\",\"sg-04a040e49debe7864\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04a040e49debe7864\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04a040e49debe7864\",\"sg-04a040e49debe7864\"],\"name\":\"launch-wizard-123\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-123 created 2024-09-10T16:10:50.660Z\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04a040e49debe7864\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-04a040e49debe7864\",\"GroupName\":\"launch-wizard-123\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}]}},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0065b4c3585561fab\",\"sg-0065b4c3585561fab\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0065b4c3585561fab\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0065b4c3585561fab\",\"sg-0065b4c3585561fab\"],\"name\":\"launch-wizard-13\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0065b4c3585561fab\",\"Description\":\"launch-wizard-13 created 2022-11-28T16:52:13.918Z\",\"GroupId\":\"sg-0065b4c3585561fab\",\"GroupName\":\"launch-wizard-13\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-94\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-94 created 2024-03-12T11:01:30.772Z\",\"GroupId\":\"sg-0c9dfc1823afc5e9a\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c9dfc1823afc5e9a\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c9dfc1823afc5e9a\",\"sg-0c9dfc1823afc5e9a\"],\"name\":\"launch-wizard-94\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c9dfc1823afc5e9a\",\"sg-0c9dfc1823afc5e9a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c9dfc1823afc5e9a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-0265091ed79292f2c\"]},\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d49a8fe5dda05287\",\"sg-0d49a8fe5dda05287\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d49a8fe5dda05287\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d49a8fe5dda05287\",\"Tags\":null,\"VpcId\":\"vpc-0265091ed79292f2c\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0d49a8fe5dda05287\",\"OwnerId\":\"704479110758\",\"GroupName\":\"amir-env6_220230628120919298000000004\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d49a8fe5dda05287\",\"sg-0d49a8fe5dda05287\"],\"name\":\"amir-env6_220230628120919298000000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b8aad1a09dc16332\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cluster-build-8-7\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-cluster-build-8-7-356159504\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"cluster-build-8-7\"}],\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupName\":\"eks-cluster-sg-cluster-build-8-7-356159504\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b8aad1a09dc16332\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0b8aad1a09dc16332\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b8aad1a09dc16332\",\"sg-0b8aad1a09dc16332\"],\"name\":\"eks-cluster-sg-cluster-build-8-7-356159504\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b8aad1a09dc16332\",\"sg-0b8aad1a09dc16332\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0aac45f19c5a84dfe\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0aac45f19c5a84dfe\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard created 2022-12-27T11:17:29.099Z\",\"GroupId\":\"sg-0aac45f19c5a84dfe\",\"GroupName\":\"launch-wizard-18\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0aac45f19c5a84dfe\",\"sg-0aac45f19c5a84dfe\"],\"name\":\"launch-wizard-18\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0aac45f19c5a84dfe\",\"sg-0aac45f19c5a84dfe\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02466d93fea01bf07\",\"sg-02466d93fea01bf07\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02466d93fea01bf07\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"Tags\":[{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"clustername\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-clustername-1140785275\"},{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/clustername\"}],\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-02466d93fea01bf07\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02466d93fea01bf07\",\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"eks-cluster-sg-clustername-1140785275\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02466d93fea01bf07\",\"sg-02466d93fea01bf07\"],\"name\":\"eks-cluster-sg-clustername-1140785275\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cc2da6bf54f4cef8\",\"sg-0cc2da6bf54f4cef8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cc2da6bf54f4cef8\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cc2da6bf54f4cef8\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-122 created 2024-08-20T15:30:49.872Z\",\"GroupName\":\"launch-wizard-122\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"GroupId\":\"sg-0cc2da6bf54f4cef8\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cc2da6bf54f4cef8\",\"sg-0cc2da6bf54f4cef8\"],\"name\":\"launch-wizard-122\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-034a5f4898ad1decb\",\"sg-034a5f4898ad1decb\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-034a5f4898ad1decb\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-25 created 2023-02-28T11:44:47.486Z\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-034a5f4898ad1decb\",\"GroupName\":\"launch-wizard-25\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-034a5f4898ad1decb\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-034a5f4898ad1decb\",\"sg-034a5f4898ad1decb\"],\"name\":\"launch-wizard-25\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-096b876096e27c763\",\"sg-096b876096e27c763\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-096b876096e27c763\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard created 2023-05-04T21:45:05.108Z\",\"GroupId\":\"sg-096b876096e27c763\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"GroupName\":\"launch-wizard-48\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-096b876096e27c763\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-096b876096e27c763\",\"sg-096b876096e27c763\"],\"name\":\"launch-wizard-48\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06e9c563b0fada21a\",\"sg-06e9c563b0fada21a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06e9c563b0fada21a\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06e9c563b0fada21a\",\"sg-06e9c563b0fada21a\"],\"name\":\"eks-cluster-sg-chime-poc-66773453\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupName\":\"eks-cluster-sg-chime-poc-66773453\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06e9c563b0fada21a\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-chime-poc-66773453\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"chime-poc\"},{\"Key\":\"kubernetes.io/cluster/chime-poc\",\"Value\":\"owned\"}],\"GroupId\":\"sg-06e9c563b0fada21a\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-6cb55a15\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b760288ab667efc\",\"sg-01b760288ab667efc\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b760288ab667efc\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-01b760288ab667efc\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b760288ab667efc\",\"Description\":\"Managed by Terraform\",\"GroupName\":\"terraform-20231224144446674100000001\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"test-environments\",\"Key\":\"project\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Value\":\"engineering\",\"Key\":\"division\"},{\"Value\":\"security\",\"Key\":\"org\"},{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-QSL\"},{\"Key\":\"id\",\"Value\":\"b9b91e94\"}],\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b760288ab667efc\",\"sg-01b760288ab667efc\"],\"name\":\"terraform-20231224144446674100000001\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"name\":\"launch-wizard-40\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-40 created 2023-04-02T08:58:14.594Z\",\"GroupId\":\"sg-0a138ab42bf1cbd94\",\"GroupName\":\"launch-wizard-40\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a138ab42bf1cbd94\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a138ab42bf1cbd94\",\"sg-0a138ab42bf1cbd94\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a138ab42bf1cbd94\",\"sg-0a138ab42bf1cbd94\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a138ab42bf1cbd94\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dd73f72c32760de2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupName\":\"cloudbeat-tf-nsZ_120230214081025187800000005\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}]}],\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-0dd73f72c32760de2\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dd73f72c32760de2\",\"Tags\":null,\"VpcId\":\"vpc-0a74788000c2f0013\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dd73f72c32760de2\",\"sg-0dd73f72c32760de2\"],\"name\":\"cloudbeat-tf-nsZ_120230214081025187800000005\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0dd73f72c32760de2\",\"sg-0dd73f72c32760de2\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06db863f6566691fb\",\"sg-06db863f6566691fb\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06db863f6566691fb\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06db863f6566691fb\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/benchmark-rules\",\"Value\":\"owned\"},{\"Key\":\"owner\",\"Value\":\"seanrathier\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"benchmark-rules\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-benchmark-rules-1482877991\"},{\"Key\":\"deployment\",\"Value\":\"benchmark-rules\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"project\",\"Value\":\"seanrathier\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"OwnerId\":\"704479110758\",\"IpPermissions\":[{\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-06db863f6566691fb\"}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-00103fb710b9960ab\",\"GroupId\":\"sg-06db863f6566691fb\",\"GroupName\":\"eks-cluster-sg-benchmark-rules-1482877991\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06db863f6566691fb\",\"sg-06db863f6566691fb\"],\"name\":\"eks-cluster-sg-benchmark-rules-1482877991\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fc29e78b2ed467d3\",\"GroupId\":\"sg-0fc29e78b2ed467d3\",\"GroupName\":\"cloudbeat-tf-SXE_220230502222555978700000005\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-0bf78569aaae50b84\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fc29e78b2ed467d3\",\"sg-0fc29e78b2ed467d3\"],\"name\":\"cloudbeat-tf-SXE_220230502222555978700000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fc29e78b2ed467d3\",\"sg-0fc29e78b2ed467d3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fc29e78b2ed467d3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05f097f7aac9d0584\",\"sg-05f097f7aac9d0584\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05f097f7aac9d0584\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-7 created 2021-06-24T13:44:49.776+03:00\",\"GroupId\":\"sg-05f097f7aac9d0584\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"launch-wizard-7\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05f097f7aac9d0584\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05f097f7aac9d0584\",\"sg-05f097f7aac9d0584\"],\"name\":\"launch-wizard-7\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ec651d5eef39e805\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-0ec651d5eef39e805\",\"GroupName\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":null,\"VpcId\":\"vpc-05dd3a849e821fafc\",\"GroupName\":\"default\",\"GroupId\":\"sg-0ec651d5eef39e805\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ec651d5eef39e805\",\"Description\":\"default VPC security group\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ec651d5eef39e805\",\"sg-0ec651d5eef39e805\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ec651d5eef39e805\",\"sg-0ec651d5eef39e805\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fd3c6a3e39ee8e8d\",\"sg-0fd3c6a3e39ee8e8d\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fd3c6a3e39ee8e8d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-56 created 2023-06-01T10:56:59.131Z\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fd3c6a3e39ee8e8d\",\"GroupId\":\"sg-0fd3c6a3e39ee8e8d\",\"GroupName\":\"launch-wizard-56\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fd3c6a3e39ee8e8d\",\"sg-0fd3c6a3e39ee8e8d\"],\"name\":\"launch-wizard-56\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05c87771526d7ef2b\",\"sg-05c87771526d7ef2b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05c87771526d7ef2b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05c87771526d7ef2b\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-05c87771526d7ef2b\",\"GroupName\":\"eks-cluster-sg-oleg-elastic-239533639\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-oleg-elastic-239533639\"},{\"Key\":\"kubernetes.io/cluster/oleg-elastic\",\"Value\":\"owned\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"oleg-elastic\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05c87771526d7ef2b\",\"sg-05c87771526d7ef2b\"],\"name\":\"eks-cluster-sg-oleg-elastic-239533639\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0894d6b414ce03952\",\"sg-0894d6b414ce03952\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0894d6b414ce03952\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0894d6b414ce03952\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0fee639f7ef71a7b7\",\"GroupName\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0fee639f7ef71a7b7\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-cluster\"}],\"VpcId\":\"vpc-0bf78569aaae50b84\",\"Description\":\"EKS cluster security group\",\"GroupName\":\"cloudbeat-tf-SXE-cluster-20230502222557195300000007\",\"IpPermissions\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-0fee639f7ef71a7b7\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0894d6b414ce03952\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0894d6b414ce03952\",\"sg-0894d6b414ce03952\"],\"name\":\"cloudbeat-tf-SXE-cluster-20230502222557195300000007\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bce824a94071691d\",\"sg-0bce824a94071691d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bce824a94071691d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard created 2023-03-06T13:48:49.721Z\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bce824a94071691d\",\"GroupId\":\"sg-0bce824a94071691d\",\"GroupName\":\"launch-wizard-28\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bce824a94071691d\",\"sg-0bce824a94071691d\"],\"name\":\"launch-wizard-28\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"raw\":{\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-0ea17fc2676a2500b\",\"GroupName\":\"elastic-agent-security-group-6409dc70-1e8b-11ef-a602-0298a85c8777\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ea17fc2676a2500b\",\"Tags\":[{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"benchmark-rules-cnvm-sanity-test-stack\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"},{\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/benchmark-rules-cnvm-sanity-test-stack/6409dc70-1e8b-11ef-a602-0298a85c8777\",\"Key\":\"aws:cloudformation:stack-id\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Block incoming traffic\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ea17fc2676a2500b\",\"sg-0ea17fc2676a2500b\"],\"name\":\"elastic-agent-security-group-6409dc70-1e8b-11ef-a602-0298a85c8777\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ea17fc2676a2500b\",\"sg-0ea17fc2676a2500b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ea17fc2676a2500b\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c119e571bfb0682b\",\"sg-0c119e571bfb0682b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c119e571bfb0682b\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-68 created 2023-07-14T09:21:51.571Z\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c119e571bfb0682b\",\"GroupId\":\"sg-0c119e571bfb0682b\",\"GroupName\":\"launch-wizard-68\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c119e571bfb0682b\",\"sg-0c119e571bfb0682b\"],\"name\":\"launch-wizard-68\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0efa1749833beec88\",\"sg-0efa1749833beec88\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0efa1749833beec88\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"GroupId\":\"sg-0efa1749833beec88\",\"IpPermissions\":[{\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-0efa1749833beec88\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0efa1749833beec88\",\"GroupName\":\"default\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-06635215f51bfd343\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0efa1749833beec88\",\"sg-0efa1749833beec88\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-06635215f51bfd343\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-65 created 2023-07-09T14:11:29.132Z\",\"GroupId\":\"sg-08ce2015ad7c68b5f\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"launch-wizard-65\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08ce2015ad7c68b5f\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08ce2015ad7c68b5f\",\"sg-08ce2015ad7c68b5f\"],\"name\":\"launch-wizard-65\",\"category\":\"infrastructure\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08ce2015ad7c68b5f\",\"sg-08ce2015ad7c68b5f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08ce2015ad7c68b5f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a2ddd700d13c66d8\",\"sg-0a2ddd700d13c66d8\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a2ddd700d13c66d8\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"GroupId\":\"sg-0a2ddd700d13c66d8\",\"GroupName\":\"cloudbeat-tf-5jA_220230111100433256300000004\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a2ddd700d13c66d8\",\"Description\":\"Managed by Terraform\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a2ddd700d13c66d8\",\"sg-0a2ddd700d13c66d8\"],\"name\":\"cloudbeat-tf-5jA_220230111100433256300000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d83ec4fadc51cb83\",\"Description\":\"EKS cluster security group\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-00463ea878d75f6a4\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-00463ea878d75f6a4\"}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-00463ea878d75f6a4\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\"}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"amir-env6-cluster\"}],\"VpcId\":\"vpc-0265091ed79292f2c\",\"GroupId\":\"sg-0d83ec4fadc51cb83\",\"GroupName\":\"amir-env6-cluster-20230628120920102600000007\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d83ec4fadc51cb83\",\"sg-0d83ec4fadc51cb83\"],\"name\":\"amir-env6-cluster-20230628120920102600000007\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0265091ed79292f2c\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d83ec4fadc51cb83\",\"sg-0d83ec4fadc51cb83\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d83ec4fadc51cb83\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-097bb01ccf44c57dc\",\"GroupName\":\"eks-cluster-sg-blackhat1-1332885877\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-blackhat1-1332885877\"},{\"Key\":\"kubernetes.io/cluster/blackhat1\",\"Value\":\"owned\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"blackhat1\"}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-097bb01ccf44c57dc\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-097bb01ccf44c57dc\",\"sg-097bb01ccf44c57dc\"],\"name\":\"eks-cluster-sg-blackhat1-1332885877\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-097bb01ccf44c57dc\",\"sg-097bb01ccf44c57dc\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-097bb01ccf44c57dc\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.342Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02f490cdc22d23827\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-02f490cdc22d23827\",\"GroupName\":\"launch-wizard-20\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"launch-wizard-20 created 2023-01-24T10:48:32.420Z\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02f490cdc22d23827\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02f490cdc22d23827\",\"sg-02f490cdc22d23827\"],\"name\":\"launch-wizard-20\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02f490cdc22d23827\",\"sg-02f490cdc22d23827\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07bf8060bfd409e48\",\"sg-07bf8060bfd409e48\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07bf8060bfd409e48\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07bf8060bfd409e48\",\"sg-07bf8060bfd409e48\"],\"name\":\"cloudbeat-tf-pEN_120221226075535597600000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-07bf8060bfd409e48\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07bf8060bfd409e48\",\"VpcId\":\"vpc-04ece708af6c9b689\",\"Tags\":null,\"Description\":\"Managed by Terraform\",\"GroupName\":\"cloudbeat-tf-pEN_120221226075535597600000004\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[]}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-086ecae50032a45b5\",\"sg-086ecae50032a45b5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-086ecae50032a45b5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-086ecae50032a45b5\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/dailyenv2\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-dailyenv2-1197490562\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"dailyenv2\"}],\"GroupName\":\"eks-cluster-sg-dailyenv2-1197490562\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-086ecae50032a45b5\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-086ecae50032a45b5\",\"sg-086ecae50032a45b5\"],\"name\":\"eks-cluster-sg-dailyenv2-1197490562\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-81 created 2023-10-11T22:15:29.878Z\",\"GroupId\":\"sg-0adcc31befc390a5c\",\"GroupName\":\"launch-wizard-81\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0adcc31befc390a5c\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0adcc31befc390a5c\",\"sg-0adcc31befc390a5c\"],\"name\":\"launch-wizard-81\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0adcc31befc390a5c\",\"sg-0adcc31befc390a5c\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0adcc31befc390a5c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-074ab4196553796df\",\"sg-074ab4196553796df\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-074ab4196553796df\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-074ab4196553796df\",\"GroupName\":\"launch-wizard-79\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-074ab4196553796df\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-79 created 2023-10-05T12:05:26.318Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-074ab4196553796df\",\"sg-074ab4196553796df\"],\"name\":\"launch-wizard-79\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e0ba2547a4bd9bea\",\"sg-0e0ba2547a4bd9bea\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e0ba2547a4bd9bea\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e0ba2547a4bd9bea\",\"Description\":\"launch-wizard-73 created 2023-09-06T14:00:27.039Z\",\"GroupId\":\"sg-0e0ba2547a4bd9bea\",\"GroupName\":\"launch-wizard-73\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e0ba2547a4bd9bea\",\"sg-0e0ba2547a4bd9bea\"],\"name\":\"launch-wizard-73\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02ebb069a9d7bf4c3\",\"sg-02ebb069a9d7bf4c3\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02ebb069a9d7bf4c3\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-06b023d1fc8665055\",\"GroupName\":\"dg-cis_120241110123325931600000005\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02ebb069a9d7bf4c3\",\"Tags\":null,\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-02ebb069a9d7bf4c3\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02ebb069a9d7bf4c3\",\"sg-02ebb069a9d7bf4c3\"],\"name\":\"dg-cis_120241110123325931600000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00376b7a10c2e3d4e\",\"sg-00376b7a10c2e3d4e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00376b7a10c2e3d4e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00376b7a10c2e3d4e\",\"sg-00376b7a10c2e3d4e\"],\"name\":\"launch-wizard-91\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00376b7a10c2e3d4e\",\"Description\":\"launch-wizard-91 created 2024-02-07T14:44:03.467Z\",\"GroupId\":\"sg-00376b7a10c2e3d4e\",\"GroupName\":\"launch-wizard-91\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[],\"FromPort\":443,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupName\":\"eks-cluster-sg-evgb-851BCTestEKSMulti-791530030\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-01793a1da72d62360\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01793a1da72d62360\",\"Tags\":[{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"evgb-851BCTestEKSMulti\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-evgb-851BCTestEKSMulti-791530030\"},{\"Key\":\"kubernetes.io/cluster/evgb-851BCTestEKSMulti\",\"Value\":\"owned\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01793a1da72d62360\",\"sg-01793a1da72d62360\"],\"name\":\"eks-cluster-sg-evgb-851BCTestEKSMulti-791530030\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01793a1da72d62360\",\"sg-01793a1da72d62360\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01793a1da72d62360\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f8f2a8c604296434\",\"sg-0f8f2a8c604296434\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f8f2a8c604296434\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f8f2a8c604296434\",\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"GroupId\":\"sg-0f8f2a8c604296434\",\"GroupName\":\"launch-wizard-80\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"launch-wizard-80 created 2023-10-06T01:56:25.665Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f8f2a8c604296434\",\"sg-0f8f2a8c604296434\"],\"name\":\"launch-wizard-80\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-08a6f6ca4b37177c5\",\"GroupName\":\"launch-wizard-125\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-125 created 2024-09-14T03:53:49.009Z\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08a6f6ca4b37177c5\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08a6f6ca4b37177c5\",\"sg-08a6f6ca4b37177c5\"],\"name\":\"launch-wizard-125\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08a6f6ca4b37177c5\",\"sg-08a6f6ca4b37177c5\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08a6f6ca4b37177c5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07305265e688d6349\",\"sg-07305265e688d6349\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07305265e688d6349\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-57 created 2023-06-01T11:00:42.958Z\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-07305265e688d6349\",\"GroupName\":\"launch-wizard-57\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07305265e688d6349\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07305265e688d6349\",\"sg-07305265e688d6349\"],\"name\":\"launch-wizard-57\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e71b97ea9da0f0f3\",\"sg-0e71b97ea9da0f0f3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e71b97ea9da0f0f3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"terraform-20240404150155363400000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"VpcId\":\"vpc-6cb55a15\",\"Tags\":[{\"Key\":\"owner\",\"Value\":\"kfirpeled\"},{\"Key\":\"project\",\"Value\":\"kfirpeled\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-bXb\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"id\",\"Value\":\"efd0d585\"}],\"GroupId\":\"sg-0e71b97ea9da0f0f3\",\"GroupName\":\"terraform-20240404150155363400000002\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e71b97ea9da0f0f3\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e71b97ea9da0f0f3\",\"sg-0e71b97ea9da0f0f3\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e80dd88e69cef351\",\"sg-0e80dd88e69cef351\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e80dd88e69cef351\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e80dd88e69cef351\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-12 created 2022-11-15T11:50:56.196Z\",\"GroupName\":\"launch-wizard-12\",\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-0e80dd88e69cef351\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e80dd88e69cef351\",\"sg-0e80dd88e69cef351\"],\"name\":\"launch-wizard-12\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03d83de6462a80949\",\"sg-03d83de6462a80949\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03d83de6462a80949\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03d83de6462a80949\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-10 created 2022-11-06T09:10:15.842Z\",\"GroupName\":\"launch-wizard-10\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"GroupId\":\"sg-03d83de6462a80949\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03d83de6462a80949\",\"sg-03d83de6462a80949\"],\"name\":\"launch-wizard-10\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fee639f7ef71a7b7\",\"sg-0fee639f7ef71a7b7\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fee639f7ef71a7b7\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-0bf78569aaae50b84\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-SXE\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-node\"}],\"GroupId\":\"sg-0fee639f7ef71a7b7\",\"GroupName\":\"cloudbeat-tf-SXE-node-20230502222556983600000006\",\"IpPermissions\":[{\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0894d6b414ce03952\",\"GroupName\":null}]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0fee639f7ef71a7b7\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0fee639f7ef71a7b7\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":53,\"IpProtocol\":\"udp\"},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0894d6b414ce03952\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0fee639f7ef71a7b7\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}]},{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0fee639f7ef71a7b7\",\"GroupName\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[]},{\"IpRanges\":[{\"Description\":\"Egress all HTTPS to internet\",\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0894d6b414ce03952\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\"},{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fee639f7ef71a7b7\",\"Description\":\"EKS node shared security group\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fee639f7ef71a7b7\",\"sg-0fee639f7ef71a7b7\"],\"name\":\"cloudbeat-tf-SXE-node-20230502222556983600000006\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b6f0b778e87e8f48\",\"sg-0b6f0b778e87e8f48\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b6f0b778e87e8f48\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-78\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-78 created 2023-10-05T11:58:12.739Z\",\"GroupId\":\"sg-0b6f0b778e87e8f48\",\"GroupName\":\"launch-wizard-78\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b6f0b778e87e8f48\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b6f0b778e87e8f48\",\"sg-0b6f0b778e87e8f48\"]},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-064b37ef9f8043d6b\",\"sg-064b37ef9f8043d6b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-064b37ef9f8043d6b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"GroupId\":\"sg-064b37ef9f8043d6b\",\"GroupName\":\"default\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-064b37ef9f8043d6b\",\"GroupName\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"Description\":\"default VPC security group\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-064b37ef9f8043d6b\",\"VpcId\":\"vpc-08d87433815da7907\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-064b37ef9f8043d6b\",\"sg-064b37ef9f8043d6b\"],\"name\":\"default\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07579f830fd7f3c77\",\"sg-07579f830fd7f3c77\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07579f830fd7f3c77\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07579f830fd7f3c77\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"eks-cluster-sg-daily10-1433387512\",\"Key\":\"Name\"},{\"Value\":\"daily10\",\"Key\":\"aws:eks:cluster-name\"},{\"Key\":\"kubernetes.io/cluster/daily10\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-07579f830fd7f3c77\",\"GroupName\":\"eks-cluster-sg-daily10-1433387512\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07579f830fd7f3c77\",\"sg-07579f830fd7f3c77\"],\"name\":\"eks-cluster-sg-daily10-1433387512\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ffff8a92d635a4b4\",\"sg-0ffff8a92d635a4b4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ffff8a92d635a4b4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-0265091ed79292f2c\",\"Description\":\"Managed by Terraform\",\"OwnerId\":\"704479110758\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ffff8a92d635a4b4\",\"GroupId\":\"sg-0ffff8a92d635a4b4\",\"GroupName\":\"amir-env6_120230628120919305500000005\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ffff8a92d635a4b4\",\"sg-0ffff8a92d635a4b4\"],\"name\":\"amir-env6_120230628120919305500000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-0265091ed79292f2c\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e1abcaa08f7a6361\",\"sg-0e1abcaa08f7a6361\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e1abcaa08f7a6361\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-00103fb710b9960ab\",\"Description\":\"Managed by Terraform\",\"GroupName\":\"benchmark-rules_220240530133039420900000005\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"192.168.0.0/16\"}],\"Ipv6Ranges\":[]}],\"GroupId\":\"sg-0e1abcaa08f7a6361\",\"IpPermissionsEgress\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e1abcaa08f7a6361\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e1abcaa08f7a6361\",\"sg-0e1abcaa08f7a6361\"],\"name\":\"benchmark-rules_220240530133039420900000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f67afa8a48404175\",\"sg-0f67afa8a48404175\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f67afa8a48404175\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f67afa8a48404175\",\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"GroupId\":\"sg-0f67afa8a48404175\",\"GroupName\":\"launch-wizard-113\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"Description\":\"launch-wizard-113 created 2024-07-26T20:07:48.287Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f67afa8a48404175\",\"sg-0f67afa8a48404175\"],\"name\":\"launch-wizard-113\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0841ca786dc83b566\",\"sg-0841ca786dc83b566\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0841ca786dc83b566\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"IpPermissions\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-0841ca786dc83b566\",\"GroupName\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"GroupId\":\"sg-0841ca786dc83b566\",\"GroupName\":\"default\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0841ca786dc83b566\",\"VpcId\":\"vpc-0bf78569aaae50b84\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0841ca786dc83b566\",\"sg-0841ca786dc83b566\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f805a498712f4ba8\",\"sg-0f805a498712f4ba8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f805a498712f4ba8\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-34\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f805a498712f4ba8\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-34 created 2023-03-23T13:13:08.663Z\",\"GroupId\":\"sg-0f805a498712f4ba8\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f805a498712f4ba8\",\"sg-0f805a498712f4ba8\"],\"name\":\"launch-wizard-34\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09db5f76c7009971b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-09db5f76c7009971b\",\"GroupName\":\"long-running-project-cluster-20231123175752291300000006\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09db5f76c7009971b\",\"VpcId\":\"vpc-096d5aaf84103883c\",\"Description\":\"EKS cluster security group\",\"IpPermissionsEgress\":[{\"ToPort\":10250,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"Name\",\"Value\":\"long-running-project-cluster\"},{\"Key\":\"project\",\"Value\":\"amirbenun\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09db5f76c7009971b\",\"sg-09db5f76c7009971b\"],\"name\":\"long-running-project-cluster-20231123175752291300000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09db5f76c7009971b\",\"sg-09db5f76c7009971b\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0460eca758c0bb346\",\"sg-0460eca758c0bb346\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0460eca758c0bb346\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-117 created 2024-07-27T00:06:48.298Z\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0460eca758c0bb346\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0460eca758c0bb346\",\"GroupName\":\"launch-wizard-117\",\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0460eca758c0bb346\",\"sg-0460eca758c0bb346\"],\"name\":\"launch-wizard-117\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-038d29ff6420feae7\",\"sg-038d29ff6420feae7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-038d29ff6420feae7\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-038d29ff6420feae7\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-038d29ff6420feae7\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard created 2023-05-11T13:09:53.261Z\",\"GroupName\":\"launch-wizard-51\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-038d29ff6420feae7\",\"sg-038d29ff6420feae7\"],\"name\":\"launch-wizard-51\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f8133159b21673b7\",\"sg-0f8133159b21673b7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f8133159b21673b7\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0f8133159b21673b7\",\"GroupName\":\"launch-wizard-41\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f8133159b21673b7\",\"Description\":\"launch-wizard-41 created 2023-04-03T20:23:48.100Z\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f8133159b21673b7\",\"sg-0f8133159b21673b7\"],\"name\":\"launch-wizard-41\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-037741bbd790337d2\",\"sg-037741bbd790337d2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-037741bbd790337d2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-037741bbd790337d2\",\"GroupName\":\"cloudbeat-tf-Gfp-node-20221228114839474700000004\",\"IpPermissionsEgress\":[{\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-037741bbd790337d2\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}]},{\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-037741bbd790337d2\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53},{\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-031ac0d1f1d2e00e2\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\"},{\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-Gfp\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-Gfp-node\"}],\"VpcId\":\"vpc-0de5d19ac894b58c9\",\"Description\":\"EKS node shared security group\",\"IpPermissions\":[{\"ToPort\":10250,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-031ac0d1f1d2e00e2\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-037741bbd790337d2\"}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-037741bbd790337d2\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-031ac0d1f1d2e00e2\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-037741bbd790337d2\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-037741bbd790337d2\",\"sg-037741bbd790337d2\"],\"name\":\"cloudbeat-tf-Gfp-node-20221228114839474700000004\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b9d8497f9abb2f81\",\"sg-0b9d8497f9abb2f81\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b9d8497f9abb2f81\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b9d8497f9abb2f81\",\"sg-0b9d8497f9abb2f81\"],\"name\":\"launch-wizard-72\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-72\",\"Description\":\"launch-wizard-72 created 2023-08-15T02:03:18.052Z\",\"GroupId\":\"sg-0b9d8497f9abb2f81\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b9d8497f9abb2f81\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"}},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05daf02f55f01460a\",\"VpcId\":\"vpc-0bf78569aaae50b84\",\"Description\":\"Managed by Terraform\",\"GroupName\":\"cloudbeat-tf-SXE_120230502222555978600000004\",\"Tags\":null,\"GroupId\":\"sg-05daf02f55f01460a\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05daf02f55f01460a\",\"sg-05daf02f55f01460a\"],\"name\":\"cloudbeat-tf-SXE_120230502222555978600000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05daf02f55f01460a\",\"sg-05daf02f55f01460a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05daf02f55f01460a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0453b067a0757ec2d\",\"sg-0453b067a0757ec2d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0453b067a0757ec2d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-119\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0453b067a0757ec2d\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0453b067a0757ec2d\",\"Tags\":null,\"Description\":\"launch-wizard-119 created 2024-07-27T01:03:30.456Z\",\"GroupName\":\"launch-wizard-119\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0453b067a0757ec2d\",\"sg-0453b067a0757ec2d\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d8433e97990b9118\",\"sg-0d8433e97990b9118\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d8433e97990b9118\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"DESCRIPTION\",\"GroupName\":\"vuls-sg-18991\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"UserIdGroupPairs\":[],\"FromPort\":18991,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":18991}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d8433e97990b9118\",\"Tags\":null,\"GroupId\":\"sg-0d8433e97990b9118\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d8433e97990b9118\",\"sg-0d8433e97990b9118\"],\"name\":\"vuls-sg-18991\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0a3207a0eac8d8231\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-03b63634385dba9a9\"}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-03b63634385dba9a9\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a3207a0eac8d8231\",\"VpcId\":\"vpc-06b023d1fc8665055\",\"Description\":\"EKS cluster security group\",\"GroupName\":\"dg-cis-cluster-20241110123327533600000007\",\"IpPermissions\":[{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-03b63634385dba9a9\"}]}],\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"owner\",\"Value\":\"gurevichdmitry\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Value\":\"dg-cis\",\"Key\":\"deployment\"},{\"Key\":\"project\",\"Value\":\"gurevichdmitry\"},{\"Value\":\"dg-cis-cluster\",\"Key\":\"Name\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a3207a0eac8d8231\",\"sg-0a3207a0eac8d8231\"],\"name\":\"dg-cis-cluster-20241110123327533600000007\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a3207a0eac8d8231\",\"sg-0a3207a0eac8d8231\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a3207a0eac8d8231\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0054cc356c3f84c21\",\"sg-0054cc356c3f84c21\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0054cc356c3f84c21\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-00103fb710b9960ab\",\"GroupName\":\"benchmark-rules_120240530133039418700000004\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0054cc356c3f84c21\",\"IpPermissionsEgress\":[],\"Tags\":null,\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0054cc356c3f84c21\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0054cc356c3f84c21\",\"sg-0054cc356c3f84c21\"],\"name\":\"benchmark-rules_120240530133039418700000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0723a917110a6c858\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"terraform-20241107082529469700000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"owner\",\"Value\":\"gurevichdmitry\"},{\"Key\":\"deployment\",\"Value\":\"dg-ref-1\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"ec2_type\",\"Value\":\"cloudtrail\"},{\"Key\":\"Name\",\"Value\":\"dg-ref-1-lls\"},{\"Key\":\"project\",\"Value\":\"gurevichdmitry\"},{\"Key\":\"id\",\"Value\":\"23fad7e0\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0723a917110a6c858\",\"GroupName\":\"terraform-20241107082529469700000002\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0723a917110a6c858\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0723a917110a6c858\",\"sg-0723a917110a6c858\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0723a917110a6c858\",\"sg-0723a917110a6c858\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0260cef63f61c8c8b\",\"sg-0260cef63f61c8c8b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0260cef63f61c8c8b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0260cef63f61c8c8b\",\"GroupName\":\"cloudbeat-tf-nsZ_220230214081025188100000006\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0260cef63f61c8c8b\",\"VpcId\":\"vpc-0a74788000c2f0013\",\"Description\":\"Managed by Terraform\",\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0260cef63f61c8c8b\",\"sg-0260cef63f61c8c8b\"],\"name\":\"cloudbeat-tf-nsZ_220230214081025188100000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09bda1e4d7fd21ad3\",\"sg-09bda1e4d7fd21ad3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09bda1e4d7fd21ad3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupName\":\"elastic-agent-security-group-df20e390-96e0-11ef-b64c-0a72966a557b\",\"IpPermissions\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09bda1e4d7fd21ad3\",\"Tags\":[{\"Value\":\"cspm-single-account\",\"Key\":\"aws:cloudformation:stack-name\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/cspm-single-account/df20e390-96e0-11ef-b64c-0a72966a557b\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Block incoming traffic\",\"GroupId\":\"sg-09bda1e4d7fd21ad3\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09bda1e4d7fd21ad3\",\"sg-09bda1e4d7fd21ad3\"],\"name\":\"elastic-agent-security-group-df20e390-96e0-11ef-b64c-0a72966a557b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"cloudbeat-tf-WWZ-cluster-20221229084123638600000004\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-00f233a80da23495f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bfea65465528af0e\",\"Tags\":[{\"Value\":\"cloudbeat-tf-WWZ-cluster\",\"Key\":\"Name\"}],\"Description\":\"EKS cluster security group\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-00f233a80da23495f\",\"GroupName\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-00f233a80da23495f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"GroupId\":\"sg-0bfea65465528af0e\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bfea65465528af0e\",\"sg-0bfea65465528af0e\"],\"name\":\"cloudbeat-tf-WWZ-cluster-20221229084123638600000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bfea65465528af0e\",\"sg-0bfea65465528af0e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bfea65465528af0e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-63 created 2023-06-25T11:46:34.054Z\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"GroupId\":\"sg-04f6eff4f98d8c4f3\",\"GroupName\":\"launch-wizard-63\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04f6eff4f98d8c4f3\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04f6eff4f98d8c4f3\",\"sg-04f6eff4f98d8c4f3\"],\"name\":\"launch-wizard-63\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04f6eff4f98d8c4f3\",\"sg-04f6eff4f98d8c4f3\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04f6eff4f98d8c4f3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01c738f826d371098\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-16 created 2022-12-01T09:56:42.190Z\",\"GroupId\":\"sg-01c738f826d371098\",\"GroupName\":\"launch-wizard-16\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01c738f826d371098\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01c738f826d371098\",\"sg-01c738f826d371098\"],\"name\":\"launch-wizard-16\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01c738f826d371098\",\"sg-01c738f826d371098\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03c9611c5f2246742\",\"Tags\":[{\"Key\":\"id\",\"Value\":\"e7fe3f8e\"},{\"Value\":\"long-running-project-HOV\",\"Key\":\"Name\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"project\",\"Value\":\"amirbenun\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-03c9611c5f2246742\",\"GroupName\":\"terraform-20231123175739667200000001\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03c9611c5f2246742\",\"sg-03c9611c5f2246742\"],\"name\":\"terraform-20231123175739667200000001\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03c9611c5f2246742\",\"sg-03c9611c5f2246742\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03c9611c5f2246742\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"name\":\"launch-wizard-86\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"GroupName\":\"launch-wizard-86\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c54afb1c1724e522\",\"Description\":\"launch-wizard-86 created 2023-10-30T19:41:47.522Z\",\"GroupId\":\"sg-0c54afb1c1724e522\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c54afb1c1724e522\",\"sg-0c54afb1c1724e522\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c54afb1c1724e522\",\"sg-0c54afb1c1724e522\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c54afb1c1724e522\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02406c5b73859ae29\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"EKS cluster security group\",\"GroupId\":\"sg-02406c5b73859ae29\",\"GroupName\":\"cloudbeat-tf-pEN-cluster-20221226075536275000000007\",\"IpPermissions\":[{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-00f97c5fd4c506f7f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02406c5b73859ae29\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-00f97c5fd4c506f7f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\"}],\"FromPort\":10250},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-00f97c5fd4c506f7f\",\"GroupName\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\"}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-pEN-cluster\"}],\"VpcId\":\"vpc-04ece708af6c9b689\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02406c5b73859ae29\",\"sg-02406c5b73859ae29\"],\"name\":\"cloudbeat-tf-pEN-cluster-20221226075536275000000007\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02406c5b73859ae29\",\"sg-02406c5b73859ae29\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ae82b051dad4da33\",\"sg-0ae82b051dad4da33\"],\"name\":\"terraform-20240307121957423400000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0ae82b051dad4da33\",\"GroupName\":\"terraform-20240307121957423400000001\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ae82b051dad4da33\",\"Tags\":[{\"Key\":\"owner\",\"Value\":\"Omolola-Akinleye\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"ec2_type\",\"Value\":\"cspm\"},{\"Key\":\"id\",\"Value\":\"6e6015c4\"},{\"Key\":\"Name\",\"Value\":\"delete--ess-prod-fl3\"},{\"Key\":\"project\",\"Value\":\"Omolola-Akinleye\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"OwnerId\":\"704479110758\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}]}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ae82b051dad4da33\",\"sg-0ae82b051dad4da33\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ae82b051dad4da33\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c3d5a1a87fe80dcb\",\"sg-0c3d5a1a87fe80dcb\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c3d5a1a87fe80dcb\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c3d5a1a87fe80dcb\",\"Tags\":null,\"Description\":\"launch-wizard-101 created 2024-05-02T14:45:23.125Z\",\"GroupName\":\"orestis-onweek\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":6443,\"UserIdGroupPairs\":[],\"FromPort\":6443},{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"18.199.254.49/32\",\"Description\":null},{\"CidrIp\":\"100.27.136.248/32\",\"Description\":null},{\"CidrIp\":\"44.223.163.119/32\",\"Description\":null},{\"CidrIp\":\"88.217.180.56/32\",\"Description\":\"tmp my ip\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]},{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"FromPort\":-1,\"IpProtocol\":\"icmp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":-1,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0c3d5a1a87fe80dcb\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c3d5a1a87fe80dcb\",\"sg-0c3d5a1a87fe80dcb\"],\"name\":\"orestis-onweek\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09acb419f5b35e0c7\",\"sg-09acb419f5b35e0c7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09acb419f5b35e0c7\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS cluster security group\",\"IpPermissions\":[{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-0dd67cbcedfb2ea60\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09acb419f5b35e0c7\",\"GroupId\":\"sg-09acb419f5b35e0c7\",\"GroupName\":\"test-env-ci-tf-cluster-20230620162415515800000007\",\"IpPermissionsEgress\":[{\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0dd67cbcedfb2ea60\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}]},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0dd67cbcedfb2ea60\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-cluster\"}],\"VpcId\":\"vpc-0d0d507f15a7baefb\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09acb419f5b35e0c7\",\"sg-09acb419f5b35e0c7\"],\"name\":\"test-env-ci-tf-cluster-20230620162415515800000007\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-007e4396e8eedd13a\",\"sg-007e4396e8eedd13a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-007e4396e8eedd13a\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"tags\":null,\"raw\":{\"GroupId\":\"sg-007e4396e8eedd13a\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-6cb55a15\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-007e4396e8eedd13a\",\"Tags\":null,\"Description\":\"launch-wizard-116 created 2024-07-26T23:50:11.009Z\",\"GroupName\":\"launch-wizard-116\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-007e4396e8eedd13a\",\"sg-007e4396e8eedd13a\"],\"name\":\"launch-wizard-116\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-090ecfb082b3f0e34\",\"sg-090ecfb082b3f0e34\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-090ecfb082b3f0e34\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-090ecfb082b3f0e34\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-090ecfb082b3f0e34\",\"Tags\":[{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"OrenDailyCluster\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-OrenDailyCluster-503177645\"},{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/OrenDailyCluster\"}],\"GroupName\":\"eks-cluster-sg-OrenDailyCluster-503177645\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-090ecfb082b3f0e34\",\"sg-090ecfb082b3f0e34\"],\"name\":\"eks-cluster-sg-OrenDailyCluster-503177645\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0187d536702d1dd23\",\"sg-0187d536702d1dd23\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0187d536702d1dd23\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0187d536702d1dd23\",\"sg-0187d536702d1dd23\"],\"name\":\"launch-wizard-114\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-114 created 2024-07-26T20:16:02.534Z\",\"GroupId\":\"sg-0187d536702d1dd23\",\"GroupName\":\"launch-wizard-114\",\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0187d536702d1dd23\",\"Tags\":null}},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-068c07cd665c64b73\",\"sg-068c07cd665c64b73\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-068c07cd665c64b73\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-096d5aaf84103883c\",\"GroupName\":\"eks-cluster-sg-long-running-project-1620075450\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-068c07cd665c64b73\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-068c07cd665c64b73\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/long-running-project\",\"Value\":\"owned\"},{\"Key\":\"project\",\"Value\":\"amirbenun\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-long-running-project-1620075450\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"long-running-project\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Value\":\"security\",\"Key\":\"org\"}],\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-068c07cd665c64b73\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-068c07cd665c64b73\",\"sg-068c07cd665c64b73\"],\"name\":\"eks-cluster-sg-long-running-project-1620075450\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-035fed423cfdb5c55\",\"sg-035fed423cfdb5c55\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-035fed423cfdb5c55\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-035fed423cfdb5c55\",\"GroupName\":\"kuba-logs-cluster-20241119125158938900000007\",\"Tags\":[{\"Value\":\"kubasobon\",\"Key\":\"project\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Value\":\"cloud-security-posture\",\"Key\":\"team\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-cluster\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"deployment\",\"Value\":\"kuba-logs\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"}],\"VpcId\":\"vpc-08d87433815da7907\",\"Description\":\"EKS cluster security group\",\"IpPermissions\":[{\"UserIdGroupPairs\":[{\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":10250},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-035fed423cfdb5c55\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-035fed423cfdb5c55\",\"sg-035fed423cfdb5c55\"],\"name\":\"kuba-logs-cluster-20241119125158938900000007\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-059fc2ed8376806e2\",\"sg-059fc2ed8376806e2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-059fc2ed8376806e2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-059fc2ed8376806e2\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"Tags\":null,\"Description\":\"launch-wizard-67 created 2023-07-25T09:21:09.623Z\",\"GroupName\":\"launch-wizard-67\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-059fc2ed8376806e2\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-059fc2ed8376806e2\",\"sg-059fc2ed8376806e2\"],\"name\":\"launch-wizard-67\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0df29ba5a62a60c1e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard created 2023-03-23T17:16:20.851Z\",\"GroupId\":\"sg-0df29ba5a62a60c1e\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0df29ba5a62a60c1e\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"launch-wizard-36\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0df29ba5a62a60c1e\",\"sg-0df29ba5a62a60c1e\"],\"name\":\"launch-wizard-36\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0df29ba5a62a60c1e\",\"sg-0df29ba5a62a60c1e\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e8133b11f6ffce58\",\"sg-0e8133b11f6ffce58\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e8133b11f6ffce58\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-0e8133b11f6ffce58\",\"GroupName\":\"eks-cluster-sg-QACycleDailyChecksJuly-508054906\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-QACycleDailyChecksJuly-508054906\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"QACycleDailyChecksJuly\"},{\"Key\":\"kubernetes.io/cluster/QACycleDailyChecksJuly\",\"Value\":\"owned\"}],\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e8133b11f6ffce58\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e8133b11f6ffce58\",\"sg-0e8133b11f6ffce58\"],\"name\":\"eks-cluster-sg-QACycleDailyChecksJuly-508054906\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-093aadc42ef9a96d4\",\"sg-093aadc42ef9a96d4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-093aadc42ef9a96d4\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"name\":\"launch-wizard-24\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-093aadc42ef9a96d4\",\"Tags\":null,\"Description\":\"launch-wizard-24 created 2023-02-21T08:03:44.648Z\",\"GroupName\":\"launch-wizard-24\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-093aadc42ef9a96d4\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-093aadc42ef9a96d4\",\"sg-093aadc42ef9a96d4\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-092c2ffc0a4633dd1\",\"sg-092c2ffc0a4633dd1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-092c2ffc0a4633dd1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"VpcId\":\"vpc-04ece708af6c9b689\",\"GroupId\":\"sg-092c2ffc0a4633dd1\",\"GroupName\":\"cloudbeat-tf-pEN_220221226075535598800000005\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"Managed by Terraform\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-092c2ffc0a4633dd1\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-092c2ffc0a4633dd1\",\"sg-092c2ffc0a4633dd1\"],\"name\":\"cloudbeat-tf-pEN_220221226075535598800000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cfd5cc44e40fa2cd\",\"sg-0cfd5cc44e40fa2cd\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cfd5cc44e40fa2cd\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":\"\",\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":\"\"}],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"GroupId\":\"sg-0cfd5cc44e40fa2cd\",\"GroupName\":\"launch-wizard-6\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cfd5cc44e40fa2cd\",\"Tags\":null,\"Description\":\"launch-wizard-6 created 2021-04-26T13:50:12.067+03:00\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cfd5cc44e40fa2cd\",\"sg-0cfd5cc44e40fa2cd\"],\"name\":\"launch-wizard-6\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"tags\":null,\"raw\":{\"GroupId\":\"sg-0fede304f99eaf73b\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fede304f99eaf73b\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"For running github actions\",\"GroupName\":\"Github-runner01\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"89.138.209.241/32\",\"Description\":\"arkady\"},{\"CidrIp\":\"77.137.8.226/32\",\"Description\":\"office\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fede304f99eaf73b\",\"sg-0fede304f99eaf73b\"],\"name\":\"Github-runner01\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fede304f99eaf73b\",\"sg-0fede304f99eaf73b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fede304f99eaf73b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-044f28b8c13b81cf5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"launch-wizard created 2023-03-06T14:03:30.298Z\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"Tags\":null,\"GroupId\":\"sg-044f28b8c13b81cf5\",\"GroupName\":\"launch-wizard-29\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":80,\"UserIdGroupPairs\":[],\"FromPort\":80,\"IpProtocol\":\"tcp\"},{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"},{\"UserIdGroupPairs\":[],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-044f28b8c13b81cf5\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-044f28b8c13b81cf5\",\"sg-044f28b8c13b81cf5\"],\"name\":\"launch-wizard-29\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-044f28b8c13b81cf5\",\"sg-044f28b8c13b81cf5\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d81b71e559cbc11c\",\"sg-0d81b71e559cbc11c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d81b71e559cbc11c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"GroupId\":\"sg-0d81b71e559cbc11c\",\"GroupName\":\"vuls-sg-25272\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"77.125.101.238/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"IpRanges\":[{\"CidrIp\":\"77.125.101.238/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":25272,\"UserIdGroupPairs\":[],\"FromPort\":25272,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d81b71e559cbc11c\",\"Description\":\"DESCRIPTION\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d81b71e559cbc11c\",\"sg-0d81b71e559cbc11c\"],\"name\":\"vuls-sg-25272\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef21368818f81624\",\"sg-0ef21368818f81624\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef21368818f81624\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef21368818f81624\",\"Tags\":[{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"ido-eks-daily-850\"},{\"Key\":\"kubernetes.io/cluster/ido-eks-daily-850\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-ido-eks-daily-850-1176333690\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupName\":\"eks-cluster-sg-ido-eks-daily-850-1176333690\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"GroupId\":\"sg-0ef21368818f81624\",\"IpPermissions\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef21368818f81624\",\"sg-0ef21368818f81624\"],\"name\":\"eks-cluster-sg-ido-eks-daily-850-1176333690\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0492547b8b3c09719\",\"sg-0492547b8b3c09719\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0492547b8b3c09719\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"launch-wizard-59 created 2023-06-11T10:22:46.170Z\",\"GroupId\":\"sg-0492547b8b3c09719\",\"GroupName\":\"launch-wizard-59\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0492547b8b3c09719\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0492547b8b3c09719\",\"sg-0492547b8b3c09719\"],\"name\":\"launch-wizard-59\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b07ba93eb1196589\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard created 2023-05-10T07:27:51.262Z\",\"GroupId\":\"sg-0b07ba93eb1196589\",\"GroupName\":\"launch-wizard-49\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b07ba93eb1196589\",\"sg-0b07ba93eb1196589\"],\"name\":\"launch-wizard-49\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b07ba93eb1196589\",\"sg-0b07ba93eb1196589\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b07ba93eb1196589\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ee724db2e23dbcb8\",\"sg-0ee724db2e23dbcb8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ee724db2e23dbcb8\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0ee724db2e23dbcb8\",\"GroupName\":\"Amir-home\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"93.173.33.175/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"Description\":\"Amir home\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ee724db2e23dbcb8\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ee724db2e23dbcb8\",\"sg-0ee724db2e23dbcb8\"],\"name\":\"Amir-home\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a05990554636a7d3\",\"sg-0a05990554636a7d3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a05990554636a7d3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a05990554636a7d3\",\"sg-0a05990554636a7d3\"],\"name\":\"launch-wizard-90\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a05990554636a7d3\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-90 created 2024-01-23T13:18:20.066Z\",\"GroupId\":\"sg-0a05990554636a7d3\",\"GroupName\":\"launch-wizard-90\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"Tags\":null}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-088ab834abdcc5ec3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"terraform-20230214084057345800000003\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-088ab834abdcc5ec3\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-088ab834abdcc5ec3\",\"Tags\":[{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"id\",\"Value\":\"5f282a8b\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-088ab834abdcc5ec3\",\"sg-088ab834abdcc5ec3\"],\"name\":\"terraform-20230214084057345800000003\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-088ab834abdcc5ec3\",\"sg-088ab834abdcc5ec3\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0080ac16b8a9372b6\",\"sg-0080ac16b8a9372b6\"],\"name\":\"launch-wizard-96\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-96 created 2024-04-03T06:31:36.580Z\",\"GroupId\":\"sg-0080ac16b8a9372b6\",\"GroupName\":\"launch-wizard-96\",\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0080ac16b8a9372b6\",\"Tags\":null}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0080ac16b8a9372b6\",\"sg-0080ac16b8a9372b6\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0080ac16b8a9372b6\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f9ccb215a838fc9\",\"sg-01f9ccb215a838fc9\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f9ccb215a838fc9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-100\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-01f9ccb215a838fc9\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Description\":\"launch-wizard-100 created 2024-04-25T12:50:19.218Z\",\"GroupName\":\"launch-wizard-100\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f9ccb215a838fc9\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f9ccb215a838fc9\",\"sg-01f9ccb215a838fc9\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0486e60ac25858460\",\"sg-0486e60ac25858460\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0486e60ac25858460\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupId\":\"sg-0486e60ac25858460\",\"GroupName\":\"launch-wizard-31\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0486e60ac25858460\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-31 created 2023-03-16T12:06:29.660Z\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0486e60ac25858460\",\"sg-0486e60ac25858460\"],\"name\":\"launch-wizard-31\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01bac6ae49b0a3ebd\",\"sg-01bac6ae49b0a3ebd\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01bac6ae49b0a3ebd\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":[{\"Key\":\"owner\",\"Value\":\"\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"previsioner\",\"Value\":\"tarraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"project\",\"Value\":\"\"},{\"Value\":\"huge-sparrow\",\"Key\":\"id\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01bac6ae49b0a3ebd\",\"GroupId\":\"sg-01bac6ae49b0a3ebd\",\"GroupName\":\"terraform-20230221130116507500000001\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01bac6ae49b0a3ebd\",\"sg-01bac6ae49b0a3ebd\"],\"name\":\"terraform-20230221130116507500000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08679f88c579ec565\",\"sg-08679f88c579ec565\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08679f88c579ec565\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Tags\":null,\"Description\":\"Office-Kaplan 2\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"77.137.8.226/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08679f88c579ec565\",\"GroupId\":\"sg-08679f88c579ec565\",\"GroupName\":\"Office-Kaplan 2\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08679f88c579ec565\",\"sg-08679f88c579ec565\"],\"name\":\"Office-Kaplan 2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f00c8a81127e5fec\",\"sg-0f00c8a81127e5fec\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f00c8a81127e5fec\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Description\":\"launch-wizard-66 created 2023-07-16T01:09:06.183Z\",\"GroupName\":\"launch-wizard-66\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-0f00c8a81127e5fec\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f00c8a81127e5fec\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f00c8a81127e5fec\",\"sg-0f00c8a81127e5fec\"],\"name\":\"launch-wizard-66\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-044eb1de9dfccc190\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-044eb1de9dfccc190\",\"GroupName\":\"terraform-20230111111822021500000003\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"id\",\"Value\":\"998602dd\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-044eb1de9dfccc190\",\"sg-044eb1de9dfccc190\"],\"name\":\"terraform-20230111111822021500000003\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-044eb1de9dfccc190\",\"sg-044eb1de9dfccc190\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-044eb1de9dfccc190\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e1d1c5ed4d289185\",\"sg-0e1d1c5ed4d289185\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e1d1c5ed4d289185\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"launch-wizard-1 created 2023-05-16T02:05:12.777Z\",\"GroupId\":\"sg-0e1d1c5ed4d289185\",\"GroupName\":\"launch-wizard-1\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e1d1c5ed4d289185\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e1d1c5ed4d289185\",\"sg-0e1d1c5ed4d289185\"],\"name\":\"launch-wizard-1\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0472035c33e6b3da9\",\"sg-0472035c33e6b3da9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0472035c33e6b3da9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"eks-cluster-sg-smplecluster2r-1256768117\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-0472035c33e6b3da9\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"GroupName\":\"eks-cluster-sg-smplecluster2r-1256768117\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0472035c33e6b3da9\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-smplecluster2r-1256768117\"},{\"Key\":\"kubernetes.io/cluster/smplecluster2r\",\"Value\":\"owned\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"smplecluster2r\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0472035c33e6b3da9\",\"sg-0472035c33e6b3da9\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02bf3e319137fa636\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-02bf3e319137fa636\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"VpcId\":\"vpc-6cb55a15\",\"Tags\":[{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"Name\",\"Value\":\"yarden-qa-810-bc1-i0f\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"id\",\"Value\":\"11da889b\"}],\"Description\":\"Managed by Terraform\",\"GroupName\":\"terraform-20230822104353790800000001\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02bf3e319137fa636\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02bf3e319137fa636\",\"sg-02bf3e319137fa636\"],\"name\":\"terraform-20230822104353790800000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02bf3e319137fa636\",\"sg-02bf3e319137fa636\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.093+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b9e34e4623e664a4\",\"sg-0b9e34e4623e664a4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b9e34e4623e664a4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0b9e34e4623e664a4\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b9e34e4623e664a4\",\"Tags\":[{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"kuba-logs-cnvm-sanity-test-stack\"},{\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/kuba-logs-cnvm-sanity-test-stack/d2594700-a677-11ef-a9ff-0a22d85204c3\",\"Key\":\"aws:cloudformation:stack-id\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Block incoming traffic\",\"IpPermissions\":[],\"GroupName\":\"elastic-agent-security-group-d2594700-a677-11ef-a9ff-0a22d85204c3\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b9e34e4623e664a4\",\"sg-0b9e34e4623e664a4\"],\"name\":\"elastic-agent-security-group-d2594700-a677-11ef-a9ff-0a22d85204c3\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07206c5a75f999879\",\"sg-07206c5a75f999879\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07206c5a75f999879\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-111\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07206c5a75f999879\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-111 created 2024-06-21T14:46:52.900Z\",\"GroupId\":\"sg-07206c5a75f999879\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[],\"FromPort\":443}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07206c5a75f999879\",\"sg-07206c5a75f999879\"],\"name\":\"launch-wizard-111\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ce799a71053a4f57\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Description\":\"launch-wizard-128 created 2024-10-08T09:24:30.131Z\",\"GroupName\":\"launch-wizard-128\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0ce799a71053a4f57\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ce799a71053a4f57\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ce799a71053a4f57\",\"sg-0ce799a71053a4f57\"],\"name\":\"launch-wizard-128\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ce799a71053a4f57\",\"sg-0ce799a71053a4f57\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ad802cf1591a83b5\",\"sg-0ad802cf1591a83b5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ad802cf1591a83b5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupName\":\"terraform-20240530133027048800000002\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ad802cf1591a83b5\",\"Tags\":[{\"Value\":\"engineering\",\"Key\":\"division\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Value\":\"cspm\",\"Key\":\"ec2_type\"},{\"Key\":\"project\",\"Value\":\"seanrathier\"},{\"Key\":\"Name\",\"Value\":\"benchmark-rules-3gw\"},{\"Key\":\"deployment\",\"Value\":\"benchmark-rules\"},{\"Key\":\"owner\",\"Value\":\"seanrathier\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"id\",\"Value\":\"224f0459\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0ad802cf1591a83b5\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ad802cf1591a83b5\",\"sg-0ad802cf1591a83b5\"],\"name\":\"terraform-20240530133027048800000002\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-121 created 2024-08-19T11:11:54.478Z\",\"GroupId\":\"sg-042e11fb278c04b0d\",\"OwnerId\":\"704479110758\",\"GroupName\":\"launch-wizard-121\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-042e11fb278c04b0d\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-042e11fb278c04b0d\",\"sg-042e11fb278c04b0d\"],\"name\":\"launch-wizard-121\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-042e11fb278c04b0d\",\"sg-042e11fb278c04b0d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-042e11fb278c04b0d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e342956c2979aa86\",\"sg-0e342956c2979aa86\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e342956c2979aa86\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-0e342956c2979aa86\",\"GroupName\":\"eks-cluster-sg-QACycleDailyChecksJuly2-1430167148\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e342956c2979aa86\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"QACycleDailyChecksJuly2\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-QACycleDailyChecksJuly2-1430167148\"},{\"Key\":\"kubernetes.io/cluster/QACycleDailyChecksJuly2\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e342956c2979aa86\",\"sg-0e342956c2979aa86\"],\"name\":\"eks-cluster-sg-QACycleDailyChecksJuly2-1430167148\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04bb3e35e6cccbd68\",\"sg-04bb3e35e6cccbd68\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04bb3e35e6cccbd68\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04bb3e35e6cccbd68\",\"sg-04bb3e35e6cccbd68\"],\"name\":\"terraform-20230822115527078700000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04bb3e35e6cccbd68\",\"Description\":\"Managed by Terraform\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Value\":\"86026cc7\",\"Key\":\"id\"},{\"Key\":\"Name\",\"Value\":\"yarden-810-bc1-HEA\"},{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Key\":\"ec2_type\",\"Value\":\"cspm\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-04bb3e35e6cccbd68\",\"GroupName\":\"terraform-20230822115527078700000002\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}]}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f1129d7e3738658\",\"sg-01f1129d7e3738658\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f1129d7e3738658\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"Description\":\"Managed by Terraform\",\"GroupName\":\"test-env-ci-tf_120230620162414690500000005\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f1129d7e3738658\",\"GroupId\":\"sg-01f1129d7e3738658\",\"IpPermissionsEgress\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f1129d7e3738658\",\"sg-01f1129d7e3738658\"],\"name\":\"test-env-ci-tf_120230620162414690500000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-065f10f1efa066eb5\",\"sg-065f10f1efa066eb5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-065f10f1efa066eb5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"terraform-20230716100146369600000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"terraform-20230716100146369600000001\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":[{\"Key\":\"id\",\"Value\":\"3666e45b\"},{\"Key\":\"Name\",\"Value\":\"yarden-qa-890-ZxU\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"}],\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-065f10f1efa066eb5\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-065f10f1efa066eb5\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-065f10f1efa066eb5\",\"sg-065f10f1efa066eb5\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-08d87433815da7907\",\"Description\":\"EKS node shared security group\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":53},{\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53},{\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123},{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":\"Egress all HTTPS to internet\",\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-035fed423cfdb5c55\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\"}],\"FromPort\":443},{\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":\"Egress NTP/TCP to internet\",\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-042dc17560e6f8374\",\"Tags\":[{\"Value\":\"kspm_eks\",\"Key\":\"ec2_type\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"deployment\",\"Value\":\"kuba-logs\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-node\"},{\"Key\":\"kubernetes.io/cluster/kuba-logs\",\"Value\":\"owned\"},{\"Key\":\"project\",\"Value\":\"kubasobon\"}],\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":\"kuba-logs-node-20241119125157867500000006\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-035fed423cfdb5c55\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\"}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-042dc17560e6f8374\"}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-042dc17560e6f8374\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-035fed423cfdb5c55\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-042dc17560e6f8374\",\"sg-042dc17560e6f8374\"],\"name\":\"kuba-logs-node-20241119125157867500000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-042dc17560e6f8374\",\"sg-042dc17560e6f8374\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-042dc17560e6f8374\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-053bc5aed4000fc6a\",\"sg-053bc5aed4000fc6a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-053bc5aed4000fc6a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupName\":\"terraform-20240404150155362300000001\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-053bc5aed4000fc6a\",\"Tags\":[{\"Key\":\"id\",\"Value\":\"18c7dfed\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-bXb\"},{\"Value\":\"kfirpeled\",\"Key\":\"owner\"},{\"Key\":\"ec2_type\",\"Value\":\"cspm\"},{\"Key\":\"project\",\"Value\":\"kfirpeled\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"}],\"GroupId\":\"sg-053bc5aed4000fc6a\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-053bc5aed4000fc6a\",\"sg-053bc5aed4000fc6a\"],\"name\":\"terraform-20240404150155362300000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0247b31adab0e8bde\",\"sg-0247b31adab0e8bde\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0247b31adab0e8bde\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0247b31adab0e8bde\",\"GroupName\":\"launch-wizard-107\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"Tags\":null,\"Description\":\"launch-wizard-107 created 2024-05-28T09:21:13.808Z\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0247b31adab0e8bde\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0247b31adab0e8bde\",\"sg-0247b31adab0e8bde\"],\"name\":\"launch-wizard-107\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0af05238feeb43642\",\"sg-0af05238feeb43642\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0af05238feeb43642\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"eks-cluster-sg-qa-bc3-sing-node-682736248\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-qa-bc3-sing-node-682736248\"},{\"Value\":\"qa-bc3-sing-node\",\"Key\":\"aws:eks:cluster-name\"},{\"Key\":\"kubernetes.io/cluster/qa-bc3-sing-node\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-0af05238feeb43642\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0af05238feeb43642\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0af05238feeb43642\",\"sg-0af05238feeb43642\"],\"name\":\"eks-cluster-sg-qa-bc3-sing-node-682736248\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06a87b710a82280f4\",\"sg-06a87b710a82280f4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06a87b710a82280f4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06a87b710a82280f4\",\"sg-06a87b710a82280f4\"],\"name\":\"cloudbeat-tf-T5Z_220230124141654700600000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"cloudbeat-tf-T5Z_220230124141654700600000005\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[],\"Tags\":null,\"Description\":\"Managed by Terraform\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06a87b710a82280f4\",\"VpcId\":\"vpc-02190da3c759732a9\",\"GroupId\":\"sg-06a87b710a82280f4\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]},\"resource_policies\":[],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-022fc50b19accd840\",\"sg-022fc50b19accd840\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-022fc50b19accd840\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-022fc50b19accd840\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"DESCRIPTION\",\"GroupId\":\"sg-022fc50b19accd840\",\"GroupName\":\"vuls-sg-13826\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"PrefixListIds\":[],\"ToPort\":13826,\"UserIdGroupPairs\":[],\"FromPort\":13826,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"31.154.188.106/32\"}],\"Ipv6Ranges\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-022fc50b19accd840\",\"sg-022fc50b19accd840\"],\"name\":\"vuls-sg-13826\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c30d34461c377a8a\",\"sg-0c30d34461c377a8a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c30d34461c377a8a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c30d34461c377a8a\",\"sg-0c30d34461c377a8a\"],\"name\":\"launch-wizard-47\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-0c30d34461c377a8a\",\"GroupName\":\"launch-wizard-47\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-47 created 2023-05-04T11:57:05.126Z\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c30d34461c377a8a\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-014311ff94fa57084\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-014311ff94fa57084\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-014311ff94fa57084\",\"GroupName\":\"eks-cluster-sg-ofir-cluster-1481553517\",\"IpPermissions\":[],\"Tags\":[{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"ofir-cluster\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-ofir-cluster-1481553517\"},{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/ofir-cluster\"}],\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-014311ff94fa57084\",\"sg-014311ff94fa57084\"],\"name\":\"eks-cluster-sg-ofir-cluster-1481553517\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-014311ff94fa57084\",\"sg-014311ff94fa57084\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00fffedaddecb00e3\",\"sg-00fffedaddecb00e3\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00fffedaddecb00e3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-132\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00fffedaddecb00e3\",\"Tags\":null,\"GroupId\":\"sg-00fffedaddecb00e3\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-132 created 2024-10-31T17:44:26.690Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00fffedaddecb00e3\",\"sg-00fffedaddecb00e3\"],\"name\":\"launch-wizard-132\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09bb6e719e75d672e\",\"sg-09bb6e719e75d672e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09bb6e719e75d672e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"Description\":\"default VPC security group\",\"GroupName\":\"default\",\"IpPermissions\":[{\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-09bb6e719e75d672e\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09bb6e719e75d672e\",\"Tags\":null,\"VpcId\":\"vpc-04ece708af6c9b689\",\"GroupId\":\"sg-09bb6e719e75d672e\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09bb6e719e75d672e\",\"sg-09bb6e719e75d672e\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-051e3727e3f42c929\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-051e3727e3f42c929\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"owner\",\"Value\":\"gurevichdmitry\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"gurevichdmitry\"},{\"Key\":\"Name\",\"Value\":\"dg-cis-9Xx\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"deployment\",\"Value\":\"dg-cis\"},{\"Key\":\"ec2_type\",\"Value\":\"cspm\"},{\"Key\":\"id\",\"Value\":\"0c5ac26d\"}],\"GroupName\":\"terraform-20241110123313272700000001\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-051e3727e3f42c929\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-051e3727e3f42c929\",\"sg-051e3727e3f42c929\"],\"name\":\"terraform-20241110123313272700000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-051e3727e3f42c929\",\"sg-051e3727e3f42c929\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-087b0503b8c5668cf\",\"sg-087b0503b8c5668cf\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-087b0503b8c5668cf\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-087b0503b8c5668cf\",\"VpcId\":\"vpc-02190da3c759732a9\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-087b0503b8c5668cf\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-node\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"owned\"}],\"Description\":\"EKS node shared security group\",\"GroupName\":\"cloudbeat-tf-T5Z-node-20230124141655225700000007\",\"IpPermissions\":[{\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0fa0aaac6f1023ec0\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\"}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250},{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-087b0503b8c5668cf\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-087b0503b8c5668cf\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0fa0aaac6f1023ec0\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-087b0503b8c5668cf\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-087b0503b8c5668cf\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}]},{\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123},{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-0fa0aaac6f1023ec0\",\"GroupName\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\"},{\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-087b0503b8c5668cf\",\"sg-087b0503b8c5668cf\"],\"name\":\"cloudbeat-tf-T5Z-node-20230124141655225700000007\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e39431f4f0bee97c\",\"sg-0e39431f4f0bee97c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e39431f4f0bee97c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"Tags\":[{\"Key\":\"owner\",\"Value\":\"\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Value\":\"security\",\"Key\":\"org\"},{\"Key\":\"previsioner\",\"Value\":\"tarraform\"},{\"Key\":\"project\",\"Value\":\"\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"id\",\"Value\":\"maximum-raptor\"}],\"GroupId\":\"sg-0e39431f4f0bee97c\",\"GroupName\":\"terraform-20230221151701364500000001\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e39431f4f0bee97c\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e39431f4f0bee97c\",\"sg-0e39431f4f0bee97c\"],\"name\":\"terraform-20230221151701364500000001\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05be22c4e8f81eb26\",\"sg-05be22c4e8f81eb26\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05be22c4e8f81eb26\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-83 created 2023-10-17T13:23:19.232Z\",\"GroupId\":\"sg-05be22c4e8f81eb26\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05be22c4e8f81eb26\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupName\":\"launch-wizard-83\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05be22c4e8f81eb26\",\"sg-05be22c4e8f81eb26\"],\"name\":\"launch-wizard-83\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-094f7b5835c9cb1e3\",\"sg-094f7b5835c9cb1e3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-094f7b5835c9cb1e3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-094f7b5835c9cb1e3\",\"GroupName\":\"launch-wizard-88\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-094f7b5835c9cb1e3\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-88 created 2023-12-08T11:38:30.296Z\",\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-094f7b5835c9cb1e3\",\"sg-094f7b5835c9cb1e3\"],\"name\":\"launch-wizard-88\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a700bb67c6df63c1\",\"sg-0a700bb67c6df63c1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a700bb67c6df63c1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0a700bb67c6df63c1\",\"GroupName\":\"terraform-20230614132700117500000002\",\"VpcId\":\"vpc-6cb55a15\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a700bb67c6df63c1\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"dg-6-wl5\"},{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Key\":\"ec2_type\",\"Value\":\"cspm\"},{\"Key\":\"id\",\"Value\":\"b63cb773\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a700bb67c6df63c1\",\"sg-0a700bb67c6df63c1\"],\"name\":\"terraform-20230614132700117500000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f6a05ad9600340e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-8 created 2021-06-24T15:33:35.318+03:00\",\"GroupId\":\"sg-00f6a05ad9600340e\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"launch-wizard-8\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f6a05ad9600340e\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f6a05ad9600340e\",\"sg-00f6a05ad9600340e\"],\"name\":\"launch-wizard-8\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f6a05ad9600340e\",\"sg-00f6a05ad9600340e\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0de35eed0eb9af61f\",\"sg-0de35eed0eb9af61f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0de35eed0eb9af61f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0de35eed0eb9af61f\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-23 created 2023-02-14T11:39:01.948Z\",\"GroupName\":\"launch-wizard-23\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0de35eed0eb9af61f\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0de35eed0eb9af61f\",\"sg-0de35eed0eb9af61f\"],\"name\":\"launch-wizard-23\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-004a7d2adda947b81\",\"sg-004a7d2adda947b81\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-004a7d2adda947b81\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-004a7d2adda947b81\",\"sg-004a7d2adda947b81\"],\"name\":\"launch-wizard-77\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-004a7d2adda947b81\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-004a7d2adda947b81\",\"Tags\":null,\"Description\":\"launch-wizard-77 created 2023-10-05T11:49:15.960Z\",\"GroupName\":\"launch-wizard-77\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a49e46288d808472\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a49e46288d808472\",\"Tags\":null,\"Description\":\"launch-wizard-129 created 2024-10-09T08:45:01.406Z\",\"GroupId\":\"sg-0a49e46288d808472\",\"GroupName\":\"launch-wizard-129\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"86.89.2.244/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a49e46288d808472\",\"sg-0a49e46288d808472\"],\"name\":\"launch-wizard-129\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a49e46288d808472\",\"sg-0a49e46288d808472\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06633edb633e32efe\",\"sg-06633edb633e32efe\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06633edb633e32efe\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-06633edb633e32efe\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06633edb633e32efe\",\"Description\":\"launch-wizard-64 created 2023-07-09T10:36:16.954Z\",\"GroupName\":\"launch-wizard-64\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06633edb633e32efe\",\"sg-06633edb633e32efe\"],\"name\":\"launch-wizard-64\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-066a56ecc9a45761c\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-066a56ecc9a45761c\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-066a56ecc9a45761c\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-066a56ecc9a45761c\",\"GroupName\":\"eks-cluster-sg-kuba-logs-1524208083\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Value\":\"kubasobon\",\"Key\":\"owner\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"kuba-logs\"},{\"Value\":\"kuba-logs\",\"Key\":\"deployment\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-kuba-logs-1524208083\"},{\"Key\":\"project\",\"Value\":\"kubasobon\"},{\"Key\":\"kubernetes.io/cluster/kuba-logs\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-08d87433815da7907\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-066a56ecc9a45761c\",\"sg-066a56ecc9a45761c\"],\"name\":\"eks-cluster-sg-kuba-logs-1524208083\",\"category\":\"infrastructure\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-066a56ecc9a45761c\",\"sg-066a56ecc9a45761c\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0621839750e781a27\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-89 created 2023-12-25T14:21:06.329Z\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0621839750e781a27\",\"Tags\":null,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0621839750e781a27\",\"GroupName\":\"launch-wizard-89\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0621839750e781a27\",\"sg-0621839750e781a27\"],\"name\":\"launch-wizard-89\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0621839750e781a27\",\"sg-0621839750e781a27\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c233dc5e07af2f27\",\"sg-0c233dc5e07af2f27\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c233dc5e07af2f27\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c233dc5e07af2f27\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-95 created 2024-03-25T09:33:33.318Z\",\"GroupId\":\"sg-0c233dc5e07af2f27\",\"GroupName\":\"launch-wizard-95\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c233dc5e07af2f27\",\"sg-0c233dc5e07af2f27\"],\"name\":\"launch-wizard-95\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e5febf4d72a05639\",\"sg-0e5febf4d72a05639\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e5febf4d72a05639\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e5febf4d72a05639\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0e5febf4d72a05639\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Description\":\"launch-wizard-3 created 2021-03-17T17:35:21.608+02:00\",\"GroupName\":\"launch-wizard-3\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e5febf4d72a05639\",\"sg-0e5febf4d72a05639\"],\"name\":\"launch-wizard-3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02884ff94fdd751a7\",\"sg-02884ff94fdd751a7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02884ff94fdd751a7\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-106\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02884ff94fdd751a7\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-0b5ada4550b941390\",\"Description\":\"launch-wizard-106 created 2024-05-24T16:01:59.762Z\",\"GroupId\":\"sg-02884ff94fdd751a7\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02884ff94fdd751a7\",\"sg-02884ff94fdd751a7\"],\"name\":\"launch-wizard-106\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0b5ada4550b941390\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09b4344127cabc3e2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-09b4344127cabc3e2\",\"GroupName\":\"launch-wizard-30\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09b4344127cabc3e2\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-30 created 2023-03-14T17:38:35.802Z\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09b4344127cabc3e2\",\"sg-09b4344127cabc3e2\"],\"name\":\"launch-wizard-30\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09b4344127cabc3e2\",\"sg-09b4344127cabc3e2\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-081a33d48a4a9086f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupName\":\"long-running-project-node-20231123175752373900000007\",\"Tags\":[{\"Key\":\"project\",\"Value\":\"amirbenun\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"kubernetes.io/cluster/long-running-project\",\"Value\":\"owned\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Value\":\"cloud-security-posture\",\"Key\":\"team\"},{\"Key\":\"Name\",\"Value\":\"long-running-project-node\"}],\"VpcId\":\"vpc-096d5aaf84103883c\",\"Description\":\"EKS node shared security group\",\"GroupId\":\"sg-081a33d48a4a9086f\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-081a33d48a4a9086f\",\"IpPermissions\":[{\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-09db5f76c7009971b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250},{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-081a33d48a4a9086f\"}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-09db5f76c7009971b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443}],\"IpPermissionsEgress\":[{\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-081a33d48a4a9086f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\"},{\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-09db5f76c7009971b\",\"GroupName\":null}]},{\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-081a33d48a4a9086f\",\"sg-081a33d48a4a9086f\"],\"name\":\"long-running-project-node-20231123175752373900000007\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-081a33d48a4a9086f\",\"sg-081a33d48a4a9086f\"],\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c00a6157a24108a8\",\"sg-0c00a6157a24108a8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c00a6157a24108a8\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"David Home\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c00a6157a24108a8\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0c00a6157a24108a8\",\"GroupName\":\"David Home\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"176.231.180.22/32\",\"Description\":\"David-Home\"},{\"CidrIp\":\"194.90.142.221/32\",\"Description\":\"Elastic-Office\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c00a6157a24108a8\",\"sg-0c00a6157a24108a8\"],\"name\":\"David Home\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"Tags\":[{\"Key\":\"id\",\"Value\":\"d52e19d8\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"}],\"GroupName\":\"terraform-20230202094939374600000003\",\"GroupId\":\"sg-0c84b98590d2e8c7d\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c84b98590d2e8c7d\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c84b98590d2e8c7d\",\"sg-0c84b98590d2e8c7d\"],\"name\":\"terraform-20230202094939374600000003\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c84b98590d2e8c7d\",\"sg-0c84b98590d2e8c7d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c84b98590d2e8c7d\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ca0e633020d3f0f7\",\"sg-0ca0e633020d3f0f7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ca0e633020d3f0f7\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-104\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-104 created 2024-05-14T06:56:30.936Z\",\"GroupId\":\"sg-0ca0e633020d3f0f7\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ca0e633020d3f0f7\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ca0e633020d3f0f7\",\"sg-0ca0e633020d3f0f7\"],\"name\":\"launch-wizard-104\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ddf78e40842388ef\",\"sg-0ddf78e40842388ef\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ddf78e40842388ef\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0ddf78e40842388ef\",\"GroupName\":\"dg-cis_220241110123325929600000004\",\"IpPermissionsEgress\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ddf78e40842388ef\",\"VpcId\":\"vpc-06b023d1fc8665055\",\"Description\":\"Managed by Terraform\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ddf78e40842388ef\",\"sg-0ddf78e40842388ef\"],\"name\":\"dg-cis_220241110123325929600000004\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bc3e895373cf3fd0\",\"sg-0bc3e895373cf3fd0\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bc3e895373cf3fd0\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bc3e895373cf3fd0\",\"sg-0bc3e895373cf3fd0\"],\"name\":\"launch-wizard-50\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-50 created 2023-05-11T05:30:56.450Z\",\"GroupId\":\"sg-0bc3e895373cf3fd0\",\"GroupName\":\"launch-wizard-50\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bc3e895373cf3fd0\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a74aee10d6bb4a7a\",\"sg-0a74aee10d6bb4a7a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a74aee10d6bb4a7a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a74aee10d6bb4a7a\",\"VpcId\":\"vpc-6cb55a15\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"GroupId\":\"sg-0a74aee10d6bb4a7a\",\"GroupName\":\"launch-wizard-58\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"launch-wizard-58 created 2023-06-05T09:00:39.549Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a74aee10d6bb4a7a\",\"sg-0a74aee10d6bb4a7a\"],\"name\":\"launch-wizard-58\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0168b62eed5d4ddd4\",\"sg-0168b62eed5d4ddd4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0168b62eed5d4ddd4\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0168b62eed5d4ddd4\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0168b62eed5d4ddd4\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"launch-wizard-102 created 2024-05-08T12:54:23.919Z\",\"GroupName\":\"launch-wizard-102\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0168b62eed5d4ddd4\",\"sg-0168b62eed5d4ddd4\"],\"name\":\"launch-wizard-102\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d7331a14b037ec25\",\"sg-0d7331a14b037ec25\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d7331a14b037ec25\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-42\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-42\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-42 created 2023-04-10T11:05:17.965Z\",\"GroupId\":\"sg-0d7331a14b037ec25\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d7331a14b037ec25\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d7331a14b037ec25\",\"sg-0d7331a14b037ec25\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a388656e8d141cf4\",\"sg-0a388656e8d141cf4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a388656e8d141cf4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"launch-wizard-22 created 2023-01-29T17:02:50.254Z\",\"GroupId\":\"sg-0a388656e8d141cf4\",\"GroupName\":\"launch-wizard-22\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a388656e8d141cf4\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a388656e8d141cf4\",\"sg-0a388656e8d141cf4\"],\"name\":\"launch-wizard-22\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f8c46d9717bfe1b\",\"sg-06f8c46d9717bfe1b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f8c46d9717bfe1b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"terraform-20230614132700115100000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f8c46d9717bfe1b\",\"Tags\":[{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Value\":\"terraform\",\"Key\":\"provisioner\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Key\":\"id\",\"Value\":\"65466581\"},{\"Key\":\"Name\",\"Value\":\"dg-6-wl5\"}],\"Description\":\"Managed by Terraform\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-06f8c46d9717bfe1b\",\"GroupName\":\"terraform-20230614132700115100000001\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f8c46d9717bfe1b\",\"sg-06f8c46d9717bfe1b\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05881beea67daa384\",\"sg-05881beea67daa384\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05881beea67daa384\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"Description\":\"Block incoming traffic\",\"GroupId\":\"sg-05881beea67daa384\",\"GroupName\":\"elastic-agent-security-group-96b9bd60-328c-11ef-8748-06cab9c0c0cb\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05881beea67daa384\",\"Tags\":[{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Vulnerability-Management-Test\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Vulnerability-Management-Test/96b9bd60-328c-11ef-8748-06cab9c0c0cb\"},{\"Value\":\"ElasticAgentSecurityGroup\",\"Key\":\"aws:cloudformation:logical-id\"}],\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05881beea67daa384\",\"sg-05881beea67daa384\"],\"name\":\"elastic-agent-security-group-96b9bd60-328c-11ef-8748-06cab9c0c0cb\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-076a254c5f92ae7c5\",\"sg-076a254c5f92ae7c5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-076a254c5f92ae7c5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-110\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"87.71.205.87/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-076a254c5f92ae7c5\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-110 created 2024-06-09T09:11:13.837Z\",\"GroupId\":\"sg-076a254c5f92ae7c5\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-076a254c5f92ae7c5\",\"sg-076a254c5f92ae7c5\"],\"name\":\"launch-wizard-110\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06af24edafb72463c\",\"sg-06af24edafb72463c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06af24edafb72463c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"VpcId\":\"vpc-6cb55a15\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06af24edafb72463c\",\"Tags\":null,\"Description\":\"launch-wizard-62 created 2023-06-21T08:08:52.487Z\",\"GroupId\":\"sg-06af24edafb72463c\",\"GroupName\":\"launch-wizard-62\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06af24edafb72463c\",\"sg-06af24edafb72463c\"],\"name\":\"launch-wizard-62\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-076e4eed1fb15f8d6\",\"sg-076e4eed1fb15f8d6\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-076e4eed1fb15f8d6\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-076e4eed1fb15f8d6\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-37 created 2023-03-23T17:41:25.683Z\",\"GroupId\":\"sg-076e4eed1fb15f8d6\",\"GroupName\":\"launch-wizard-37\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-076e4eed1fb15f8d6\",\"sg-076e4eed1fb15f8d6\"],\"name\":\"launch-wizard-37\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"tags\":null,\"raw\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-QACycleDailyChecksSingleNodeJuly3-364978269\"},{\"Key\":\"kubernetes.io/cluster/QACycleDailyChecksSingleNodeJuly3\",\"Value\":\"owned\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"QACycleDailyChecksSingleNodeJuly3\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-0b2babc280b3d6d9e\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b2babc280b3d6d9e\",\"GroupName\":\"eks-cluster-sg-QACycleDailyChecksSingleNodeJuly3-364978269\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b2babc280b3d6d9e\",\"sg-0b2babc280b3d6d9e\"],\"name\":\"eks-cluster-sg-QACycleDailyChecksSingleNodeJuly3-364978269\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b2babc280b3d6d9e\",\"sg-0b2babc280b3d6d9e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b2babc280b3d6d9e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"name\":\"vuls-sg-29351\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0a4303321793b65c5\",\"GroupName\":\"vuls-sg-29351\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"DESCRIPTION\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":29351,\"UserIdGroupPairs\":[],\"FromPort\":29351},{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a4303321793b65c5\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a4303321793b65c5\",\"sg-0a4303321793b65c5\"]},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a4303321793b65c5\",\"sg-0a4303321793b65c5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a4303321793b65c5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08924fff4795786ee\",\"sg-08924fff4795786ee\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08924fff4795786ee\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-08924fff4795786ee\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08924fff4795786ee\",\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-08924fff4795786ee\",\"GroupName\":\"default\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08924fff4795786ee\",\"sg-08924fff4795786ee\"],\"name\":\"default\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f33c628019e4de84\",\"sg-0f33c628019e4de84\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f33c628019e4de84\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-33\",\"GroupId\":\"sg-0f33c628019e4de84\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f33c628019e4de84\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard created 2023-03-23T07:32:18.393Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f33c628019e4de84\",\"sg-0f33c628019e4de84\"],\"name\":\"launch-wizard-33\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a5f0ce8fbef43b29\",\"sg-0a5f0ce8fbef43b29\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a5f0ce8fbef43b29\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0a5f0ce8fbef43b29\",\"GroupName\":\"eks-cluster-sg-ofir-fargate-cluster-1442081026\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a5f0ce8fbef43b29\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-ofir-fargate-cluster-1442081026\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"ofir-fargate-cluster\"},{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/ofir-fargate-cluster\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a5f0ce8fbef43b29\",\"sg-0a5f0ce8fbef43b29\"],\"name\":\"eks-cluster-sg-ofir-fargate-cluster-1442081026\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03039238c252d01f1\",\"sg-03039238c252d01f1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03039238c252d01f1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-03039238c252d01f1\",\"GroupName\":\"launch-wizard-61\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"Description\":\"launch-wizard-61 created 2023-06-11T14:58:32.459Z\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03039238c252d01f1\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03039238c252d01f1\",\"sg-03039238c252d01f1\"],\"name\":\"launch-wizard-61\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f0f75f22ae1d177\",\"sg-06f0f75f22ae1d177\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f0f75f22ae1d177\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"OwnerId\":\"704479110758\",\"Description\":\"Managed by Terraform\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f0f75f22ae1d177\",\"Tags\":[{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"id\",\"Value\":\"4d2435a9\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-06f0f75f22ae1d177\",\"GroupName\":\"terraform-20230131152126682000000003\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f0f75f22ae1d177\",\"sg-06f0f75f22ae1d177\"],\"name\":\"terraform-20230131152126682000000003\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b03c8e2f46c350a\",\"sg-01b03c8e2f46c350a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b03c8e2f46c350a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-4 created 2021-03-18T13:10:25.801+02:00\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b03c8e2f46c350a\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-01b03c8e2f46c350a\",\"GroupName\":\"launch-wizard-4\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b03c8e2f46c350a\",\"sg-01b03c8e2f46c350a\"],\"name\":\"launch-wizard-4\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0629173942ff7ac59\",\"sg-0629173942ff7ac59\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0629173942ff7ac59\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0629173942ff7ac59\",\"Tags\":null,\"Description\":\"launch-wizard-39 created 2023-03-28T15:08:06.527Z\",\"GroupId\":\"sg-0629173942ff7ac59\",\"GroupName\":\"launch-wizard-39\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0629173942ff7ac59\",\"sg-0629173942ff7ac59\"],\"name\":\"launch-wizard-39\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f509ad8fd5a6f8d\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f509ad8fd5a6f8d\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-01f509ad8fd5a6f8d\",\"GroupName\":\"eks-cluster-sg-findings860-1117769384\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-findings860-1117769384\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"findings860\"},{\"Key\":\"kubernetes.io/cluster/findings860\",\"Value\":\"owned\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f509ad8fd5a6f8d\",\"sg-01f509ad8fd5a6f8d\"],\"name\":\"eks-cluster-sg-findings860-1117769384\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f509ad8fd5a6f8d\",\"sg-01f509ad8fd5a6f8d\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03baef285e93d4323\",\"sg-03baef285e93d4323\"],\"name\":\"launch-wizard-11\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-03baef285e93d4323\",\"GroupName\":\"launch-wizard-11\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"Tags\":null,\"Description\":\"launch-wizard-11 created 2022-11-14T16:56:47.348Z\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03baef285e93d4323\",\"VpcId\":\"vpc-6cb55a15\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03baef285e93d4323\",\"sg-03baef285e93d4323\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03baef285e93d4323\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0eb5de4c42875972d\",\"sg-0eb5de4c42875972d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0eb5de4c42875972d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupId\":\"sg-0eb5de4c42875972d\",\"GroupName\":\"ec2group\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0eb5de4c42875972d\",\"Description\":\"ec2group\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0eb5de4c42875972d\",\"sg-0eb5de4c42875972d\"],\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cdea7e40760898fa\",\"sg-0cdea7e40760898fa\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cdea7e40760898fa\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-14\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-14 created 2022-11-28T17:18:59.261Z\",\"GroupId\":\"sg-0cdea7e40760898fa\",\"GroupName\":\"launch-wizard-14\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cdea7e40760898fa\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cdea7e40760898fa\",\"sg-0cdea7e40760898fa\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0906d01f9af59bdb8\",\"sg-0906d01f9af59bdb8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0906d01f9af59bdb8\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0906d01f9af59bdb8\",\"sg-0906d01f9af59bdb8\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"Description\":\"ec2group12\",\"GroupId\":\"sg-0906d01f9af59bdb8\",\"GroupName\":\"ec2group12\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0906d01f9af59bdb8\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-073a4f4d84a89c002\",\"sg-073a4f4d84a89c002\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-073a4f4d84a89c002\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-120 created 2024-08-13T10:03:29.045Z\",\"GroupId\":\"sg-073a4f4d84a89c002\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"GroupName\":\"launch-wizard-120\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-073a4f4d84a89c002\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-073a4f4d84a89c002\",\"sg-073a4f4d84a89c002\"],\"name\":\"launch-wizard-120\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"name\":\"dg-cis-node-20241110123327507100000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03b63634385dba9a9\",\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Value\":\"kspm_eks\",\"Key\":\"ec2_type\"},{\"Key\":\"project\",\"Value\":\"gurevichdmitry\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"owner\",\"Value\":\"gurevichdmitry\"},{\"Key\":\"kubernetes.io/cluster/dg-cis\",\"Value\":\"owned\"},{\"Key\":\"deployment\",\"Value\":\"dg-cis\"},{\"Key\":\"Name\",\"Value\":\"dg-cis-node\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"VpcId\":\"vpc-06b023d1fc8665055\",\"GroupId\":\"sg-03b63634385dba9a9\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0a3207a0eac8d8231\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\"}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-03b63634385dba9a9\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\"}],\"FromPort\":53},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-03b63634385dba9a9\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0a3207a0eac8d8231\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-03b63634385dba9a9\",\"GroupName\":null,\"PeeringStatus\":null}]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-03b63634385dba9a9\"}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-0a3207a0eac8d8231\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}]},{\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123}],\"Description\":\"EKS node shared security group\",\"GroupName\":\"dg-cis-node-20241110123327507100000006\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03b63634385dba9a9\",\"sg-03b63634385dba9a9\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03b63634385dba9a9\",\"sg-03b63634385dba9a9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03b63634385dba9a9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f930121e0269e02b\",\"sg-0f930121e0269e02b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f930121e0269e02b\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"name\":\"eks-cluster-sg-testalpha-1178503156\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupName\":\"eks-cluster-sg-testalpha-1178503156\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0f930121e0269e02b\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f930121e0269e02b\",\"Tags\":[{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/testalpha\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-testalpha-1178503156\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"testalpha\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f930121e0269e02b\",\"sg-0f930121e0269e02b\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0933426843b9c2cd8\",\"sg-0933426843b9c2cd8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0933426843b9c2cd8\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0933426843b9c2cd8\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"Description\":\"launch-wizard-69 created 2023-07-14T09:30:16.652Z\",\"GroupName\":\"launch-wizard-69\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0933426843b9c2cd8\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0933426843b9c2cd8\",\"sg-0933426843b9c2cd8\"],\"name\":\"launch-wizard-69\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c4e94c40a13d9666\",\"sg-0c4e94c40a13d9666\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c4e94c40a13d9666\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"Tags\":null,\"VpcId\":\"vpc-0096efe3aab3734db\",\"GroupId\":\"sg-0c4e94c40a13d9666\",\"GroupName\":\"default\",\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-0c4e94c40a13d9666\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c4e94c40a13d9666\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c4e94c40a13d9666\",\"sg-0c4e94c40a13d9666\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05cc4ab1015462e4b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"cloudbeat-tf-AhU_220230110154206443500000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-05cc4ab1015462e4b\",\"Description\":\"Managed by Terraform\",\"GroupName\":\"cloudbeat-tf-AhU_220230110154206443500000002\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}]}],\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05cc4ab1015462e4b\",\"Tags\":null,\"VpcId\":\"vpc-05dd3a849e821fafc\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05cc4ab1015462e4b\",\"sg-05cc4ab1015462e4b\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05cc4ab1015462e4b\",\"sg-05cc4ab1015462e4b\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"raw\":{\"GroupId\":\"sg-09c9f828a188b735f\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"GroupName\":\"terraform-20241110123313275100000002\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09c9f828a188b735f\",\"Tags\":[{\"Key\":\"id\",\"Value\":\"fd56c5e7\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Value\":\"gurevichdmitry\",\"Key\":\"owner\"},{\"Value\":\"kspm\",\"Key\":\"ec2_type\"},{\"Value\":\"engineering\",\"Key\":\"division\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"Name\",\"Value\":\"dg-cis-9Xx\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"deployment\",\"Value\":\"dg-cis\"},{\"Value\":\"gurevichdmitry\",\"Key\":\"project\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09c9f828a188b735f\",\"sg-09c9f828a188b735f\"],\"name\":\"terraform-20241110123313275100000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09c9f828a188b735f\",\"sg-09c9f828a188b735f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09c9f828a188b735f\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04a38b4fa1b012b7f\",\"sg-04a38b4fa1b012b7f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04a38b4fa1b012b7f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"raw\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"amir-env-cluster\"}],\"VpcId\":\"vpc-06635215f51bfd343\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-0bec95274157f2e13\"}],\"FromPort\":443}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04a38b4fa1b012b7f\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0bec95274157f2e13\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":10250},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0bec95274157f2e13\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Description\":\"EKS cluster security group\",\"GroupId\":\"sg-04a38b4fa1b012b7f\",\"GroupName\":\"amir-env-cluster-20230627154419418000000007\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04a38b4fa1b012b7f\",\"sg-04a38b4fa1b012b7f\"],\"name\":\"amir-env-cluster-20230627154419418000000007\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-06635215f51bfd343\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0876fb87b88d3350d\",\"sg-0876fb87b88d3350d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0876fb87b88d3350d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":null,\"Description\":\"launch-wizard-26 created 2023-02-28T16:23:26.533Z\",\"GroupName\":\"launch-wizard-26\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0876fb87b88d3350d\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0876fb87b88d3350d\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0876fb87b88d3350d\",\"sg-0876fb87b88d3350d\"],\"name\":\"launch-wizard-26\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ce0fd97bcb18be24\",\"sg-0ce0fd97bcb18be24\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ce0fd97bcb18be24\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"terraform-20230822115527077300000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0ce0fd97bcb18be24\",\"GroupName\":\"terraform-20230822115527077300000001\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ce0fd97bcb18be24\",\"Tags\":[{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Value\":\"engineering\",\"Key\":\"division\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"id\",\"Value\":\"c483c154\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Key\":\"Name\",\"Value\":\"yarden-810-bc1-HEA\"}],\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ce0fd97bcb18be24\",\"sg-0ce0fd97bcb18be24\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c6c5574c81c0cdfd\",\"sg-0c6c5574c81c0cdfd\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c6c5574c81c0cdfd\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"kfirp-home\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c6c5574c81c0cdfd\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0c6c5574c81c0cdfd\",\"GroupName\":\"kfirp-home\",\"IpPermissions\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"185.120.124.66/32\",\"Description\":null},{\"Description\":\"eyals home\",\"CidrIp\":\"37.142.0.97/32\"},{\"CidrIp\":\"87.68.252.163/32\",\"Description\":\"eyal GFs home\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"kfir peled - home\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c6c5574c81c0cdfd\",\"sg-0c6c5574c81c0cdfd\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b3e465206111809c\",\"sg-0b3e465206111809c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b3e465206111809c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Block incoming traffic\",\"IpPermissions\":[],\"Tags\":[{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Cloud-Security-Posture-Management-orz8143\"},{\"Value\":\"ElasticAgentSecurityGroup\",\"Key\":\"aws:cloudformation:logical-id\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Cloud-Security-Posture-Management-orz8143/25f51ed0-5a41-11ef-86b7-061640a59457\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b3e465206111809c\",\"GroupId\":\"sg-0b3e465206111809c\",\"GroupName\":\"elastic-agent-security-group-25f51ed0-5a41-11ef-86b7-061640a59457\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b3e465206111809c\",\"sg-0b3e465206111809c\"],\"name\":\"elastic-agent-security-group-25f51ed0-5a41-11ef-86b7-061640a59457\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ff9e54e037394a7f\",\"sg-0ff9e54e037394a7f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ff9e54e037394a7f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-35\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-0ff9e54e037394a7f\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ff9e54e037394a7f\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard created 2023-03-23T14:52:28.573Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ff9e54e037394a7f\",\"sg-0ff9e54e037394a7f\"],\"name\":\"launch-wizard-35\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0014af9525e6640f9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0014af9525e6640f9\",\"GroupId\":\"sg-0014af9525e6640f9\",\"GroupName\":\"launch-wizard-92\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[],\"FromPort\":443}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-92 created 2024-02-07T15:07:43.909Z\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0014af9525e6640f9\",\"sg-0014af9525e6640f9\"],\"name\":\"launch-wizard-92\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0014af9525e6640f9\",\"sg-0014af9525e6640f9\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-031ac0d1f1d2e00e2\",\"sg-031ac0d1f1d2e00e2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-031ac0d1f1d2e00e2\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS cluster security group\",\"IpPermissions\":[{\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-037741bbd790337d2\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"cloudbeat-tf-Gfp-cluster\",\"Key\":\"Name\"}],\"GroupId\":\"sg-031ac0d1f1d2e00e2\",\"GroupName\":\"cloudbeat-tf-Gfp-cluster-20221228114839475000000005\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-037741bbd790337d2\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":10250},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-037741bbd790337d2\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-031ac0d1f1d2e00e2\",\"VpcId\":\"vpc-0de5d19ac894b58c9\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-031ac0d1f1d2e00e2\",\"sg-031ac0d1f1d2e00e2\"],\"name\":\"cloudbeat-tf-Gfp-cluster-20221228114839475000000005\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b62d7eee9398fc52\",\"sg-0b62d7eee9398fc52\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b62d7eee9398fc52\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b62d7eee9398fc52\",\"sg-0b62d7eee9398fc52\"],\"name\":\"terraform-20221227103920550500000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"Managed by Terraform\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0b62d7eee9398fc52\",\"GroupName\":\"terraform-20221227103920550500000001\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b62d7eee9398fc52\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0539555fe9c649856\",\"sg-0539555fe9c649856\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0539555fe9c649856\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":[{\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Vulnerability-Management-cnvm/1f997e80-79fb-11ef-b33b-02c8a45cd4ff\",\"Key\":\"aws:cloudformation:stack-id\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Vulnerability-Management-cnvm\"}],\"Description\":\"Block incoming traffic\",\"GroupId\":\"sg-0539555fe9c649856\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"GroupName\":\"elastic-agent-security-group-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0539555fe9c649856\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0539555fe9c649856\",\"sg-0539555fe9c649856\"],\"name\":\"elastic-agent-security-group-1f997e80-79fb-11ef-b33b-02c8a45cd4ff\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f593556c8b39a3bf\",\"sg-0f593556c8b39a3bf\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f593556c8b39a3bf\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0f593556c8b39a3bf\",\"IpPermissionsEgress\":[],\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"GroupName\":\"test-env-ci-tf_220230620162414689700000004\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"192.168.0.0/16\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f593556c8b39a3bf\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f593556c8b39a3bf\",\"sg-0f593556c8b39a3bf\"],\"name\":\"test-env-ci-tf_220230620162414689700000004\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a96ad6bcf19212a1\",\"sg-0a96ad6bcf19212a1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a96ad6bcf19212a1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"ec2group1\",\"GroupName\":\"ec2group1\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"GroupId\":\"sg-0a96ad6bcf19212a1\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a96ad6bcf19212a1\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a96ad6bcf19212a1\",\"sg-0a96ad6bcf19212a1\"],\"name\":\"ec2group1\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0730f2e1d00922626\",\"sg-0730f2e1d00922626\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0730f2e1d00922626\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0730f2e1d00922626\",\"VpcId\":\"vpc-6cb55a15\",\"Tags\":null,\"Description\":\"launch-wizard created 2023-05-17T07:28:29.572Z\",\"GroupId\":\"sg-0730f2e1d00922626\",\"GroupName\":\"launch-wizard-52\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0730f2e1d00922626\",\"sg-0730f2e1d00922626\"],\"name\":\"launch-wizard-52\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04ed1491c2cf3b189\",\"sg-04ed1491c2cf3b189\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04ed1491c2cf3b189\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04ed1491c2cf3b189\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-84 created 2023-10-17T13:33:01.269Z\",\"GroupId\":\"sg-04ed1491c2cf3b189\",\"GroupName\":\"launch-wizard-84\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04ed1491c2cf3b189\",\"sg-04ed1491c2cf3b189\"],\"name\":\"launch-wizard-84\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"terraform-20241107082529465400000001\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"VpcId\":\"vpc-6cb55a15\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06310d78ba6e3ef02\",\"Tags\":[{\"Key\":\"ec2_type\",\"Value\":\"asset_inventory\"},{\"Key\":\"project\",\"Value\":\"gurevichdmitry\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"id\",\"Value\":\"5431d928\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"Name\",\"Value\":\"dg-ref-1-lls\"},{\"Key\":\"deployment\",\"Value\":\"dg-ref-1\"},{\"Key\":\"owner\",\"Value\":\"gurevichdmitry\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"}],\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-06310d78ba6e3ef02\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06310d78ba6e3ef02\",\"sg-06310d78ba6e3ef02\"],\"name\":\"terraform-20241107082529465400000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06310d78ba6e3ef02\",\"sg-06310d78ba6e3ef02\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06310d78ba6e3ef02\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fa0aaac6f1023ec0\",\"sg-0fa0aaac6f1023ec0\"],\"name\":\"cloudbeat-tf-T5Z-cluster-20230124141655225700000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS cluster security group\",\"GroupId\":\"sg-0fa0aaac6f1023ec0\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-087b0503b8c5668cf\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fa0aaac6f1023ec0\",\"GroupName\":\"cloudbeat-tf-T5Z-cluster-20230124141655225700000006\",\"IpPermissionsEgress\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-087b0503b8c5668cf\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\"}],\"FromPort\":10250,\"IpProtocol\":\"tcp\"},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-087b0503b8c5668cf\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-cluster\"}],\"VpcId\":\"vpc-02190da3c759732a9\"}},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fa0aaac6f1023ec0\",\"sg-0fa0aaac6f1023ec0\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fa0aaac6f1023ec0\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0133ee02b1d6a0bd0\",\"sg-0133ee02b1d6a0bd0\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0133ee02b1d6a0bd0\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupName\":\"long-running-project_120231123175751595700000004\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-0133ee02b1d6a0bd0\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0133ee02b1d6a0bd0\",\"VpcId\":\"vpc-096d5aaf84103883c\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0133ee02b1d6a0bd0\",\"sg-0133ee02b1d6a0bd0\"],\"name\":\"long-running-project_120231123175751595700000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"tags\":null,\"raw\":{\"Tags\":null,\"GroupId\":\"sg-05d140d6d4af9344d\",\"GroupName\":\"Red Hat Enterprise Linux 8-8.7-AutogenByAWSMP--1\",\"IpPermissions\":[{\"ToPort\":80,\"UserIdGroupPairs\":[],\"FromPort\":80,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05d140d6d4af9344d\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Red Hat Enterprise Linux 8-8.7-AutogenByAWSMP--1 created 2023-11-07T18:36:04.331Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05d140d6d4af9344d\",\"sg-05d140d6d4af9344d\"],\"name\":\"Red Hat Enterprise Linux 8-8.7-AutogenByAWSMP--1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05d140d6d4af9344d\",\"sg-05d140d6d4af9344d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05d140d6d4af9344d\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09ce8ba61ff6b58ab\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":[{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/ido-eks-daily-850-single-cluster\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"ido-eks-daily-850-single-cluster\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-ido-eks-daily-850-single-cluster-1718177892\"}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09ce8ba61ff6b58ab\",\"GroupName\":\"eks-cluster-sg-ido-eks-daily-850-single-cluster-1718177892\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-09ce8ba61ff6b58ab\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09ce8ba61ff6b58ab\",\"sg-09ce8ba61ff6b58ab\"],\"name\":\"eks-cluster-sg-ido-eks-daily-850-single-cluster-1718177892\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09ce8ba61ff6b58ab\",\"sg-09ce8ba61ff6b58ab\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-87 created 2023-12-08T11:29:51.792Z\",\"GroupId\":\"sg-046a01dae989c2b23\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-046a01dae989c2b23\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"launch-wizard-87\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-046a01dae989c2b23\",\"sg-046a01dae989c2b23\"],\"name\":\"launch-wizard-87\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-046a01dae989c2b23\",\"sg-046a01dae989c2b23\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-046a01dae989c2b23\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09df825152000e454\",\"sg-09df825152000e454\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09df825152000e454\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"terraform-20221229085926672300000003\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"terraform-20221229085926672300000003\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-09df825152000e454\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09df825152000e454\",\"Tags\":[{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"id\",\"Value\":\"f30e729f\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09df825152000e454\",\"sg-09df825152000e454\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00a68778f0558daf5\",\"sg-00a68778f0558daf5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00a68778f0558daf5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00a68778f0558daf5\",\"sg-00a68778f0558daf5\"],\"name\":\"eks-cluster-sg-rickyQACycleMarch-1027225689\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupName\":\"eks-cluster-sg-rickyQACycleMarch-1027225689\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-00a68778f0558daf5\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00a68778f0558daf5\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-rickyQACycleMarch-1027225689\"},{\"Key\":\"kubernetes.io/cluster/rickyQACycleMarch\",\"Value\":\"owned\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"rickyQACycleMarch\"}]}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08aa8c830f2880034\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"VpcId\":\"vpc-096d5aaf84103883c\",\"GroupId\":\"sg-08aa8c830f2880034\",\"GroupName\":\"default\",\"IpPermissions\":[{\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-08aa8c830f2880034\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08aa8c830f2880034\",\"Description\":\"default VPC security group\",\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08aa8c830f2880034\",\"sg-08aa8c830f2880034\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08aa8c830f2880034\",\"sg-08aa8c830f2880034\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00abde86f10b1c9d6\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupName\":\"terraform-20241119125144311500000001\",\"Tags\":[{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-0Ht\"},{\"Key\":\"ec2_type\",\"Value\":\"cspm\"},{\"Key\":\"id\",\"Value\":\"a20a0b76\"},{\"Key\":\"project\",\"Value\":\"kubasobon\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Value\":\"kuba-logs\",\"Key\":\"deployment\"}],\"GroupId\":\"sg-00abde86f10b1c9d6\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00abde86f10b1c9d6\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00abde86f10b1c9d6\",\"sg-00abde86f10b1c9d6\"],\"name\":\"terraform-20241119125144311500000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00abde86f10b1c9d6\",\"sg-00abde86f10b1c9d6\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b90041c77b0cc82\",\"sg-01b90041c77b0cc82\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b90041c77b0cc82\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b90041c77b0cc82\",\"sg-01b90041c77b0cc82\"],\"name\":\"eks-cluster-sg-QACycleApril-1848587120\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-01b90041c77b0cc82\",\"GroupName\":\"eks-cluster-sg-QACycleApril-1848587120\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01b90041c77b0cc82\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-QACycleApril-1848587120\"},{\"Key\":\"kubernetes.io/cluster/QACycleApril\",\"Value\":\"owned\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"QACycleApril\"}]}},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef04937e4402f8bd\",\"sg-0ef04937e4402f8bd\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef04937e4402f8bd\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef04937e4402f8bd\",\"sg-0ef04937e4402f8bd\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef04937e4402f8bd\",\"Tags\":null,\"VpcId\":\"vpc-0265091ed79292f2c\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-0ef04937e4402f8bd\",\"GroupName\":\"default\",\"IpPermissions\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0ef04937e4402f8bd\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\"}]}},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0265091ed79292f2c\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00533e66d7b9df5ca\",\"sg-00533e66d7b9df5ca\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00533e66d7b9df5ca\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00533e66d7b9df5ca\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-AhU\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-AhU-node\"}],\"VpcId\":\"vpc-05dd3a849e821fafc\",\"Description\":\"EKS node shared security group\",\"GroupId\":\"sg-00533e66d7b9df5ca\",\"GroupName\":\"cloudbeat-tf-AhU-node-20230110154206969000000005\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0ef8076d067e1c06f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-00533e66d7b9df5ca\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\"}],\"FromPort\":53},{\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00533e66d7b9df5ca\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53},{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0ef8076d067e1c06f\",\"GroupName\":null}],\"FromPort\":443}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00533e66d7b9df5ca\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":53},{\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00533e66d7b9df5ca\"}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[]},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-0ef8076d067e1c06f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00533e66d7b9df5ca\",\"sg-00533e66d7b9df5ca\"],\"name\":\"cloudbeat-tf-AhU-node-20230110154206969000000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.094+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c8fcd1bd6d2775f3\",\"sg-0c8fcd1bd6d2775f3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c8fcd1bd6d2775f3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c8fcd1bd6d2775f3\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-QACycleDailyChecksSingleNode-1155598760\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"QACycleDailyChecksSingleNode\"},{\"Key\":\"kubernetes.io/cluster/QACycleDailyChecksSingleNode\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-0c8fcd1bd6d2775f3\",\"GroupName\":\"eks-cluster-sg-QACycleDailyChecksSingleNode-1155598760\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissions\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c8fcd1bd6d2775f3\",\"sg-0c8fcd1bd6d2775f3\"],\"name\":\"eks-cluster-sg-QACycleDailyChecksSingleNode-1155598760\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-024061bf09f6e6447\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-76 created 2023-10-05T11:36:15.607Z\",\"GroupName\":\"launch-wizard-76\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"GroupId\":\"sg-024061bf09f6e6447\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-024061bf09f6e6447\",\"sg-024061bf09f6e6447\"],\"name\":\"launch-wizard-76\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-024061bf09f6e6447\",\"sg-024061bf09f6e6447\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-024061bf09f6e6447\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Tags\":null,\"VpcId\":\"vpc-0a74788000c2f0013\",\"IpPermissions\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-012415918e0e8b5c5\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-012415918e0e8b5c5\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-012415918e0e8b5c5\",\"GroupName\":\"default\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-012415918e0e8b5c5\",\"sg-012415918e0e8b5c5\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-012415918e0e8b5c5\",\"sg-012415918e0e8b5c5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-012415918e0e8b5c5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02536c088287dc52e\",\"sg-02536c088287dc52e\"],\"name\":\"eks-cluster-sg-serverless-sanity-test-237222592\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"eks-cluster-sg-serverless-sanity-test-237222592\",\"IpPermissions\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02536c088287dc52e\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-02536c088287dc52e\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"serverless-sanity-test\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-serverless-sanity-test-237222592\"},{\"Key\":\"kubernetes.io/cluster/serverless-sanity-test\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-6cb55a15\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02536c088287dc52e\",\"sg-02536c088287dc52e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02536c088287dc52e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06293826e69083029\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06293826e69083029\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-74 created 2023-09-12T00:56:53.561Z\",\"GroupId\":\"sg-06293826e69083029\",\"GroupName\":\"launch-wizard-74\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06293826e69083029\",\"sg-06293826e69083029\"],\"name\":\"launch-wizard-74\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06293826e69083029\",\"sg-06293826e69083029\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-9fe74ed2\",\"sg-9fe74ed2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-9fe74ed2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-9fe74ed2\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-9fe74ed2\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-9fe74ed2\",\"GroupName\":\"default\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-9fe74ed2\",\"sg-9fe74ed2\"],\"name\":\"default\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09e20af82b07b134a\",\"sg-09e20af82b07b134a\"],\"name\":\"terraform-20241119125144321500000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09e20af82b07b134a\",\"Tags\":[{\"Key\":\"id\",\"Value\":\"4a6fec6c\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"deployment\",\"Value\":\"kuba-logs\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Key\":\"project\",\"Value\":\"kubasobon\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-0Ht\"},{\"Key\":\"ec2_type\",\"Value\":\"asset_inventory\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"}],\"GroupName\":\"terraform-20241119125144321500000002\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-09e20af82b07b134a\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09e20af82b07b134a\",\"sg-09e20af82b07b134a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09e20af82b07b134a\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04093adb1eb18cf34\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04093adb1eb18cf34\",\"sg-04093adb1eb18cf34\"],\"name\":\"launch-wizard-93\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-93 created 2024-02-08T16:57:38.905Z\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04093adb1eb18cf34\",\"GroupId\":\"sg-04093adb1eb18cf34\",\"GroupName\":\"launch-wizard-93\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-04093adb1eb18cf34\",\"sg-04093adb1eb18cf34\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-079e81f9362297fab\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-079e81f9362297fab\",\"GroupName\":\"terraform-20230221153836697300000001\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-079e81f9362297fab\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"Tags\":[{\"Key\":\"owner\",\"Value\":\"\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"project\",\"Value\":\"\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"id\",\"Value\":\"real-caribou\"},{\"Key\":\"previsioner\",\"Value\":\"tarraform\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-079e81f9362297fab\",\"sg-079e81f9362297fab\"],\"name\":\"terraform-20230221153836697300000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-079e81f9362297fab\",\"sg-079e81f9362297fab\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-5\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"77.137.8.226/32\",\"Description\":null},{\"CidrIp\":\"109.66.153.228/32\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"Description\":\"launch-wizard-5 created 2021-03-25T17:07:23.182+02:00\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f7f816d53cd40c8c\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0f7f816d53cd40c8c\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f7f816d53cd40c8c\",\"sg-0f7f816d53cd40c8c\"],\"name\":\"launch-wizard-5\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f7f816d53cd40c8c\",\"sg-0f7f816d53cd40c8c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f7f816d53cd40c8c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09567fb7f3ce37454\",\"sg-09567fb7f3ce37454\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09567fb7f3ce37454\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-nsZ-node\"},{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-nsZ\"}],\"VpcId\":\"vpc-0a74788000c2f0013\",\"Description\":\"EKS node shared security group\",\"GroupId\":\"sg-09567fb7f3ce37454\",\"GroupName\":\"cloudbeat-tf-nsZ-node-20230214081025186000000004\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09567fb7f3ce37454\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0e05e3623fd3011bf\",\"GroupName\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-09567fb7f3ce37454\"}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-09567fb7f3ce37454\",\"GroupName\":null}]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0e05e3623fd3011bf\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\"}],\"FromPort\":443}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-09567fb7f3ce37454\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":53},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-09567fb7f3ce37454\",\"GroupName\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-0e05e3623fd3011bf\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}]},{\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-09567fb7f3ce37454\",\"sg-09567fb7f3ce37454\"],\"name\":\"cloudbeat-tf-nsZ-node-20230214081025186000000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05bfd98bca12ff74b\",\"sg-05bfd98bca12ff74b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05bfd98bca12ff74b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05bfd98bca12ff74b\",\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"previsioner\",\"Value\":\"tarraform\"},{\"Key\":\"id\",\"Value\":\"mighty-hound\"},{\"Key\":\"owner\",\"Value\":\"\"},{\"Key\":\"project\",\"Value\":\"\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"terraform-20230221165217041100000001\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-05bfd98bca12ff74b\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05bfd98bca12ff74b\",\"sg-05bfd98bca12ff74b\"],\"name\":\"terraform-20230221165217041100000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0362a309588a6a409\",\"sg-0362a309588a6a409\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0362a309588a6a409\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"terraform-20230608103736417100000003\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0362a309588a6a409\",\"GroupName\":\"terraform-20230608103736417100000003\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0362a309588a6a409\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kfir-June8-8-8-0-3mF\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"id\",\"Value\":\"d68a614e\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0362a309588a6a409\",\"sg-0362a309588a6a409\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e45d960098cfd8bb\",\"sg-0e45d960098cfd8bb\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e45d960098cfd8bb\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e45d960098cfd8bb\",\"sg-0e45d960098cfd8bb\"],\"name\":\"launch-wizard-55\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-55 created 2023-05-31T15:54:50.770Z\",\"GroupId\":\"sg-0e45d960098cfd8bb\",\"GroupName\":\"launch-wizard-55\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e45d960098cfd8bb\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0580b28b72f958302\",\"sg-0580b28b72f958302\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0580b28b72f958302\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"eks-cluster-sg-cluster-single-node-8-7-1393993815\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-0580b28b72f958302\",\"IpPermissions\":[],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-cluster-single-node-8-7-1393993815\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"cluster-single-node-8-7\"},{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/cluster-single-node-8-7\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"eks-cluster-sg-cluster-single-node-8-7-1393993815\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0580b28b72f958302\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0580b28b72f958302\",\"sg-0580b28b72f958302\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"raw\":{\"Tags\":null,\"Description\":\"launch-wizard-21 created 2023-01-29T11:24:43.440Z\",\"GroupId\":\"sg-0a45bf139b44448f1\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a45bf139b44448f1\",\"GroupName\":\"launch-wizard-21\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a45bf139b44448f1\",\"sg-0a45bf139b44448f1\"],\"name\":\"launch-wizard-21\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a45bf139b44448f1\",\"sg-0a45bf139b44448f1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a45bf139b44448f1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"name\":\"vuls-sg-24481\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"DESCRIPTION\",\"GroupId\":\"sg-0145467bb26dbb4da\",\"GroupName\":\"vuls-sg-24481\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0145467bb26dbb4da\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"PrefixListIds\":[],\"ToPort\":24481,\"UserIdGroupPairs\":[],\"FromPort\":24481,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0145467bb26dbb4da\",\"sg-0145467bb26dbb4da\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0145467bb26dbb4da\",\"sg-0145467bb26dbb4da\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0145467bb26dbb4da\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0066ee97b29f7a65b\",\"sg-0066ee97b29f7a65b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0066ee97b29f7a65b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0066ee97b29f7a65b\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-5jA-node\"},{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-5jA\"}],\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"Description\":\"EKS node shared security group\",\"GroupName\":\"cloudbeat-tf-5jA-node-20230111100434286600000006\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0bbe87f51ba1632d5\",\"GroupName\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"ToPort\":53,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0066ee97b29f7a65b\",\"GroupName\":null}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0066ee97b29f7a65b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0bbe87f51ba1632d5\"}],\"FromPort\":443}],\"IpPermissionsEgress\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0066ee97b29f7a65b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\"}],\"FromPort\":53,\"IpProtocol\":\"udp\"},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0066ee97b29f7a65b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\"}],\"FromPort\":53,\"IpProtocol\":\"tcp\"},{\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[]},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0bbe87f51ba1632d5\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\"}]},{\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0066ee97b29f7a65b\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0066ee97b29f7a65b\",\"sg-0066ee97b29f7a65b\"],\"name\":\"cloudbeat-tf-5jA-node-20230111100434286600000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e05e3623fd3011bf\",\"sg-0e05e3623fd3011bf\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e05e3623fd3011bf\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS cluster security group\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e05e3623fd3011bf\",\"VpcId\":\"vpc-0a74788000c2f0013\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-nsZ-cluster\"}],\"GroupId\":\"sg-0e05e3623fd3011bf\",\"GroupName\":\"cloudbeat-tf-nsZ-cluster-20230214081025188300000007\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-09567fb7f3ce37454\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":443}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-09567fb7f3ce37454\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-09567fb7f3ce37454\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e05e3623fd3011bf\",\"sg-0e05e3623fd3011bf\"],\"name\":\"cloudbeat-tf-nsZ-cluster-20230214081025188300000007\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0913f10e5e5b4b2cd\",\"sg-0913f10e5e5b4b2cd\"],\"name\":\"terraform-20230716100146382600000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0913f10e5e5b4b2cd\",\"GroupName\":\"terraform-20230716100146382600000002\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0913f10e5e5b4b2cd\",\"Tags\":[{\"Key\":\"ec2_type\",\"Value\":\"cspm\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"id\",\"Value\":\"47e32e79\"},{\"Value\":\"test-environments\",\"Key\":\"project\"},{\"Value\":\"yarden-qa-890-ZxU\",\"Key\":\"Name\"}],\"VpcId\":\"vpc-6cb55a15\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0913f10e5e5b4b2cd\",\"sg-0913f10e5e5b4b2cd\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0913f10e5e5b4b2cd\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cdb69ef0fa5177e6\",\"sg-0cdb69ef0fa5177e6\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cdb69ef0fa5177e6\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-105 created 2024-05-24T12:21:54.867Z\",\"GroupId\":\"sg-0cdb69ef0fa5177e6\",\"GroupName\":\"launch-wizard-105\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"86.89.2.244/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cdb69ef0fa5177e6\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cdb69ef0fa5177e6\",\"sg-0cdb69ef0fa5177e6\"],\"name\":\"launch-wizard-105\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05dcf0a7444f0afb7\",\"sg-05dcf0a7444f0afb7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05dcf0a7444f0afb7\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05dcf0a7444f0afb7\",\"sg-05dcf0a7444f0afb7\"],\"name\":\"vuls-sg-10584\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"Description\":\"DESCRIPTION\",\"GroupId\":\"sg-05dcf0a7444f0afb7\",\"GroupName\":\"vuls-sg-10584\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[]},{\"PrefixListIds\":[],\"ToPort\":10584,\"UserIdGroupPairs\":[],\"FromPort\":10584,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05dcf0a7444f0afb7\",\"VpcId\":\"vpc-6cb55a15\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-081b6075cf7a6671e\",\"sg-081b6075cf7a6671e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-081b6075cf7a6671e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-081b6075cf7a6671e\",\"sg-081b6075cf7a6671e\"],\"name\":\"cloudbeat-tf-5jA_120230111100433256600000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-081b6075cf7a6671e\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"Description\":\"Managed by Terraform\",\"GroupName\":\"cloudbeat-tf-5jA_120230111100433256600000005\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-081b6075cf7a6671e\",\"Tags\":null,\"VpcId\":\"vpc-05eeaaeb72e2eb28b\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e26e20f27b36af13\",\"sg-0e26e20f27b36af13\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e26e20f27b36af13\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"name\":\"cloudbeat-tf-WWZ_120221229084123639200000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"cloudbeat-tf-WWZ_120221229084123639200000005\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e26e20f27b36af13\",\"Tags\":null,\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0e26e20f27b36af13\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e26e20f27b36af13\",\"sg-0e26e20f27b36af13\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02a1806dc61d16252\",\"sg-02a1806dc61d16252\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02a1806dc61d16252\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-130 created 2024-10-18T17:55:39.966Z\",\"GroupId\":\"sg-02a1806dc61d16252\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02a1806dc61d16252\",\"Tags\":null,\"GroupName\":\"launch-wizard-130\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02a1806dc61d16252\",\"sg-02a1806dc61d16252\"],\"name\":\"launch-wizard-130\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0727a530b491a3fc2\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/qa-cycle-kfir-850bc1\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-qa-cycle-kfir-850bc1-1490562978\"},{\"Value\":\"qa-cycle-kfir-850bc1\",\"Key\":\"aws:eks:cluster-name\"}],\"GroupId\":\"sg-0727a530b491a3fc2\",\"GroupName\":\"eks-cluster-sg-qa-cycle-kfir-850bc1-1490562978\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0727a530b491a3fc2\",\"sg-0727a530b491a3fc2\"],\"name\":\"eks-cluster-sg-qa-cycle-kfir-850bc1-1490562978\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0727a530b491a3fc2\",\"sg-0727a530b491a3fc2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0727a530b491a3fc2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07a480cd9b21e37c6\",\"sg-07a480cd9b21e37c6\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07a480cd9b21e37c6\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Tags\":null,\"Description\":\"launch-wizard created 2022-12-26T17:25:05.174Z\",\"GroupName\":\"launch-wizard-17\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07a480cd9b21e37c6\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-07a480cd9b21e37c6\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07a480cd9b21e37c6\",\"sg-07a480cd9b21e37c6\"],\"name\":\"launch-wizard-17\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f233a80da23495f\",\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"Description\":\"EKS node shared security group\",\"GroupId\":\"sg-00f233a80da23495f\",\"IpPermissions\":[{\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0bfea65465528af0e\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}]},{\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00f233a80da23495f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00f233a80da23495f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\"},{\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0bfea65465528af0e\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"GroupName\":\"cloudbeat-tf-WWZ-node-20221229084124195100000007\",\"IpPermissionsEgress\":[{\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00f233a80da23495f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}]},{\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00f233a80da23495f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53},{\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"Description\":\"Egress NTP/UDP to internet\",\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-0bfea65465528af0e\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":\"Egress all HTTPS to internet\",\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]},{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\"}],\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-WWZ\",\"Value\":\"owned\"},{\"Value\":\"cloudbeat-tf-WWZ-node\",\"Key\":\"Name\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f233a80da23495f\",\"sg-00f233a80da23495f\"],\"name\":\"cloudbeat-tf-WWZ-node-20221229084124195100000007\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f233a80da23495f\",\"sg-00f233a80da23495f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f233a80da23495f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-045d46bcaaf8b30a2\",\"sg-045d46bcaaf8b30a2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-045d46bcaaf8b30a2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"Tags\":null,\"GroupName\":\"kuba-logs_120241119125157866600000005\",\"GroupId\":\"sg-045d46bcaaf8b30a2\",\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-045d46bcaaf8b30a2\",\"VpcId\":\"vpc-08d87433815da7907\",\"Description\":\"Managed by Terraform\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-045d46bcaaf8b30a2\",\"sg-045d46bcaaf8b30a2\"],\"name\":\"kuba-logs_120241119125157866600000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-030f5f6605855470a\",\"sg-030f5f6605855470a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-030f5f6605855470a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-030f5f6605855470a\",\"GroupId\":\"sg-030f5f6605855470a\",\"GroupName\":\"launch-wizard-103\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-103 created 2024-05-08T13:43:35.350Z\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-030f5f6605855470a\",\"sg-030f5f6605855470a\"],\"name\":\"launch-wizard-103\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05532d065753afd4f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05532d065753afd4f\",\"sg-05532d065753afd4f\"],\"name\":\"launch-wizard-46\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-46\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05532d065753afd4f\",\"Tags\":null,\"Description\":\"launch-wizard-46 created 2023-04-30T09:28:21.496Z\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-05532d065753afd4f\"}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05532d065753afd4f\",\"sg-05532d065753afd4f\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c35c8a889623c619\",\"sg-0c35c8a889623c619\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c35c8a889623c619\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Description\":\"launch-wizard-71 created 2023-07-25T10:00:47.946Z\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c35c8a889623c619\",\"GroupId\":\"sg-0c35c8a889623c619\",\"GroupName\":\"launch-wizard-71\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c35c8a889623c619\",\"sg-0c35c8a889623c619\"],\"name\":\"launch-wizard-71\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c7ebe44a2190ecce\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-096d5aaf84103883c\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c7ebe44a2190ecce\",\"Tags\":null,\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0c7ebe44a2190ecce\",\"GroupName\":\"long-running-project_220231123175751600600000005\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c7ebe44a2190ecce\",\"sg-0c7ebe44a2190ecce\"],\"name\":\"long-running-project_220231123175751600600000005\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0c7ebe44a2190ecce\",\"sg-0c7ebe44a2190ecce\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0355939458e73b674\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"owned\",\"Key\":\"kubernetes.io/cluster/TrackLiveEnvApril2023\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"TrackLiveEnvApril2023\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-TrackLiveEnvApril2023-1388655\"}],\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupName\":\"eks-cluster-sg-TrackLiveEnvApril2023-1388655\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0355939458e73b674\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0355939458e73b674\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0355939458e73b674\",\"sg-0355939458e73b674\"],\"name\":\"eks-cluster-sg-TrackLiveEnvApril2023-1388655\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0355939458e73b674\",\"sg-0355939458e73b674\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0667b2ad79500552f\",\"GroupName\":\"vuls-sg-20094\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0667b2ad79500552f\",\"Description\":\"DESCRIPTION\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":20094,\"UserIdGroupPairs\":[],\"FromPort\":20094,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[]},{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0667b2ad79500552f\",\"sg-0667b2ad79500552f\"],\"name\":\"vuls-sg-20094\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0667b2ad79500552f\",\"sg-0667b2ad79500552f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0667b2ad79500552f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ee4b0291b89d8b01\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-82\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-82\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ee4b0291b89d8b01\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-82 created 2023-10-11T22:18:29.011Z\",\"GroupId\":\"sg-0ee4b0291b89d8b01\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ee4b0291b89d8b01\",\"sg-0ee4b0291b89d8b01\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ee4b0291b89d8b01\",\"sg-0ee4b0291b89d8b01\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08174cf5bc0ba9293\",\"sg-08174cf5bc0ba9293\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08174cf5bc0ba9293\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-54 created 2023-05-30T11:59:54.854Z\",\"GroupId\":\"sg-08174cf5bc0ba9293\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"launch-wizard-54\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08174cf5bc0ba9293\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08174cf5bc0ba9293\",\"sg-08174cf5bc0ba9293\"],\"name\":\"launch-wizard-54\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"name\":\"launch-wizard-85\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-85\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"Description\":\"launch-wizard-85 created 2023-10-30T10:58:02.118Z\",\"GroupId\":\"sg-05e2fcf68ad30cc5a\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05e2fcf68ad30cc5a\",\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05e2fcf68ad30cc5a\",\"sg-05e2fcf68ad30cc5a\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05e2fcf68ad30cc5a\",\"sg-05e2fcf68ad30cc5a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05e2fcf68ad30cc5a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020ca77b815e9b27c\",\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"terraform-20240307121957425300000002\",\"GroupId\":\"sg-020ca77b815e9b27c\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"Tags\":[{\"Key\":\"Name\",\"Value\":\"delete--ess-prod-fl3\"},{\"Value\":\"Omolola-Akinleye\",\"Key\":\"owner\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Value\":\"kspm\",\"Key\":\"ec2_type\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"id\",\"Value\":\"37374ab0\"},{\"Key\":\"project\",\"Value\":\"Omolola-Akinleye\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"Description\":\"Managed by Terraform\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020ca77b815e9b27c\",\"sg-020ca77b815e9b27c\"],\"name\":\"terraform-20240307121957425300000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020ca77b815e9b27c\",\"sg-020ca77b815e9b27c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020ca77b815e9b27c\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0897c28222f7bd63c\",\"sg-0897c28222f7bd63c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0897c28222f7bd63c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"name\":\"eks-cluster-sg-testcluster-1185159896\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-0897c28222f7bd63c\",\"GroupName\":\"eks-cluster-sg-testcluster-1185159896\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0897c28222f7bd63c\",\"Tags\":[{\"Value\":\"eks-cluster-sg-testcluster-1185159896\",\"Key\":\"Name\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"testcluster\"},{\"Key\":\"kubernetes.io/cluster/testcluster\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-0a2008710cab48539\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0897c28222f7bd63c\",\"sg-0897c28222f7bd63c\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-0a2008710cab48539\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0721071cec3e78eb9\",\"sg-0721071cec3e78eb9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0721071cec3e78eb9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0721071cec3e78eb9\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0721071cec3e78eb9\",\"Description\":\"Managed by Terraform\",\"GroupName\":\"terraform-20231123175739667900000002\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"Tags\":[{\"Value\":\"cspm\",\"Key\":\"ec2_type\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"project\",\"Value\":\"amirbenun\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"Name\",\"Value\":\"long-running-project-HOV\"},{\"Key\":\"id\",\"Value\":\"e36fb526\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0721071cec3e78eb9\",\"sg-0721071cec3e78eb9\"],\"name\":\"terraform-20231123175739667900000002\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a7d10858040c8d10\",\"sg-0a7d10858040c8d10\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a7d10858040c8d10\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a7d10858040c8d10\",\"Description\":\"launch-wizard-9 created 2021-06-27T23:16:08.685+03:00\",\"GroupId\":\"sg-0a7d10858040c8d10\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"\"}]}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"launch-wizard-9\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a7d10858040c8d10\",\"sg-0a7d10858040c8d10\"],\"name\":\"launch-wizard-9\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07cdf5bfae2a79b88\",\"sg-07cdf5bfae2a79b88\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07cdf5bfae2a79b88\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-07cdf5bfae2a79b88\",\"GroupName\":\"launch-wizard-53\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-53 created 2023-05-17T12:47:41.046Z\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07cdf5bfae2a79b88\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-07cdf5bfae2a79b88\",\"sg-07cdf5bfae2a79b88\"],\"name\":\"launch-wizard-53\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ea8ff725fb1aaadf\",\"sg-0ea8ff725fb1aaadf\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ea8ff725fb1aaadf\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ea8ff725fb1aaadf\",\"Tags\":null,\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"GroupId\":\"sg-0ea8ff725fb1aaadf\",\"GroupName\":\"vuls-sg-18749\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}],\"Ipv6Ranges\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":18749,\"UserIdGroupPairs\":[],\"FromPort\":18749,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"31.154.188.106/32\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"DESCRIPTION\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ea8ff725fb1aaadf\",\"sg-0ea8ff725fb1aaadf\"],\"name\":\"vuls-sg-18749\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0558abc419b081fc9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"launch-wizard-97\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0558abc419b081fc9\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"Tags\":null,\"Description\":\"launch-wizard-97 created 2024-04-04T10:04:18.270Z\",\"GroupId\":\"sg-0558abc419b081fc9\",\"IpPermissions\":[{\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0558abc419b081fc9\",\"sg-0558abc419b081fc9\"],\"name\":\"launch-wizard-97\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0558abc419b081fc9\",\"sg-0558abc419b081fc9\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f6b809d5e053c55\",\"sg-06f6b809d5e053c55\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f6b809d5e053c55\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f6b809d5e053c55\",\"sg-06f6b809d5e053c55\"],\"name\":\"elastic-agent-security-group-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Cloud-Security-Posture-Management-logsdb4\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Cloud-Security-Posture-Management-logsdb4/61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\"}],\"Description\":\"Block incoming traffic\",\"GroupId\":\"sg-06f6b809d5e053c55\",\"GroupName\":\"elastic-agent-security-group-61a90eb0-896b-11ef-98d8-0ab4ea2a59ad\",\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06f6b809d5e053c55\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020e4243dd78d16ea\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020e4243dd78d16ea\",\"Tags\":null,\"GroupName\":\"launch-wizard-60\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-60 created 2023-06-11T10:26:56.895Z\",\"GroupId\":\"sg-020e4243dd78d16ea\",\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020e4243dd78d16ea\",\"sg-020e4243dd78d16ea\"],\"name\":\"launch-wizard-60\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020e4243dd78d16ea\",\"sg-020e4243dd78d16ea\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e6b19ccdda8193d6\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"GroupId\":\"sg-0e6b19ccdda8193d6\",\"GroupName\":\"default\",\"IpPermissions\":[{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-0e6b19ccdda8193d6\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e6b19ccdda8193d6\",\"Tags\":null,\"VpcId\":\"vpc-061fc9c22f73c7d3e\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e6b19ccdda8193d6\",\"sg-0e6b19ccdda8193d6\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-061fc9c22f73c7d3e\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0e6b19ccdda8193d6\",\"sg-0e6b19ccdda8193d6\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-037ae21d568624634\",\"sg-037ae21d568624634\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-037ae21d568624634\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"Tags\":null,\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-037ae21d568624634\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-037ae21d568624634\",\"VpcId\":\"vpc-06b023d1fc8665055\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-037ae21d568624634\",\"GroupName\":\"default\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-037ae21d568624634\",\"sg-037ae21d568624634\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bbe87f51ba1632d5\",\"sg-0bbe87f51ba1632d5\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bbe87f51ba1632d5\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupName\":\"cloudbeat-tf-5jA-cluster-20230111100434298000000007\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0066ee97b29f7a65b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":10250,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0066ee97b29f7a65b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0066ee97b29f7a65b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":443}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bbe87f51ba1632d5\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-5jA-cluster\"}],\"GroupId\":\"sg-0bbe87f51ba1632d5\",\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"Description\":\"EKS cluster security group\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bbe87f51ba1632d5\",\"sg-0bbe87f51ba1632d5\"],\"name\":\"cloudbeat-tf-5jA-cluster-20230111100434298000000007\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05cf392de8826da22\",\"sg-05cf392de8826da22\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05cf392de8826da22\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"vuls-sg-27801\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05cf392de8826da22\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"DESCRIPTION\",\"GroupId\":\"sg-05cf392de8826da22\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":27801,\"UserIdGroupPairs\":[],\"FromPort\":27801,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"77.125.101.238/32\",\"Description\":null}],\"Ipv6Ranges\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"77.125.101.238/32\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-05cf392de8826da22\",\"sg-05cf392de8826da22\"],\"name\":\"vuls-sg-27801\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08d70f71adb9119c2\",\"sg-08d70f71adb9119c2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08d70f71adb9119c2\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-08d70f71adb9119c2\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08d70f71adb9119c2\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-45 created 2023-04-25T16:51:25.946Z\",\"GroupName\":\"launch-wizard-45\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08d70f71adb9119c2\",\"sg-08d70f71adb9119c2\"],\"name\":\"launch-wizard-45\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ba151a1957eb6dd9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-108\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ba151a1957eb6dd9\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"GroupId\":\"sg-0ba151a1957eb6dd9\",\"GroupName\":\"launch-wizard-108\",\"Description\":\"launch-wizard-108 created 2024-05-28T09:42:28.712Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ba151a1957eb6dd9\",\"sg-0ba151a1957eb6dd9\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ba151a1957eb6dd9\",\"sg-0ba151a1957eb6dd9\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f931cb570d325929\",\"sg-0f931cb570d325929\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f931cb570d325929\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-131 created 2024-10-31T16:31:07.686Z\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0f931cb570d325929\",\"GroupName\":\"launch-wizard-131\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f931cb570d325929\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f931cb570d325929\",\"sg-0f931cb570d325929\"],\"name\":\"launch-wizard-131\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fef0b894ef04dc0e\",\"sg-0fef0b894ef04dc0e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fef0b894ef04dc0e\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"name\":\"eks-cluster-sg-evgb-RuleRefactor-1097455455\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/evgb-RuleRefactor\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-evgb-RuleRefactor-1097455455\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"evgb-RuleRefactor\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0fef0b894ef04dc0e\",\"GroupName\":\"eks-cluster-sg-evgb-RuleRefactor-1097455455\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fef0b894ef04dc0e\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fef0b894ef04dc0e\",\"sg-0fef0b894ef04dc0e\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fd78c4e7c7cfd95f\",\"sg-0fd78c4e7c7cfd95f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fd78c4e7c7cfd95f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fd78c4e7c7cfd95f\",\"sg-0fd78c4e7c7cfd95f\"],\"name\":\"launch-wizard-70\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fd78c4e7c7cfd95f\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-70 created 2023-07-14T09:51:34.990Z\",\"GroupName\":\"launch-wizard-70\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"GroupId\":\"sg-0fd78c4e7c7cfd95f\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fdc3e7af6e8808a8\",\"sg-0fdc3e7af6e8808a8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fdc3e7af6e8808a8\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-32 created 2023-03-16T12:14:43.117Z\",\"GroupId\":\"sg-0fdc3e7af6e8808a8\",\"GroupName\":\"launch-wizard-32\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22},{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":4000,\"UserIdGroupPairs\":[],\"FromPort\":4000}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"Tags\":null,\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fdc3e7af6e8808a8\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0fdc3e7af6e8808a8\",\"sg-0fdc3e7af6e8808a8\"],\"name\":\"launch-wizard-32\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"name\":\"eks-cluster-sg-dailyenv23-8-442921504\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"eks-cluster-sg-dailyenv23-8-442921504\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0102f07bd7bdc8efe\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-dailyenv23-8-442921504\"},{\"Key\":\"kubernetes.io/cluster/dailyenv23-8\",\"Value\":\"owned\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"dailyenv23-8\"}],\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupId\":\"sg-0102f07bd7bdc8efe\",\"IpPermissions\":[],\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0102f07bd7bdc8efe\",\"sg-0102f07bd7bdc8efe\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0102f07bd7bdc8efe\",\"sg-0102f07bd7bdc8efe\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0102f07bd7bdc8efe\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08f94b12d93999cce\",\"sg-08f94b12d93999cce\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08f94b12d93999cce\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-08f94b12d93999cce\",\"GroupName\":\"kfir-qa-project_120240404150208427400000006\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"VpcId\":\"vpc-0096efe3aab3734db\",\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08f94b12d93999cce\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08f94b12d93999cce\",\"sg-08f94b12d93999cce\"],\"name\":\"kfir-qa-project_120240404150208427400000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"default\",\"IpPermissions\":[{\"UserIdGroupPairs\":[{\"GroupId\":\"sg-083d225fa32c251f7\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-083d225fa32c251f7\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-083d225fa32c251f7\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-0de5d19ac894b58c9\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-083d225fa32c251f7\",\"sg-083d225fa32c251f7\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-083d225fa32c251f7\",\"sg-083d225fa32c251f7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-083d225fa32c251f7\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef8076d067e1c06f\",\"sg-0ef8076d067e1c06f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef8076d067e1c06f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"cloudbeat-tf-AhU-cluster-20230110154206726700000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"cloudbeat-tf-AhU-cluster-20230110154206726700000004\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-00533e66d7b9df5ca\"}],\"FromPort\":443}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-AhU-cluster\"}],\"Description\":\"EKS cluster security group\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-00533e66d7b9df5ca\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\"}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[]},{\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-00533e66d7b9df5ca\",\"GroupName\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef8076d067e1c06f\",\"VpcId\":\"vpc-05dd3a849e821fafc\",\"GroupId\":\"sg-0ef8076d067e1c06f\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0ef8076d067e1c06f\",\"sg-0ef8076d067e1c06f\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02b28e41eef10ad38\",\"sg-02b28e41eef10ad38\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02b28e41eef10ad38\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-02b28e41eef10ad38\",\"IpPermissions\":[{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0d553fcbd0fe8ce91\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\"}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02b28e41eef10ad38\",\"Description\":\"EKS cluster security group\",\"GroupName\":\"kfir-qa-project-cluster-20240404150209679500000007\",\"IpPermissionsEgress\":[{\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0d553fcbd0fe8ce91\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0d553fcbd0fe8ce91\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[]}],\"Tags\":[{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"project\",\"Value\":\"kfirpeled\"},{\"Key\":\"owner\",\"Value\":\"kfirpeled\"},{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-cluster\"},{\"Value\":\"engineering\",\"Key\":\"division\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"VpcId\":\"vpc-0096efe3aab3734db\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02b28e41eef10ad38\",\"sg-02b28e41eef10ad38\"],\"name\":\"kfir-qa-project-cluster-20240404150209679500000007\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b985f84db216b006\",\"sg-0b985f84db216b006\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b985f84db216b006\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-118\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0b985f84db216b006\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"VpcId\":\"vpc-6cb55a15\",\"Tags\":null,\"Description\":\"launch-wizard-118 created 2024-07-27T00:51:38.783Z\",\"GroupName\":\"launch-wizard-118\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b985f84db216b006\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0b985f84db216b006\",\"sg-0b985f84db216b006\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01aa862a5ca6b5060\",\"sg-01aa862a5ca6b5060\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01aa862a5ca6b5060\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-01aa862a5ca6b5060\"}]}],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"Tags\":null,\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"GroupId\":\"sg-01aa862a5ca6b5060\",\"GroupName\":\"default\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01aa862a5ca6b5060\",\"Description\":\"default VPC security group\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01aa862a5ca6b5060\",\"sg-01aa862a5ca6b5060\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"raw\":{\"GroupId\":\"sg-035b5fb965d5898ca\",\"GroupName\":\"terraform-20231224143753222900000001\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-035b5fb965d5898ca\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"Tags\":[{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-7T8\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Key\":\"id\",\"Value\":\"36526661\"}],\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-035b5fb965d5898ca\",\"sg-035b5fb965d5898ca\"],\"name\":\"terraform-20231224143753222900000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-035b5fb965d5898ca\",\"sg-035b5fb965d5898ca\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-035b5fb965d5898ca\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a75b1529e7e74d11\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-0a75b1529e7e74d11\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a75b1529e7e74d11\",\"VpcId\":\"vpc-08d87433815da7907\",\"GroupName\":\"kuba-logs_220241119125157866600000004\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a75b1529e7e74d11\",\"sg-0a75b1529e7e74d11\"],\"name\":\"kuba-logs_220241119125157866600000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a75b1529e7e74d11\",\"sg-0a75b1529e7e74d11\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03217e591544b437a\",\"sg-03217e591544b437a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03217e591544b437a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03217e591544b437a\",\"sg-03217e591544b437a\"],\"name\":\"cloudbeat-tf-Gfp_120221228114838580000000003\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupName\":\"cloudbeat-tf-Gfp_120221228114838580000000003\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03217e591544b437a\",\"Tags\":null,\"GroupId\":\"sg-03217e591544b437a\",\"IpPermissionsEgress\":[],\"VpcId\":\"vpc-0de5d19ac894b58c9\"}},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020c87b287cb15e5a\",\"sg-020c87b287cb15e5a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020c87b287cb15e5a\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"terraform-20230627154406603700000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"terraform-20230627154406603700000001\",\"Tags\":[{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Value\":\"cspm\",\"Key\":\"ec2_type\"},{\"Key\":\"Name\",\"Value\":\"amir-env-rEY\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"id\",\"Value\":\"8df060e4\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"test-environments\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-020c87b287cb15e5a\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020c87b287cb15e5a\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-020c87b287cb15e5a\",\"sg-020c87b287cb15e5a\"]},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06c15b89b2816c94b\",\"sg-06c15b89b2816c94b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06c15b89b2816c94b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06c15b89b2816c94b\",\"sg-06c15b89b2816c94b\"],\"name\":\"benchmark-rules-cluster-20240530133042015600000007\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-06c15b89b2816c94b\",\"IpPermissionsEgress\":[{\"ToPort\":10250,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\"}],\"FromPort\":443}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-06c15b89b2816c94b\",\"Tags\":[{\"Key\":\"owner\",\"Value\":\"seanrathier\"},{\"Key\":\"Name\",\"Value\":\"benchmark-rules-cluster\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"project\",\"Value\":\"seanrathier\"},{\"Key\":\"deployment\",\"Value\":\"benchmark-rules\"}],\"VpcId\":\"vpc-00103fb710b9960ab\",\"Description\":\"EKS cluster security group\",\"GroupName\":\"benchmark-rules-cluster-20240530133042015600000007\",\"IpPermissions\":[{\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\"}},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-101 created 2024-05-08T12:25:58.501Z\",\"GroupId\":\"sg-047db4aef95e98499\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-047db4aef95e98499\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"GroupName\":\"launch-wizard-101\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-047db4aef95e98499\",\"sg-047db4aef95e98499\"],\"name\":\"launch-wizard-101\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-047db4aef95e98499\",\"sg-047db4aef95e98499\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-047db4aef95e98499\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-070533c7ddc0656a4\",\"sg-070533c7ddc0656a4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-070533c7ddc0656a4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-qa-bc3-mult-nodes-736469452\"},{\"Key\":\"kubernetes.io/cluster/qa-bc3-mult-nodes\",\"Value\":\"owned\"},{\"Value\":\"qa-bc3-mult-nodes\",\"Key\":\"aws:eks:cluster-name\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupName\":\"eks-cluster-sg-qa-bc3-mult-nodes-736469452\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"GroupId\":\"sg-070533c7ddc0656a4\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-070533c7ddc0656a4\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-070533c7ddc0656a4\",\"sg-070533c7ddc0656a4\"],\"name\":\"eks-cluster-sg-qa-bc3-mult-nodes-736469452\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cac7097eab629a5f\",\"sg-0cac7097eab629a5f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cac7097eab629a5f\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cac7097eab629a5f\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0cac7097eab629a5f\",\"GroupName\":\"terraform-20221226173715014900000001\",\"Tags\":null,\"Description\":\"Managed by Terraform\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cac7097eab629a5f\",\"sg-0cac7097eab629a5f\"],\"name\":\"terraform-20221226173715014900000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupName\":\"terraform-20240910133602738300000001\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"owner\",\"Value\":\"gurevichdmitry\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"deployment\",\"Value\":\"dg-ref\"},{\"Value\":\"engineering\",\"Key\":\"division\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"Name\",\"Value\":\"dg-ref-BPl\"},{\"Value\":\"cloudtrail\",\"Key\":\"ec2_type\"},{\"Key\":\"id\",\"Value\":\"e7ecc55a\"},{\"Value\":\"gurevichdmitry\",\"Key\":\"project\"}],\"GroupId\":\"sg-096cf869b395e05d9\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-096cf869b395e05d9\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-096cf869b395e05d9\",\"sg-096cf869b395e05d9\"],\"name\":\"terraform-20240910133602738300000001\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-096cf869b395e05d9\",\"sg-096cf869b395e05d9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-096cf869b395e05d9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"raw\":{\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-039c1b64bbba3a5d3\",\"GroupName\":\"launch-wizard-126\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-039c1b64bbba3a5d3\",\"Tags\":null,\"Description\":\"launch-wizard-126 created 2024-09-26T11:19:07.750Z\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-039c1b64bbba3a5d3\",\"sg-039c1b64bbba3a5d3\"],\"name\":\"launch-wizard-126\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-039c1b64bbba3a5d3\",\"sg-039c1b64bbba3a5d3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-039c1b64bbba3a5d3\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a15e5a12fc1d42d9\",\"sg-0a15e5a12fc1d42d9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a15e5a12fc1d42d9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a15e5a12fc1d42d9\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"GroupId\":\"sg-0a15e5a12fc1d42d9\",\"GroupName\":\"launch-wizard-109\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"86.89.2.244/32\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"OwnerId\":\"704479110758\",\"Description\":\"launch-wizard-109 created 2024-05-31T08:45:22.769Z\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a15e5a12fc1d42d9\",\"sg-0a15e5a12fc1d42d9\"],\"name\":\"launch-wizard-109\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f321b26de2ffa92c\",\"sg-0f321b26de2ffa92c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f321b26de2ffa92c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"public-demo\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0f321b26de2ffa92c\",\"GroupName\":\"public-demo\",\"Tags\":null,\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f321b26de2ffa92c\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Created by RDS management console\",\"IpPermissions\":[{\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[],\"ToPort\":3306,\"UserIdGroupPairs\":[],\"FromPort\":3306,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f321b26de2ffa92c\",\"sg-0f321b26de2ffa92c\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0abf91c4ced61e186\",\"sg-0abf91c4ced61e186\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0abf91c4ced61e186\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupName\":\"terraform-20230822104353791500000002\",\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"project\",\"Value\":\"test-environments\"},{\"Value\":\"yarden-qa-810-bc1-i0f\",\"Key\":\"Name\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"id\",\"Value\":\"a5363fcb\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Key\":\"ec2_type\",\"Value\":\"cspm\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-0abf91c4ced61e186\",\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0abf91c4ced61e186\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0abf91c4ced61e186\",\"sg-0abf91c4ced61e186\"],\"name\":\"terraform-20230822104353791500000002\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-078350f69503df781\",\"sg-078350f69503df781\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-078350f69503df781\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"launch-wizard-27\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-27 created 2023-03-02T13:27:52.993Z\",\"GroupId\":\"sg-078350f69503df781\",\"GroupName\":\"launch-wizard-27\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-078350f69503df781\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-078350f69503df781\",\"sg-078350f69503df781\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02810573fb8b708b0\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-38 created 2023-03-23T18:02:27.042Z\",\"GroupId\":\"sg-02810573fb8b708b0\",\"GroupName\":\"launch-wizard-38\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"IpPermissions\":[{\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02810573fb8b708b0\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02810573fb8b708b0\",\"sg-02810573fb8b708b0\"],\"name\":\"launch-wizard-38\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02810573fb8b708b0\",\"sg-02810573fb8b708b0\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a4d02d4df54f87c9\",\"sg-0a4d02d4df54f87c9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a4d02d4df54f87c9\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-99 created 2024-04-25T11:38:48.208Z\",\"GroupId\":\"sg-0a4d02d4df54f87c9\",\"GroupName\":\"launch-wizard-99\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a4d02d4df54f87c9\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a4d02d4df54f87c9\",\"sg-0a4d02d4df54f87c9\"],\"name\":\"launch-wizard-99\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bd04f78e467e6817\",\"sg-0bd04f78e467e6817\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bd04f78e467e6817\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bd04f78e467e6817\",\"sg-0bd04f78e467e6817\"],\"name\":\"launch-wizard-127\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-127 created 2024-09-30T09:14:17.955Z\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bd04f78e467e6817\",\"GroupId\":\"sg-0bd04f78e467e6817\",\"GroupName\":\"launch-wizard-127\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08bf4e05602dd7d3c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08bf4e05602dd7d3c\",\"sg-08bf4e05602dd7d3c\"],\"name\":\"launch-wizard-15\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-08bf4e05602dd7d3c\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08bf4e05602dd7d3c\",\"Tags\":null,\"Description\":\"launch-wizard-15 created 2022-11-30T13:49:20.279Z\",\"GroupName\":\"launch-wizard-15\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-6cb55a15\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-08bf4e05602dd7d3c\",\"sg-08bf4e05602dd7d3c\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f97c5fd4c506f7f\",\"sg-00f97c5fd4c506f7f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f97c5fd4c506f7f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"cloudbeat-tf-pEN-node-20221226075536169100000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS node shared security group\",\"IpPermissions\":[{\"FromPort\":0,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"test-aws-sg-failed\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":65535,\"UserIdGroupPairs\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-02406c5b73859ae29\"}],\"FromPort\":10250},{\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00f97c5fd4c506f7f\"}],\"FromPort\":53,\"IpProtocol\":\"tcp\"},{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00f97c5fd4c506f7f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"FromPort\":0,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":\"test-aws-sg-failed_v6\"}],\"PrefixListIds\":[],\"ToPort\":65535,\"UserIdGroupPairs\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-02406c5b73859ae29\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":443}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00f97c5fd4c506f7f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00f97c5fd4c506f7f\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}]},{\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-02406c5b73859ae29\",\"GroupName\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"Description\":\"Egress all HTTPS to internet\",\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]},{\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123},{\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-pEN-node\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-pEN\",\"Value\":\"owned\"},{\"Key\":\"test_aws\",\"Value\":\"\"}],\"GroupId\":\"sg-00f97c5fd4c506f7f\",\"GroupName\":\"cloudbeat-tf-pEN-node-20221226075536169100000006\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f97c5fd4c506f7f\",\"VpcId\":\"vpc-04ece708af6c9b689\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00f97c5fd4c506f7f\",\"sg-00f97c5fd4c506f7f\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f1daffb475bc897\",\"sg-01f1daffb475bc897\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f1daffb475bc897\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f1daffb475bc897\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/bc1087cluster\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-bc1087cluster-1984242693\"},{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"bc1087cluster\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"GroupName\":\"eks-cluster-sg-bc1087cluster-1984242693\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}]}],\"GroupId\":\"sg-01f1daffb475bc897\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-01f1daffb475bc897\",\"sg-01f1daffb475bc897\"],\"name\":\"eks-cluster-sg-bc1087cluster-1984242693\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-031362009abcb1c55\",\"sg-031362009abcb1c55\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-031362009abcb1c55\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-031362009abcb1c55\",\"GroupId\":\"sg-031362009abcb1c55\",\"GroupName\":\"cloudbeat-tf-T5Z_120230124141654126300000004\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"10.0.0.0/8\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"IpPermissionsEgress\":[],\"Description\":\"Managed by Terraform\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-02190da3c759732a9\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-031362009abcb1c55\",\"sg-031362009abcb1c55\"],\"name\":\"cloudbeat-tf-T5Z_120230124141654126300000004\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0017d4507d98974f6\",\"sg-0017d4507d98974f6\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0017d4507d98974f6\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"GroupName\":\"default\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-0017d4507d98974f6\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-0017d4507d98974f6\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0017d4507d98974f6\",\"VpcId\":\"vpc-05eeaaeb72e2eb28b\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0017d4507d98974f6\",\"sg-0017d4507d98974f6\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a509074669fdd389\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a509074669fdd389\",\"sg-0a509074669fdd389\"],\"name\":\"terraform-20241119125144329800000003\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a509074669fdd389\",\"GroupId\":\"sg-0a509074669fdd389\",\"GroupName\":\"terraform-20241119125144329800000003\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"Description\":\"Managed by Terraform\",\"Tags\":[{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"owner\",\"Value\":\"kubasobon\"},{\"Value\":\"adc8e8a8\",\"Key\":\"id\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Key\":\"deployment\",\"Value\":\"kuba-logs\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-0Ht\"},{\"Key\":\"project\",\"Value\":\"kubasobon\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"}],\"VpcId\":\"vpc-6cb55a15\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a509074669fdd389\",\"sg-0a509074669fdd389\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02fe491796ff4fe12\",\"sg-02fe491796ff4fe12\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02fe491796ff4fe12\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Managed by Terraform\",\"GroupId\":\"sg-02fe491796ff4fe12\",\"GroupName\":\"terraform-20240530133027047300000001\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"Tags\":[{\"Key\":\"owner\",\"Value\":\"seanrathier\"},{\"Key\":\"id\",\"Value\":\"87c120a0\"},{\"Key\":\"deployment\",\"Value\":\"benchmark-rules\"},{\"Key\":\"Name\",\"Value\":\"benchmark-rules-3gw\"},{\"Key\":\"project\",\"Value\":\"seanrathier\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"},{\"Key\":\"provisioner\",\"Value\":\"terraform\"},{\"Value\":\"cloud-security-posture\",\"Key\":\"team\"}],\"VpcId\":\"vpc-6cb55a15\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02fe491796ff4fe12\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02fe491796ff4fe12\",\"sg-02fe491796ff4fe12\"],\"name\":\"terraform-20240530133027047300000001\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02e087dbc5a618821\",\"sg-02e087dbc5a618821\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02e087dbc5a618821\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-02e087dbc5a618821\",\"GroupName\":\"eks-cluster-sg-Ofir-fargate-eks-701753269\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02e087dbc5a618821\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/Ofir-fargate-eks\",\"Value\":\"owned\"},{\"Value\":\"eks-cluster-sg-Ofir-fargate-eks-701753269\",\"Key\":\"Name\"},{\"Value\":\"Ofir-fargate-eks\",\"Key\":\"aws:eks:cluster-name\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-02e087dbc5a618821\",\"sg-02e087dbc5a618821\"],\"name\":\"eks-cluster-sg-Ofir-fargate-eks-701753269\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-0265091ed79292f2c\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00463ea878d75f6a4\",\"sg-00463ea878d75f6a4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00463ea878d75f6a4\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"amir-env6-node\"},{\"Key\":\"kubernetes.io/cluster/amir-env6\",\"Value\":\"owned\"}],\"VpcId\":\"vpc-0265091ed79292f2c\",\"Description\":\"EKS node shared security group\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00463ea878d75f6a4\",\"IpPermissionsEgress\":[{\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00463ea878d75f6a4\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00463ea878d75f6a4\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53},{\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-0d83ec4fadc51cb83\",\"GroupName\":null,\"PeeringStatus\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}]},{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\"}],\"GroupId\":\"sg-00463ea878d75f6a4\",\"GroupName\":\"amir-env6-node-20230628120919968800000006\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-0d83ec4fadc51cb83\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":10250,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00463ea878d75f6a4\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53},{\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-00463ea878d75f6a4\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[]},{\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-0d83ec4fadc51cb83\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-00463ea878d75f6a4\",\"sg-00463ea878d75f6a4\"],\"name\":\"amir-env6-node-20230628120919968800000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0143eaf4123ba8394\",\"sg-0143eaf4123ba8394\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0143eaf4123ba8394\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0143eaf4123ba8394\",\"sg-0143eaf4123ba8394\"],\"name\":\"cloudbeat-tf-WWZ_220221229084123639900000006\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0143eaf4123ba8394\",\"GroupName\":\"cloudbeat-tf-WWZ_220221229084123639900000006\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"Description\":\"Managed by Terraform\",\"Tags\":null,\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0143eaf4123ba8394\"}},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0daee1caa0a282c25\",\"sg-0daee1caa0a282c25\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0daee1caa0a282c25\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"name\":\"elastic-agent-security-group-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0daee1caa0a282c25\",\"GroupName\":\"elastic-agent-security-group-54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\",\"GroupId\":\"sg-0daee1caa0a282c25\",\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Elastic-Cloud-Security-Posture-Management/54e13d70-0c4c-11ef-b7d1-0a34b27fff6f\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Cloud-Security-Posture-Management\"}],\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"Block incoming traffic\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0daee1caa0a282c25\",\"sg-0daee1caa0a282c25\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d907544deef7bffe\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupName\":\"launch-wizard-98\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d907544deef7bffe\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-98 created 2024-04-07T09:21:32.383Z\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-0d907544deef7bffe\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d907544deef7bffe\",\"sg-0d907544deef7bffe\"],\"name\":\"launch-wizard-98\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0d907544deef7bffe\",\"sg-0d907544deef7bffe\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-06635215f51bfd343\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bec95274157f2e13\",\"sg-0bec95274157f2e13\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bec95274157f2e13\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Description\":\"EKS node shared security group\",\"GroupId\":\"sg-0bec95274157f2e13\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-04a38b4fa1b012b7f\"}],\"FromPort\":10250},{\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-0bec95274157f2e13\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\"}]},{\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0bec95274157f2e13\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"ToPort\":443,\"UserIdGroupPairs\":[{\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-04a38b4fa1b012b7f\",\"GroupName\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0bec95274157f2e13\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}]},{\"ToPort\":53,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-0bec95274157f2e13\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[]},{\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-04a38b4fa1b012b7f\"}],\"FromPort\":443},{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"tcp\"}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-06635215f51bfd343\",\"GroupName\":\"amir-env-node-20230627154418797700000005\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bec95274157f2e13\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/amir-env\",\"Value\":\"owned\"},{\"Key\":\"Name\",\"Value\":\"amir-env-node\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0bec95274157f2e13\",\"sg-0bec95274157f2e13\"],\"name\":\"amir-env-node-20230627154418797700000005\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03b969e6a0eb74e43\",\"sg-03b969e6a0eb74e43\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03b969e6a0eb74e43\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":\"benchmark-rules-node-20240530133041754900000006\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03b969e6a0eb74e43\",\"Description\":\"EKS node shared security group\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\"}],\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53},{\"ToPort\":53,\"UserIdGroupPairs\":[{\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]},{\"UserIdGroupPairs\":[],\"FromPort\":123,\"IpProtocol\":\"udp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/UDP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node groups to cluster API\",\"GroupId\":\"sg-06c15b89b2816c94b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress all HTTPS to internet\"}]},{\"FromPort\":123,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"Egress NTP/TCP to internet\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":123,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"benchmark-rules-node\"},{\"Value\":\"seanrathier\",\"Key\":\"owner\"},{\"Key\":\"deployment\",\"Value\":\"benchmark-rules\"},{\"Key\":\"ec2_type\",\"Value\":\"kspm_eks\"},{\"Key\":\"team\",\"Value\":\"cloud-security-posture\"},{\"Key\":\"kubernetes.io/cluster/benchmark-rules\",\"Value\":\"owned\"},{\"Key\":\"project\",\"Value\":\"seanrathier\"},{\"Key\":\"division\",\"Value\":\"engineering\"},{\"Key\":\"org\",\"Value\":\"security\"}],\"VpcId\":\"vpc-00103fb710b9960ab\",\"IpPermissions\":[{\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":10250,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node kubelets\",\"GroupId\":\"sg-06c15b89b2816c94b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":10250},{\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\",\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":53,\"IpProtocol\":\"tcp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53},{\"FromPort\":53,\"IpProtocol\":\"udp\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":53,\"UserIdGroupPairs\":[{\"GroupId\":\"sg-03b969e6a0eb74e43\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":\"Node to node CoreDNS\"}]},{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443,\"UserIdGroupPairs\":[{\"VpcPeeringConnectionId\":null,\"Description\":\"Cluster API to node groups\",\"GroupId\":\"sg-06c15b89b2816c94b\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null}],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03b969e6a0eb74e43\",\"sg-03b969e6a0eb74e43\"],\"name\":\"benchmark-rules-node-20240530133041754900000006\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0555b4857a9641e74\",\"sg-0555b4857a9641e74\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0555b4857a9641e74\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0555b4857a9641e74\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-124 created 2024-09-13T23:54:03.059Z\",\"GroupName\":\"launch-wizard-124\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"GroupId\":\"sg-0555b4857a9641e74\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0555b4857a9641e74\",\"sg-0555b4857a9641e74\"],\"name\":\"launch-wizard-124\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cbf11befe131dcbc\",\"sg-0cbf11befe131dcbc\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cbf11befe131dcbc\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0cbf11befe131dcbc\",\"GroupName\":\"launch-wizard-43\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cbf11befe131dcbc\",\"Tags\":null,\"Description\":\"launch-wizard created 2023-04-11T12:28:03.144Z\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0cbf11befe131dcbc\",\"sg-0cbf11befe131dcbc\"],\"name\":\"launch-wizard-43\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f2475dea3478102f\",\"sg-0f2475dea3478102f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f2475dea3478102f\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-0f2475dea3478102f\",\"GroupName\":\"Amit security group\",\"IpPermissions\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":\"\"}]},{\"ToPort\":8181,\"UserIdGroupPairs\":[],\"FromPort\":8181,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[{\"CidrIpv6\":\"::/0\",\"Description\":null}],\"PrefixListIds\":[]}],\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f2475dea3478102f\",\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-7 created 2021-06-23T15:33:18.313+03:00\",\"Tags\":null},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0f2475dea3478102f\",\"sg-0f2475dea3478102f\"],\"name\":\"Amit security group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-045601d533a9a38e9\",\"sg-045601d533a9a38e9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-045601d533a9a38e9\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"192.168.0.0/16\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-045601d533a9a38e9\",\"VpcId\":\"vpc-0096efe3aab3734db\",\"GroupId\":\"sg-045601d533a9a38e9\",\"GroupName\":\"kfir-qa-project_220240404150208423600000005\",\"IpPermissionsEgress\":[],\"OwnerId\":\"704479110758\",\"Tags\":null,\"Description\":\"Managed by Terraform\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-045601d533a9a38e9\",\"sg-045601d533a9a38e9\"],\"name\":\"kfir-qa-project_220240404150208423600000005\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"name\":\"elastic-agent-security-group-c82a6f30-289f-11ef-bea0-0650f5ad54ed\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"Block incoming traffic\",\"GroupName\":\"elastic-agent-security-group-c82a6f30-289f-11ef-bea0-0650f5ad54ed\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03a24bd4d64b64828\",\"Tags\":[{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/Long-Lived-Env-CNVM-8-14/c82a6f30-289f-11ef-bea0-0650f5ad54ed\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Long-Lived-Env-CNVM-8-14\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"}],\"VpcId\":\"vpc-6cb55a15\",\"GroupId\":\"sg-03a24bd4d64b64828\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03a24bd4d64b64828\",\"sg-03a24bd4d64b64828\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03a24bd4d64b64828\",\"sg-03a24bd4d64b64828\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03a24bd4d64b64828\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a73a4b1c18a32132\",\"sg-0a73a4b1c18a32132\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a73a4b1c18a32132\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"eks-cluster-sg-eyal-cluster-59678196\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-0a73a4b1c18a32132\",\"GroupName\":\"eks-cluster-sg-eyal-cluster-59678196\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"aws:eks:cluster-name\",\"Value\":\"eyal-cluster\"},{\"Key\":\"Name\",\"Value\":\"eks-cluster-sg-eyal-cluster-59678196\"},{\"Key\":\"kubernetes.io/cluster/eyal-cluster\",\"Value\":\"owned\"}],\"Description\":\"EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads.\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a73a4b1c18a32132\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0a73a4b1c18a32132\",\"sg-0a73a4b1c18a32132\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03cc15f539e5ac7a7\",\"sg-03cc15f539e5ac7a7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03cc15f539e5ac7a7\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"Tags\":null,\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03cc15f539e5ac7a7\",\"GroupName\":\"default\",\"IpPermissions\":[{\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-03cc15f539e5ac7a7\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-03cc15f539e5ac7a7\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-03cc15f539e5ac7a7\",\"sg-03cc15f539e5ac7a7\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"raw\":{\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0638198305fb1a01c\",\"Tags\":null,\"VpcId\":\"vpc-6cb55a15\",\"Description\":\"launch-wizard-115 created 2024-07-26T22:52:53.176Z\",\"GroupId\":\"sg-0638198305fb1a01c\",\"GroupName\":\"launch-wizard-115\",\"IpPermissions\":[{\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0638198305fb1a01c\",\"sg-0638198305fb1a01c\"],\"name\":\"launch-wizard-115\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0638198305fb1a01c\",\"sg-0638198305fb1a01c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0638198305fb1a01c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"launch-wizard-112 created 2024-06-26T13:40:40.248Z\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]},{\"UserIdGroupPairs\":[],\"FromPort\":443,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":443}],\"OwnerId\":\"704479110758\",\"Tags\":null,\"GroupId\":\"sg-0231ab66fcd759826\",\"GroupName\":\"launch-wizard-112\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0231ab66fcd759826\",\"VpcId\":\"vpc-6cb55a15\"},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0231ab66fcd759826\",\"sg-0231ab66fcd759826\"],\"name\":\"launch-wizard-112\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0231ab66fcd759826\",\"sg-0231ab66fcd759826\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:security-group/sg-0231ab66fcd759826\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"network\":{\"vpc_ids\":[\"vpc-75343a12\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-0156af66dacdbfa39\",\"sg-0156af66dacdbfa39\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-0156af66dacdbfa39\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"GroupId\":\"sg-0156af66dacdbfa39\",\"GroupName\":\"ec2group12\",\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"Description\":\"ec2group12\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-0156af66dacdbfa39\",\"Tags\":null,\"VpcId\":\"vpc-75343a12\"},\"id\":[\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-0156af66dacdbfa39\",\"sg-0156af66dacdbfa39\"],\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-6951971e\",\"sg-6951971e\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-6951971e\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"VpcId\":\"vpc-75343a12\",\"GroupName\":\"default\",\"Tags\":null,\"IpPermissions\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-6951971e\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null}],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-6951971e\",\"Description\":\"default VPC security group\",\"GroupId\":\"sg-6951971e\"},\"id\":[\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-6951971e\",\"sg-6951971e\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-75343a12\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-09c3db1301b54084b\",\"sg-09c3db1301b54084b\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-09c3db1301b54084b\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"Tags\":null,\"Description\":\"ec2group\",\"GroupName\":\"ec2group\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-09c3db1301b54084b\",\"VpcId\":\"vpc-75343a12\",\"GroupId\":\"sg-09c3db1301b54084b\",\"IpPermissions\":[]},\"id\":[\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-09c3db1301b54084b\",\"sg-09c3db1301b54084b\"],\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-75343a12\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-061d1e7ddfe8df388\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupId\":\"sg-061d1e7ddfe8df388\",\"IpPermissions\":[],\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-061d1e7ddfe8df388\",\"Tags\":null,\"VpcId\":\"vpc-75343a12\",\"Description\":\"ec2group1\",\"GroupName\":\"ec2group1\",\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-061d1e7ddfe8df388\",\"sg-061d1e7ddfe8df388\"],\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-1\"},\"network\":{\"vpc_ids\":[\"vpc-75343a12\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-1:704479110758:security-group/sg-061d1e7ddfe8df388\",\"sg-061d1e7ddfe8df388\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Description\":\"ec2group\",\"GroupId\":\"sg-07a0bf2db0bc9b3ed\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\"}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-07a0bf2db0bc9b3ed\",\"Tags\":null,\"VpcId\":\"vpc-04076d6d\",\"GroupName\":\"ec2group\"},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-07a0bf2db0bc9b3ed\",\"sg-07a0bf2db0bc9b3ed\"],\"name\":\"ec2group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-07a0bf2db0bc9b3ed\",\"sg-07a0bf2db0bc9b3ed\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-07a0bf2db0bc9b3ed\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-6f27d902\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"default VPC security group\",\"GroupName\":\"default\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-6f27d902\",\"Tags\":null,\"GroupId\":\"sg-6f27d902\",\"IpPermissions\":[{\"ToPort\":null,\"UserIdGroupPairs\":[{\"Description\":null,\"GroupId\":\"sg-6f27d902\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\",\"VpcId\":null,\"VpcPeeringConnectionId\":null}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-04076d6d\"},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-6f27d902\",\"sg-6f27d902\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-6f27d902\",\"sg-6f27d902\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-06a3c2327b0c74906\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"tags\":null,\"raw\":{\"Description\":\"Block incoming traffic\",\"GroupId\":\"sg-06a3c2327b0c74906\",\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-06a3c2327b0c74906\",\"Tags\":[{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"ElasticAgentSecurityGroup\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:ap-northeast-3:704479110758:stack/Elastic-Vulnerability-Management-816/7c201840-8fb7-11ef-b631-06d7d70edc93\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"Elastic-Vulnerability-Management-816\"}],\"VpcId\":\"vpc-04076d6d\",\"GroupName\":\"elastic-agent-security-group-7c201840-8fb7-11ef-b631-06d7d70edc93\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}]},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-06a3c2327b0c74906\",\"sg-06a3c2327b0c74906\"],\"name\":\"elastic-agent-security-group-7c201840-8fb7-11ef-b631-06d7d70edc93\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-06a3c2327b0c74906\",\"sg-06a3c2327b0c74906\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.343Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-058f2ccf9f9a056e1\",\"sg-058f2ccf9f9a056e1\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-058f2ccf9f9a056e1\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"Tags\":null,\"Description\":\"launch-wizard-1 created 2023-06-27T09:34:23.731Z\",\"GroupId\":\"sg-058f2ccf9f9a056e1\",\"GroupName\":\"launch-wizard-1\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-058f2ccf9f9a056e1\",\"IpPermissions\":[{\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[],\"FromPort\":22,\"IpProtocol\":\"tcp\"}],\"IpPermissionsEgress\":[{\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-04076d6d\"},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-058f2ccf9f9a056e1\",\"sg-058f2ccf9f9a056e1\"],\"name\":\"launch-wizard-1\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"name\":\"ec2group12\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-047ff27f890d4d12c\",\"IpPermissions\":[],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-04076d6d\",\"Description\":\"ec2group12\",\"GroupName\":\"ec2group12\",\"IpPermissionsEgress\":[{\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-047ff27f890d4d12c\",\"Tags\":null},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-047ff27f890d4d12c\",\"sg-047ff27f890d4d12c\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]},\"resource_policies\":[],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-047ff27f890d4d12c\",\"sg-047ff27f890d4d12c\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-047ff27f890d4d12c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-0e7cb1c12ead1d2dc\",\"sg-0e7cb1c12ead1d2dc\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-0e7cb1c12ead1d2dc\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"raw\":{\"GroupName\":\"ec2group1\",\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-04076d6d\",\"Description\":\"ec2group1\",\"GroupId\":\"sg-0e7cb1c12ead1d2dc\",\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-0e7cb1c12ead1d2dc\",\"Tags\":null},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-0e7cb1c12ead1d2dc\",\"sg-0e7cb1c12ead1d2dc\"],\"name\":\"ec2group1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-3\"},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-09fd2b30c71322d96\",\"sg-09fd2b30c71322d96\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-09fd2b30c71322d96\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupId\":\"sg-09fd2b30c71322d96\",\"GroupName\":\"launch-wizard-2\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-04076d6d\",\"Description\":\"launch-wizard-2 created 2024-02-19T16:55:05.317Z\",\"IpPermissions\":[{\"FromPort\":22,\"IpProtocol\":\"tcp\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":22,\"UserIdGroupPairs\":[]}],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"Description\":null,\"CidrIp\":\"0.0.0.0/0\"}],\"Ipv6Ranges\":[]}],\"SecurityGroupArn\":\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-09fd2b30c71322d96\"},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:security-group/sg-09fd2b30c71322d96\",\"sg-09fd2b30c71322d96\"],\"name\":\"launch-wizard-2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.095+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-bbfefedc\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0d1d59d7f69e7fd6e\",\"sg-0d1d59d7f69e7fd6e\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0d1d59d7f69e7fd6e\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"VpcId\":\"vpc-bbfefedc\",\"Description\":\"ec2group1\",\"GroupId\":\"sg-0d1d59d7f69e7fd6e\",\"GroupName\":\"ec2group1\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0d1d59d7f69e7fd6e\",\"Tags\":null,\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[]}],\"OwnerId\":\"704479110758\"},\"id\":[\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0d1d59d7f69e7fd6e\",\"sg-0d1d59d7f69e7fd6e\"],\"name\":\"ec2group1\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"GroupName\":\"default\",\"IpPermissionsEgress\":[{\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}]}],\"OwnerId\":\"704479110758\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-ffa3398d\",\"VpcId\":\"vpc-bbfefedc\",\"Description\":\"default VPC security group\",\"IpPermissions\":[{\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[{\"VpcId\":null,\"VpcPeeringConnectionId\":null,\"Description\":null,\"GroupId\":\"sg-ffa3398d\",\"GroupName\":null,\"PeeringStatus\":null,\"UserId\":\"704479110758\"}],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[],\"Ipv6Ranges\":[]}],\"Tags\":null,\"GroupId\":\"sg-ffa3398d\"},\"id\":[\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-ffa3398d\",\"sg-ffa3398d\"],\"name\":\"default\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-bbfefedc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-ffa3398d\",\"sg-ffa3398d\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-ffa3398d\":{\"type\":\"firewall\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-bbfefedc\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0eb624d557ef317cd\",\"sg-0eb624d557ef317cd\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0eb624d557ef317cd\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"name\":\"ec2group\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"IpPermissionsEgress\":[{\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[],\"ToPort\":null,\"UserIdGroupPairs\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-bbfefedc\",\"GroupId\":\"sg-0eb624d557ef317cd\",\"GroupName\":\"ec2group\",\"Tags\":null,\"Description\":\"ec2group\",\"SecurityGroupArn\":\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0eb624d557ef317cd\"},\"id\":[\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0eb624d557ef317cd\",\"sg-0eb624d557ef317cd\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0dd5f3bd0175c413c\",\"sg-0dd5f3bd0175c413c\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0dd5f3bd0175c413c\":{\"category\":\"infrastructure\",\"type\":\"firewall\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"firewall\",\"sub_type\":\"ec2-security-group\",\"tags\":null,\"raw\":{\"IpPermissions\":[],\"SecurityGroupArn\":\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0dd5f3bd0175c413c\",\"Tags\":null,\"Description\":\"ec2group12\",\"GroupId\":\"sg-0dd5f3bd0175c413c\",\"GroupName\":\"ec2group12\",\"IpPermissionsEgress\":[{\"ToPort\":null,\"UserIdGroupPairs\":[],\"FromPort\":null,\"IpProtocol\":\"-1\",\"IpRanges\":[{\"CidrIp\":\"0.0.0.0/0\",\"Description\":null}],\"Ipv6Ranges\":[],\"PrefixListIds\":[]}],\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-bbfefedc\"},\"id\":[\"arn:aws:ec2:ap-southeast-2:704479110758:security-group/sg-0dd5f3bd0175c413c\",\"sg-0dd5f3bd0175c413c\"],\"name\":\"ec2group12\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-bbfefedc\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-0537148b062dc9fa2\",\"subnet-0537148b062dc9fa2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-0537148b062dc9fa2\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"State\":\"available\",\"SubnetId\":\"subnet-0537148b062dc9fa2\",\"OwnerId\":\"704479110758\",\"AvailableIpAddressCount\":65531,\"CidrBlock\":\"10.1.0.0/16\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"AvailabilityZoneId\":\"euw3-az1\",\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-0537148b062dc9fa2\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"buildsec-subnet-public-1\"}],\"DefaultForAz\":false,\"AvailabilityZone\":\"eu-west-3a\",\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-0e4b5c650a5bc0bdd\",\"AssignIpv6AddressOnCreation\":false}},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-0537148b062dc9fa2\",\"subnet-0537148b062dc9fa2\"],\"name\":\"subnet-0537148b062dc9fa2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0e4b5c650a5bc0bdd\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-9f9208d2\",\"subnet-9f9208d2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-9f9208d2\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"AvailabilityZone\":\"eu-west-3c\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-9f9208d2\",\"Tags\":null,\"AvailabilityZoneId\":\"euw3-az3\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"State\":\"available\",\"VpcId\":\"vpc-cf796aa6\",\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-9f9208d2\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":4091,\"CidrBlock\":\"172.31.32.0/20\"}},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-9f9208d2\",\"subnet-9f9208d2\"],\"name\":\"subnet-9f9208d2\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-60251b09\",\"subnet-60251b09\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-60251b09\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-3a\",\"AvailableIpAddressCount\":4091,\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"State\":\"available\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-60251b09\",\"VpcId\":\"vpc-cf796aa6\",\"AvailabilityZoneId\":\"euw3-az1\",\"CidrBlock\":\"172.31.0.0/20\",\"DefaultForAz\":true,\"EnableDns64\":false,\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-60251b09\",\"MapCustomerOwnedIpOnLaunch\":false,\"Tags\":null}},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-60251b09\",\"subnet-60251b09\"],\"name\":\"subnet-60251b09\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"raw\":{\"subnet\":{\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AvailabilityZone\":\"eu-west-3b\",\"AvailabilityZoneId\":\"euw3-az2\",\"EnableDns64\":false,\"AssignIpv6AddressOnCreation\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-ec99c897\",\"SubnetId\":\"subnet-ec99c897\",\"DefaultForAz\":true,\"Ipv6Native\":false,\"Tags\":null,\"AvailableIpAddressCount\":4091,\"CidrBlock\":\"172.31.16.0/20\",\"CustomerOwnedIpv4Pool\":null,\"OutpostArn\":null,\"State\":\"available\",\"VpcId\":\"vpc-cf796aa6\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true}},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-ec99c897\",\"subnet-ec99c897\"],\"name\":\"subnet-ec99c897\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-cf796aa6\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-ec99c897\",\"subnet-ec99c897\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:subnet/subnet-ec99c897\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-a1c474cb\",\"subnet-a1c474cb\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-a1c474cb\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"SubnetArn\":\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-a1c474cb\",\"Tags\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"State\":\"available\",\"AvailabilityZone\":\"eu-central-1a\",\"EnableLniAtDeviceIndex\":null,\"OwnerId\":\"704479110758\",\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"VpcId\":\"vpc-ed6da487\",\"CidrBlock\":\"172.31.16.0/20\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"OutpostArn\":null,\"SubnetId\":\"subnet-a1c474cb\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euc1-az2\",\"AvailableIpAddressCount\":4091}},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-a1c474cb\",\"subnet-a1c474cb\"],\"name\":\"subnet-a1c474cb\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-central-1\"},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-4b27c837\",\"subnet-4b27c837\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-4b27c837\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"name\":\"subnet-4b27c837\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZone\":\"eu-central-1b\",\"DefaultForAz\":true,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-4b27c837\",\"AssignIpv6AddressOnCreation\":false,\"Tags\":null,\"OwnerId\":\"704479110758\",\"CidrBlock\":\"172.31.32.0/20\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"SubnetId\":\"subnet-4b27c837\",\"AvailabilityZoneId\":\"euc1-az3\",\"VpcId\":\"vpc-ed6da487\",\"CustomerOwnedIpv4Pool\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"State\":\"available\",\"AvailableIpAddressCount\":4090}},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-4b27c837\",\"subnet-4b27c837\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-central-1\"},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-ed6da487\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-e330c2af\",\"subnet-e330c2af\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-e330c2af\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"VpcId\":\"vpc-ed6da487\",\"CidrBlock\":\"172.31.0.0/20\",\"DefaultForAz\":true,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-e330c2af\",\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"State\":\"available\",\"AvailabilityZone\":\"eu-central-1c\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-e330c2af\",\"Tags\":null,\"AvailabilityZoneId\":\"euc1-az1\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":4091}},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:subnet/subnet-e330c2af\",\"subnet-e330c2af\"],\"name\":\"subnet-e330c2af\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-0b301a436d259a430\",\"subnet-0b301a436d259a430\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-0b301a436d259a430\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"SubnetId\":\"subnet-0b301a436d259a430\",\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"AvailableIpAddressCount\":8162,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AvailabilityZoneId\":\"euw2-az2\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"172.20.32.0/19\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Tags\":[{\"Key\":\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\",\"Value\":\"owned\"},{\"Key\":\"SubnetType\",\"Value\":\"Public\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"KubernetesCluster\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Key\":\"Name\",\"Value\":\"eu-west-2a.kops-csp-demo-1.k8s.local\"}],\"AvailabilityZone\":\"eu-west-2a\",\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-0b301a436d259a430\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-0b301a436d259a430\",\"subnet-0b301a436d259a430\"],\"name\":\"subnet-0b301a436d259a430\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-566d243f\",\"subnet-566d243f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-566d243f\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":4090,\"MapPublicIpOnLaunch\":true,\"Tags\":null,\"VpcId\":\"vpc-7d397e15\",\"AvailabilityZoneId\":\"euw2-az1\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetId\":\"subnet-566d243f\",\"AvailabilityZone\":\"eu-west-2c\",\"CidrBlock\":\"172.31.0.0/20\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-566d243f\",\"AssignIpv6AddressOnCreation\":false,\"Ipv6CidrBlockAssociationSet\":[],\"EnableDns64\":false}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-566d243f\",\"subnet-566d243f\"],\"name\":\"subnet-566d243f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-0981d6560ece89ecb\",\"subnet-0981d6560ece89ecb\"],\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-0981d6560ece89ecb\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-0981d6560ece89ecb\",\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"AvailabilityZoneId\":\"euw2-az3\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"CidrBlock\":\"172.20.64.0/19\",\"EnableDns64\":false,\"AvailableIpAddressCount\":8174,\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-0981d6560ece89ecb\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eu-west-2b.kops-csp-demo-1.k8s.local\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"KubernetesCluster\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Key\":\"SubnetType\",\"Value\":\"Public\"},{\"Key\":\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\",\"Value\":\"owned\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/elb\"}],\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-2b\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-0981d6560ece89ecb\",\"subnet-0981d6560ece89ecb\"],\"name\":\"subnet-0981d6560ece89ecb\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-058b21b3bf0f435b0\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZone\":\"eu-west-2a\",\"AvailabilityZoneId\":\"euw2-az2\",\"DefaultForAz\":true,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"172.31.16.0/20\",\"MapPublicIpOnLaunch\":true,\"SubnetArn\":\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-44ef7a3e\",\"VpcId\":\"vpc-7d397e15\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"Tags\":null,\"AvailableIpAddressCount\":4090,\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-44ef7a3e\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-44ef7a3e\",\"subnet-44ef7a3e\"],\"name\":\"subnet-44ef7a3e\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-44ef7a3e\",\"subnet-44ef7a3e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-44ef7a3e\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-1758805b\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-1758805b\",\"SubnetId\":\"subnet-1758805b\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"Ipv6CidrBlockAssociationSet\":[],\"AvailableIpAddressCount\":4089,\"Ipv6Native\":false,\"VpcId\":\"vpc-7d397e15\",\"AssignIpv6AddressOnCreation\":false,\"EnableDns64\":false,\"OwnerId\":\"704479110758\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AvailabilityZone\":\"eu-west-2b\",\"AvailabilityZoneId\":\"euw2-az3\",\"CidrBlock\":\"172.31.32.0/20\",\"Tags\":null}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-1758805b\",\"subnet-1758805b\"],\"name\":\"subnet-1758805b\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-7d397e15\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-1758805b\",\"subnet-1758805b\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0655e251b572f3c6c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-083628bfcd8860a0d\",\"subnet-083628bfcd8860a0d\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-083628bfcd8860a0d\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"DefaultForAz\":false,\"Ipv6Native\":false,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"buildsec-subnet-public-1\"}],\"OwnerId\":\"704479110758\",\"AvailabilityZoneId\":\"euw2-az2\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-083628bfcd8860a0d\",\"AvailabilityZone\":\"eu-west-2a\",\"AvailableIpAddressCount\":65531,\"CidrBlock\":\"10.1.0.0/16\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetId\":\"subnet-083628bfcd8860a0d\",\"VpcId\":\"vpc-0655e251b572f3c6c\"}},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:subnet/subnet-083628bfcd8860a0d\",\"subnet-083628bfcd8860a0d\"],\"name\":\"subnet-083628bfcd8860a0d\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-north-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-e6e43c8f\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-26a1ba6c\",\"subnet-26a1ba6c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-26a1ba6c\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":true,\"EnableDns64\":false,\"MapPublicIpOnLaunch\":true,\"State\":\"available\",\"SubnetId\":\"subnet-26a1ba6c\",\"Tags\":null,\"AvailabilityZone\":\"eu-north-1c\",\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-26a1ba6c\",\"AvailabilityZoneId\":\"eun1-az3\",\"AvailableIpAddressCount\":4091,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"VpcId\":\"vpc-e6e43c8f\",\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"172.31.0.0/20\",\"CustomerOwnedIpv4Pool\":null,\"MapCustomerOwnedIpOnLaunch\":false}},\"id\":[\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-26a1ba6c\",\"subnet-26a1ba6c\"],\"name\":\"subnet-26a1ba6c\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-e6e43c8f\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-bcd129c7\",\"subnet-bcd129c7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-bcd129c7\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"CidrBlock\":\"172.31.32.0/20\",\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-bcd129c7\",\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"eun1-az2\",\"AvailableIpAddressCount\":4091,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"SubnetId\":\"subnet-bcd129c7\",\"AvailabilityZone\":\"eu-north-1b\",\"DefaultForAz\":true,\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-e6e43c8f\"}},\"id\":[\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-bcd129c7\",\"subnet-bcd129c7\"],\"name\":\"subnet-bcd129c7\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-north-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-e6e43c8f\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-0da97064\",\"subnet-0da97064\"],\"entity.metadata\":{\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-0da97064\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-0da97064\",\"subnet-0da97064\"],\"name\":\"subnet-0da97064\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"OwnerId\":\"704479110758\",\"State\":\"available\",\"SubnetId\":\"subnet-0da97064\",\"VpcId\":\"vpc-e6e43c8f\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"CidrBlock\":\"172.31.16.0/20\",\"OutpostArn\":null,\"Ipv6CidrBlockAssociationSet\":[],\"AvailabilityZone\":\"eu-north-1a\",\"AvailabilityZoneId\":\"eun1-az1\",\"AvailableIpAddressCount\":4091,\"DefaultForAz\":true,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"SubnetArn\":\"arn:aws:ec2:eu-north-1:704479110758:subnet/subnet-0da97064\",\"AssignIpv6AddressOnCreation\":false,\"Tags\":null}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-north-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-8bb1fde3\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-2e6ee054\",\"subnet-2e6ee054\"],\"entity.metadata\":{\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-2e6ee054\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-2e6ee054\",\"VpcId\":\"vpc-8bb1fde3\",\"AvailabilityZoneId\":\"cac1-az2\",\"CidrBlock\":\"172.31.0.0/20\",\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"AvailabilityZone\":\"ca-central-1b\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"State\":\"available\",\"SubnetId\":\"subnet-2e6ee054\",\"AvailableIpAddressCount\":4091,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Tags\":null,\"AssignIpv6AddressOnCreation\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-2e6ee054\",\"subnet-2e6ee054\"],\"name\":\"subnet-2e6ee054\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ca-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-291c1775\",\"subnet-291c1775\"],\"entity.metadata\":{\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-291c1775\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-291c1775\",\"subnet-291c1775\"],\"name\":\"subnet-291c1775\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CustomerOwnedIpv4Pool\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"Tags\":null,\"AvailableIpAddressCount\":4091,\"Ipv6Native\":false,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-291c1775\",\"SubnetId\":\"subnet-291c1775\",\"VpcId\":\"vpc-8bb1fde3\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"ca-central-1d\",\"EnableDns64\":false,\"MapPublicIpOnLaunch\":true,\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"AvailabilityZoneId\":\"cac1-az4\",\"CidrBlock\":\"172.31.32.0/20\",\"DefaultForAz\":true,\"EnableLniAtDeviceIndex\":null}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"ca-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-8bb1fde3\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"name\":\"subnet-5c394434\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"172.31.16.0/20\",\"DefaultForAz\":true,\"Ipv6CidrBlockAssociationSet\":[],\"State\":\"available\",\"Tags\":null,\"AvailabilityZone\":\"ca-central-1a\",\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-5c394434\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":4091,\"CustomerOwnedIpv4Pool\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"VpcId\":\"vpc-8bb1fde3\",\"AvailabilityZoneId\":\"cac1-az1\",\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-5c394434\",\"EnableDns64\":false}},\"id\":[\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-5c394434\",\"subnet-5c394434\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"ca-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-8bb1fde3\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-5c394434\",\"subnet-5c394434\"],\"entity.metadata\":{\"arn:aws:ec2:ca-central-1:704479110758:subnet/subnet-5c394434\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-c4bf5e9b\",\"subnet-c4bf5e9b\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-c4bf5e9b\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"SubnetId\":\"subnet-c4bf5e9b\",\"Tags\":null,\"AvailabilityZone\":\"us-east-1d\",\"EnableLniAtDeviceIndex\":null,\"VpcId\":\"vpc-73d2e309\",\"AvailabilityZoneId\":\"use1-az6\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"AvailableIpAddressCount\":4090,\"CidrBlock\":\"172.31.32.0/20\",\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-c4bf5e9b\",\"AssignIpv6AddressOnCreation\":false,\"DefaultForAz\":true}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-c4bf5e9b\",\"subnet-c4bf5e9b\"],\"name\":\"subnet-c4bf5e9b\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-0a0bee6c\",\"subnet-0a0bee6c\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-0a0bee6c\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-0a0bee6c\",\"subnet-0a0bee6c\"],\"name\":\"subnet-0a0bee6c\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"172.31.0.0/20\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"State\":\"available\",\"AvailableIpAddressCount\":4091,\"Tags\":null,\"SubnetId\":\"subnet-0a0bee6c\",\"DefaultForAz\":true,\"AssignIpv6AddressOnCreation\":false,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"VpcId\":\"vpc-73d2e309\",\"AvailabilityZone\":\"us-east-1a\",\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-0a0bee6c\",\"AvailabilityZoneId\":\"use1-az1\"}}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-37391109\",\"subnet-37391109\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-37391109\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":4090,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"CidrBlock\":\"172.31.64.0/20\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"EnableDns64\":false,\"Ipv6Native\":false,\"AvailabilityZone\":\"us-east-1e\",\"AvailabilityZoneId\":\"use1-az3\",\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-73d2e309\",\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-37391109\",\"SubnetId\":\"subnet-37391109\"}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-37391109\",\"subnet-37391109\"],\"name\":\"subnet-37391109\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"id\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-fee506df\",\"subnet-fee506df\"],\"name\":\"subnet-fee506df\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetId\":\"subnet-fee506df\",\"VpcId\":\"vpc-73d2e309\",\"AvailabilityZoneId\":\"use1-az2\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"AssignIpv6AddressOnCreation\":false,\"EnableDns64\":false,\"SubnetArn\":\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-fee506df\",\"OwnerId\":\"704479110758\",\"AvailableIpAddressCount\":4088,\"CidrBlock\":\"172.31.80.0/20\",\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"Tags\":null,\"AvailabilityZone\":\"us-east-1b\",\"DefaultForAz\":true,\"Ipv6CidrBlockAssociationSet\":[]}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-fee506df\",\"subnet-fee506df\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-fee506df\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-bf6ab5b1\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"EnableLniAtDeviceIndex\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":4090,\"CidrBlock\":\"172.31.48.0/20\",\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-73d2e309\",\"AvailabilityZone\":\"us-east-1f\",\"AvailabilityZoneId\":\"use1-az5\",\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-bf6ab5b1\",\"Tags\":null,\"EnableDns64\":false,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"SubnetId\":\"subnet-bf6ab5b1\"}},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-bf6ab5b1\",\"subnet-bf6ab5b1\"],\"name\":\"subnet-bf6ab5b1\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-bf6ab5b1\",\"subnet-bf6ab5b1\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-73d2e309\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-8bdf6bc6\",\"subnet-8bdf6bc6\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-8bdf6bc6\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-8bdf6bc6\",\"subnet-8bdf6bc6\"],\"name\":\"subnet-8bdf6bc6\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:us-east-1:704479110758:subnet/subnet-8bdf6bc6\",\"VpcId\":\"vpc-73d2e309\",\"AvailabilityZone\":\"us-east-1c\",\"AvailableIpAddressCount\":4088,\"EnableDns64\":false,\"DefaultForAz\":true,\"State\":\"available\",\"OwnerId\":\"704479110758\",\"AssignIpv6AddressOnCreation\":false,\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-8bdf6bc6\",\"Tags\":null,\"AvailabilityZoneId\":\"use1-az4\",\"CidrBlock\":\"172.31.16.0/20\",\"CustomerOwnedIpv4Pool\":null}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-8ae5c7f0\",\"subnet-8ae5c7f0\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-8ae5c7f0\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":true,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-8ae5c7f0\",\"Tags\":null,\"SubnetId\":\"subnet-8ae5c7f0\",\"VpcId\":\"vpc-0fa96564\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"us-east-2b\",\"AvailabilityZoneId\":\"use2-az2\",\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AvailableIpAddressCount\":4091,\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"MapPublicIpOnLaunch\":true,\"CidrBlock\":\"172.31.16.0/20\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"State\":\"available\"}},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-8ae5c7f0\",\"subnet-8ae5c7f0\"],\"name\":\"subnet-8ae5c7f0\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-350c8679\",\"subnet-350c8679\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-350c8679\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"SubnetArn\":\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-350c8679\",\"VpcId\":\"vpc-0fa96564\",\"OutpostArn\":null,\"AvailabilityZoneId\":\"use2-az3\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"Tags\":null,\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"172.31.32.0/20\",\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"SubnetId\":\"subnet-350c8679\",\"AvailabilityZone\":\"us-east-2c\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"AvailableIpAddressCount\":4090}},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-350c8679\",\"subnet-350c8679\"],\"name\":\"subnet-350c8679\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-0fa96564\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-76e81c1d\",\"subnet-76e81c1d\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-76e81c1d\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"use2-az1\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"us-east-2a\",\"Ipv6Native\":false,\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-76e81c1d\",\"AvailableIpAddressCount\":4089,\"CidrBlock\":\"172.31.0.0/20\",\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-76e81c1d\",\"VpcId\":\"vpc-0fa96564\",\"DefaultForAz\":true,\"MapPublicIpOnLaunch\":true}},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:subnet/subnet-76e81c1d\",\"subnet-76e81c1d\"],\"name\":\"subnet-76e81c1d\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e97645aa0b5d0ec4\",\"subnet-0e97645aa0b5d0ec4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e97645aa0b5d0ec4\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"CidrBlock\":\"10.0.2.0/24\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"CustomerOwnedIpv4Pool\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":251,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e97645aa0b5d0ec4\",\"SubnetId\":\"subnet-0e97645aa0b5d0ec4\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/test-env-ci-tf\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-vpc-private-eu-west-1b\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}],\"AvailabilityZone\":\"eu-west-1b\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e97645aa0b5d0ec4\",\"subnet-0e97645aa0b5d0ec4\"],\"name\":\"subnet-0e97645aa0b5d0ec4\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-022a228119cb5b519\",\"subnet-022a228119cb5b519\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-022a228119cb5b519\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"MapPublicIpOnLaunch\":true,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-022a228119cb5b519\",\"SubnetId\":\"subnet-022a228119cb5b519\",\"AvailabilityZone\":\"eu-west-1a\",\"EnableLniAtDeviceIndex\":null,\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-pEN\",\"Value\":\"shared\"},{\"Value\":\"cloudbeat-tf-pEN-vpc-public-eu-west-1a\",\"Key\":\"Name\"}],\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":250,\"CidrBlock\":\"10.0.4.0/24\",\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"VpcId\":\"vpc-04ece708af6c9b689\",\"AvailabilityZoneId\":\"euw1-az1\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-022a228119cb5b519\",\"subnet-022a228119cb5b519\"],\"name\":\"subnet-022a228119cb5b519\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04d6046ca13f1d2b2\",\"subnet-04d6046ca13f1d2b2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04d6046ca13f1d2b2\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"euw1-az3\",\"CidrBlock\":\"10.0.3.0/24\",\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04d6046ca13f1d2b2\",\"AvailabilityZone\":\"eu-west-1c\",\"AvailableIpAddressCount\":251,\"Ipv6Native\":false,\"VpcId\":\"vpc-0bf78569aaae50b84\",\"AssignIpv6AddressOnCreation\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"SubnetId\":\"subnet-04d6046ca13f1d2b2\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-SXE\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-vpc-private-eu-west-1c\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}],\"DefaultForAz\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04d6046ca13f1d2b2\",\"subnet-04d6046ca13f1d2b2\"],\"name\":\"subnet-04d6046ca13f1d2b2\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"euw1-az3\",\"DefaultForAz\":false,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-0826fbb5db7a6ce47\",\"VpcId\":\"vpc-04ece708af6c9b689\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-pEN-vpc-public-eu-west-1c\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-pEN\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1c\",\"AvailableIpAddressCount\":251,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0826fbb5db7a6ce47\",\"CidrBlock\":\"10.0.6.0/24\",\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0826fbb5db7a6ce47\",\"subnet-0826fbb5db7a6ce47\"],\"name\":\"subnet-0826fbb5db7a6ce47\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0826fbb5db7a6ce47\",\"subnet-0826fbb5db7a6ce47\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0826fbb5db7a6ce47\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-06635215f51bfd343\"]},\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01d21175cc69e9571\",\"subnet-01d21175cc69e9571\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01d21175cc69e9571\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01d21175cc69e9571\",\"SubnetId\":\"subnet-01d21175cc69e9571\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"amir-env-vpc-public-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/amir-env\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"VpcId\":\"vpc-06635215f51bfd343\",\"AvailabilityZoneId\":\"euw1-az2\",\"DefaultForAz\":false,\"EnableDns64\":false,\"MapPublicIpOnLaunch\":true,\"AvailabilityZone\":\"eu-west-1b\",\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"EnableLniAtDeviceIndex\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.5.0/24\",\"CustomerOwnedIpv4Pool\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01d21175cc69e9571\",\"subnet-01d21175cc69e9571\"],\"name\":\"subnet-01d21175cc69e9571\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d232eecdff26526d\",\"subnet-0d232eecdff26526d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d232eecdff26526d\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"name\":\"subnet-0d232eecdff26526d\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableDns64\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d232eecdff26526d\",\"Tags\":[{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-SXE\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-vpc-public-eu-west-1c\"}],\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1c\",\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"VpcId\":\"vpc-0bf78569aaae50b84\",\"AvailabilityZoneId\":\"euw1-az3\",\"CidrBlock\":\"10.0.6.0/24\",\"State\":\"available\",\"SubnetId\":\"subnet-0d232eecdff26526d\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d232eecdff26526d\",\"subnet-0d232eecdff26526d\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"SubnetId\":\"subnet-005da09026434a42d\",\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-5jA-vpc-public-eu-west-1c\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-5jA\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"AvailabilityZone\":\"eu-west-1c\",\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-005da09026434a42d\",\"AvailabilityZoneId\":\"euw1-az3\",\"CidrBlock\":\"10.0.6.0/24\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"}}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-005da09026434a42d\",\"subnet-005da09026434a42d\"],\"name\":\"subnet-005da09026434a42d\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-005da09026434a42d\",\"subnet-005da09026434a42d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-005da09026434a42d\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0cdfa229831a9689c\",\"subnet-0cdfa229831a9689c\"],\"name\":\"subnet-0cdfa229831a9689c\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":false,\"Ipv6Native\":false,\"State\":\"available\",\"VpcId\":\"vpc-08d87433815da7907\",\"AvailabilityZoneId\":\"euw1-az2\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0cdfa229831a9689c\",\"SubnetId\":\"subnet-0cdfa229831a9689c\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/kuba-logs\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-vpc-private-eu-west-1b\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}],\"AssignIpv6AddressOnCreation\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":false,\"AvailabilityZone\":\"eu-west-1b\",\"AvailableIpAddressCount\":246,\"CidrBlock\":\"10.0.2.0/24\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"OwnerId\":\"704479110758\"}}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0cdfa229831a9689c\",\"subnet-0cdfa229831a9689c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0cdfa229831a9689c\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06cb2b521f07177a4\",\"subnet-06cb2b521f07177a4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06cb2b521f07177a4\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"CidrBlock\":\"10.0.4.0/24\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"AvailableIpAddressCount\":250,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"AvailabilityZoneId\":\"euw1-az1\",\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06cb2b521f07177a4\",\"SubnetId\":\"subnet-06cb2b521f07177a4\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-WWZ-vpc-public-eu-west-1a\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-WWZ\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"VpcId\":\"vpc-0e838e42ce3e6d30c\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06cb2b521f07177a4\",\"subnet-06cb2b521f07177a4\"],\"name\":\"subnet-06cb2b521f07177a4\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04dedcfd218f68e39\",\"subnet-04dedcfd218f68e39\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04dedcfd218f68e39\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-vpc-private-eu-west-1b\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-SXE\",\"Value\":\"shared\"}],\"CidrBlock\":\"10.0.2.0/24\",\"DefaultForAz\":false,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-0bf78569aaae50b84\",\"CustomerOwnedIpv4Pool\":null,\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":251,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04dedcfd218f68e39\",\"SubnetId\":\"subnet-04dedcfd218f68e39\",\"AvailabilityZone\":\"eu-west-1b\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":false,\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04dedcfd218f68e39\",\"subnet-04dedcfd218f68e39\"],\"name\":\"subnet-04dedcfd218f68e39\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-06635215f51bfd343\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06877e04cd144a9d3\",\"subnet-06877e04cd144a9d3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06877e04cd144a9d3\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06877e04cd144a9d3\",\"subnet-06877e04cd144a9d3\"],\"name\":\"subnet-06877e04cd144a9d3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"VpcId\":\"vpc-06635215f51bfd343\",\"CidrBlock\":\"10.0.1.0/24\",\"DefaultForAz\":false,\"EnableDns64\":false,\"Ipv6Native\":false,\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":251,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06877e04cd144a9d3\",\"SubnetId\":\"subnet-06877e04cd144a9d3\",\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"MapPublicIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":[{\"Key\":\"kubernetes.io/cluster/amir-env\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Value\":\"amir-env-vpc-private-eu-west-1a\",\"Key\":\"Name\"}]}}},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02d996d780a41b803\",\"SubnetId\":\"subnet-02d996d780a41b803\",\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"State\":\"available\",\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-AhU-vpc-private-eu-west-1c\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-AhU\",\"Value\":\"shared\"}],\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"AvailabilityZone\":\"eu-west-1c\",\"AvailabilityZoneId\":\"euw1-az3\",\"EnableLniAtDeviceIndex\":null,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-05dd3a849e821fafc\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.3.0/24\",\"EnableDns64\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02d996d780a41b803\",\"subnet-02d996d780a41b803\"],\"name\":\"subnet-02d996d780a41b803\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02d996d780a41b803\",\"subnet-02d996d780a41b803\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02d996d780a41b803\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-013417b28485abce5\",\"subnet-013417b28485abce5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-013417b28485abce5\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"euw1-az1\",\"EnableLniAtDeviceIndex\":null,\"AvailabilityZone\":\"eu-west-1a\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"CidrBlock\":\"10.0.1.0/24\",\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-013417b28485abce5\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/long-running-project\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"long-running-project-vpc-private-eu-west-1a\"}],\"VpcId\":\"vpc-096d5aaf84103883c\",\"EnableDns64\":false,\"AvailableIpAddressCount\":242,\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"State\":\"available\",\"SubnetId\":\"subnet-013417b28485abce5\",\"AssignIpv6AddressOnCreation\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-013417b28485abce5\",\"subnet-013417b28485abce5\"],\"name\":\"subnet-013417b28485abce5\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0b9742a3beed3221a\",\"subnet-0b9742a3beed3221a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0b9742a3beed3221a\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"VpcId\":\"vpc-096d5aaf84103883c\",\"EnableDns64\":false,\"Ipv6Native\":false,\"OutpostArn\":null,\"SubnetId\":\"subnet-0b9742a3beed3221a\",\"Tags\":[{\"Value\":\"long-running-project-vpc-private-eu-west-1b\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/long-running-project\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}],\"AvailabilityZone\":\"eu-west-1b\",\"CidrBlock\":\"10.0.2.0/24\",\"MapPublicIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0b9742a3beed3221a\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":250,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0b9742a3beed3221a\",\"subnet-0b9742a3beed3221a\"],\"name\":\"subnet-0b9742a3beed3221a\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0702a81903e0778af\",\"subnet-0702a81903e0778af\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0702a81903e0778af\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0702a81903e0778af\",\"VpcId\":\"vpc-02190da3c759732a9\",\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"Tags\":[{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/elb\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-public-eu-west-1a\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"}],\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.4.0/24\",\"DefaultForAz\":false,\"EnableDns64\":false,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-0702a81903e0778af\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0702a81903e0778af\",\"subnet-0702a81903e0778af\"],\"name\":\"subnet-0702a81903e0778af\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-099f0c78ec579edf5\",\"subnet-099f0c78ec579edf5\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-099f0c78ec579edf5\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":251,\"EnableLniAtDeviceIndex\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-0096efe3aab3734db\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-099f0c78ec579edf5\",\"SubnetId\":\"subnet-099f0c78ec579edf5\",\"DefaultForAz\":false,\"EnableDns64\":false,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"AssignIpv6AddressOnCreation\":false,\"Ipv6CidrBlockAssociationSet\":[],\"AvailabilityZone\":\"eu-west-1a\",\"AvailabilityZoneId\":\"euw1-az1\",\"CidrBlock\":\"10.0.1.0/24\",\"CustomerOwnedIpv4Pool\":null,\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-vpc-private-eu-west-1a\"},{\"Key\":\"kubernetes.io/cluster/kfir-qa-project\",\"Value\":\"shared\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/internal-elb\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-099f0c78ec579edf5\",\"subnet-099f0c78ec579edf5\"],\"name\":\"subnet-099f0c78ec579edf5\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e0bf795835c7fee3\",\"subnet-0e0bf795835c7fee3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e0bf795835c7fee3\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e0bf795835c7fee3\",\"subnet-0e0bf795835c7fee3\"],\"name\":\"subnet-0e0bf795835c7fee3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-WWZ-vpc-public-eu-west-1c\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-WWZ\",\"Value\":\"shared\"}],\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1c\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e0bf795835c7fee3\",\"SubnetId\":\"subnet-0e0bf795835c7fee3\",\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"EnableDns64\":false,\"State\":\"available\",\"AvailabilityZoneId\":\"euw1-az3\",\"CidrBlock\":\"10.0.6.0/24\"}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06bb4cb1a64443b8b\",\"subnet-06bb4cb1a64443b8b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06bb4cb1a64443b8b\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"name\":\"subnet-06bb4cb1a64443b8b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az2\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06bb4cb1a64443b8b\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-nsZ-vpc-public-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-nsZ\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-06bb4cb1a64443b8b\",\"VpcId\":\"vpc-0a74788000c2f0013\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.5.0/24\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"State\":\"available\",\"AvailabilityZone\":\"eu-west-1b\",\"DefaultForAz\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-06bb4cb1a64443b8b\",\"subnet-06bb4cb1a64443b8b\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0bf1e4af13ea12d0a\",\"CidrBlock\":\"10.0.3.0/24\",\"MapPublicIpOnLaunch\":false,\"CustomerOwnedIpv4Pool\":null,\"State\":\"available\",\"SubnetId\":\"subnet-0bf1e4af13ea12d0a\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az3\",\"EnableDns64\":false,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":[{\"Value\":\"kfir-qa-project-vpc-private-eu-west-1c\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/kfir-qa-project\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}],\"VpcId\":\"vpc-0096efe3aab3734db\",\"AvailabilityZone\":\"eu-west-1c\",\"AvailableIpAddressCount\":251,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0bf1e4af13ea12d0a\",\"subnet-0bf1e4af13ea12d0a\"],\"name\":\"subnet-0bf1e4af13ea12d0a\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0bf1e4af13ea12d0a\",\"subnet-0bf1e4af13ea12d0a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0bf1e4af13ea12d0a\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01f15828b00f49fab\",\"subnet-01f15828b00f49fab\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01f15828b00f49fab\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":251,\"MapPublicIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01f15828b00f49fab\",\"VpcId\":\"vpc-0265091ed79292f2c\",\"AssignIpv6AddressOnCreation\":false,\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"SubnetId\":\"subnet-01f15828b00f49fab\",\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/amir-env6\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"amir-env6-vpc-private-eu-west-1c\"}],\"AvailabilityZone\":\"eu-west-1c\",\"CidrBlock\":\"10.0.3.0/24\",\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"AvailabilityZoneId\":\"euw1-az3\",\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"State\":\"available\",\"CustomerOwnedIpv4Pool\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01f15828b00f49fab\",\"subnet-01f15828b00f49fab\"],\"name\":\"subnet-01f15828b00f49fab\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0265091ed79292f2c\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"10.0.1.0/24\",\"EnableDns64\":false,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a3bd12b022fedd7c\",\"DefaultForAz\":false,\"SubnetId\":\"subnet-0a3bd12b022fedd7c\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-5jA-vpc-private-eu-west-1a\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-5jA\",\"Value\":\"shared\"}],\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"}}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a3bd12b022fedd7c\",\"subnet-0a3bd12b022fedd7c\"],\"name\":\"subnet-0a3bd12b022fedd7c\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a3bd12b022fedd7c\",\"subnet-0a3bd12b022fedd7c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a3bd12b022fedd7c\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fc548949d1be638f\",\"subnet-0fc548949d1be638f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fc548949d1be638f\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"MapPublicIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-0fc548949d1be638f\",\"AvailabilityZone\":\"eu-west-1b\",\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":251,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-Gfp\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-Gfp-vpc-private-eu-west-1b\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/internal-elb\"}],\"VpcId\":\"vpc-0de5d19ac894b58c9\",\"CustomerOwnedIpv4Pool\":null,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fc548949d1be638f\",\"CidrBlock\":\"10.0.2.0/24\",\"OwnerId\":\"704479110758\",\"OutpostArn\":null,\"AssignIpv6AddressOnCreation\":false,\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fc548949d1be638f\",\"subnet-0fc548949d1be638f\"],\"name\":\"subnet-0fc548949d1be638f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-06635215f51bfd343\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02a6e1d1a76af1028\",\"subnet-02a6e1d1a76af1028\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02a6e1d1a76af1028\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"name\":\"subnet-02a6e1d1a76af1028\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"10.0.4.0/24\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"AvailabilityZoneId\":\"euw1-az1\",\"EnableDns64\":false,\"Ipv6Native\":false,\"State\":\"available\",\"SubnetId\":\"subnet-02a6e1d1a76af1028\",\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/amir-env\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"amir-env-vpc-public-eu-west-1a\"}],\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-06635215f51bfd343\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"AvailableIpAddressCount\":250,\"CustomerOwnedIpv4Pool\":null,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02a6e1d1a76af1028\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02a6e1d1a76af1028\",\"subnet-02a6e1d1a76af1028\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0dc77404d1c3fa0c2\",\"subnet-0dc77404d1c3fa0c2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0dc77404d1c3fa0c2\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":251,\"AvailabilityZone\":\"eu-west-1c\",\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0dc77404d1c3fa0c2\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"benchmark-rules-vpc-public-eu-west-1c\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/benchmark-rules\",\"Value\":\"shared\"}],\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.6.0/24\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"SubnetId\":\"subnet-0dc77404d1c3fa0c2\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"AvailabilityZoneId\":\"euw1-az3\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0dc77404d1c3fa0c2\",\"subnet-0dc77404d1c3fa0c2\"],\"name\":\"subnet-0dc77404d1c3fa0c2\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a5b112f21481c793\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"10.0.4.0/24\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a5b112f21481c793\",\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"AssignIpv6AddressOnCreation\":false,\"DefaultForAz\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetId\":\"subnet-0a5b112f21481c793\",\"AvailabilityZoneId\":\"euw1-az1\",\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-5jA\",\"Value\":\"shared\"},{\"Value\":\"cloudbeat-tf-5jA-vpc-public-eu-west-1a\",\"Key\":\"Name\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/elb\"}],\"AvailableIpAddressCount\":250,\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"AvailabilityZone\":\"eu-west-1a\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a5b112f21481c793\",\"subnet-0a5b112f21481c793\"],\"name\":\"subnet-0a5b112f21481c793\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a5b112f21481c793\",\"subnet-0a5b112f21481c793\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-09eda1bf6efaa3594\",\"subnet-09eda1bf6efaa3594\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-09eda1bf6efaa3594\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"VpcId\":\"vpc-04ece708af6c9b689\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-09eda1bf6efaa3594\",\"SubnetId\":\"subnet-09eda1bf6efaa3594\",\"AvailabilityZone\":\"eu-west-1b\",\"AvailabilityZoneId\":\"euw1-az2\",\"CidrBlock\":\"10.0.5.0/24\",\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-pEN\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-pEN-vpc-public-eu-west-1b\"}],\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-09eda1bf6efaa3594\",\"subnet-09eda1bf6efaa3594\"],\"name\":\"subnet-09eda1bf6efaa3594\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0581305834edb5054\",\"subnet-0581305834edb5054\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0581305834edb5054\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.3.0/24\",\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"AvailabilityZoneId\":\"euw1-az3\",\"AvailableIpAddressCount\":246,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0581305834edb5054\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"AvailabilityZone\":\"eu-west-1c\",\"EnableDns64\":false,\"SubnetId\":\"subnet-0581305834edb5054\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"benchmark-rules-vpc-private-eu-west-1c\"},{\"Key\":\"kubernetes.io/cluster/benchmark-rules\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0581305834edb5054\",\"subnet-0581305834edb5054\"],\"name\":\"subnet-0581305834edb5054\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f109bff021a78050\",\"subnet-0f109bff021a78050\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f109bff021a78050\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"VpcId\":\"vpc-02190da3c759732a9\",\"AvailabilityZoneId\":\"euw1-az1\",\"DefaultForAz\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f109bff021a78050\",\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-private-eu-west-1a\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"}],\"AvailabilityZone\":\"eu-west-1a\",\"CidrBlock\":\"10.0.1.0/24\",\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-0f109bff021a78050\",\"MapPublicIpOnLaunch\":false,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f109bff021a78050\",\"subnet-0f109bff021a78050\"],\"name\":\"subnet-0f109bff021a78050\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-020cfea1aa7c03545\",\"CidrBlock\":\"10.0.5.0/24\",\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"SubnetId\":\"subnet-020cfea1aa7c03545\",\"State\":\"available\",\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-5jA-vpc-public-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-5jA\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1b\",\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":251,\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-020cfea1aa7c03545\",\"subnet-020cfea1aa7c03545\"],\"name\":\"subnet-020cfea1aa7c03545\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-020cfea1aa7c03545\",\"subnet-020cfea1aa7c03545\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-020cfea1aa7c03545\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a77aa794e2e89e95\",\"subnet-0a77aa794e2e89e95\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a77aa794e2e89e95\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/kuba-logs\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-vpc-private-eu-west-1a\"}],\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"State\":\"available\",\"VpcId\":\"vpc-08d87433815da7907\",\"AvailableIpAddressCount\":242,\"EnableDns64\":false,\"Ipv6Native\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a77aa794e2e89e95\",\"SubnetId\":\"subnet-0a77aa794e2e89e95\",\"AvailabilityZone\":\"eu-west-1a\",\"CidrBlock\":\"10.0.1.0/24\",\"CustomerOwnedIpv4Pool\":null,\"MapPublicIpOnLaunch\":false,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az1\",\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a77aa794e2e89e95\",\"subnet-0a77aa794e2e89e95\"],\"name\":\"subnet-0a77aa794e2e89e95\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03aa6072b34eae6a9\",\"subnet-03aa6072b34eae6a9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03aa6072b34eae6a9\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"Tags\":[{\"Key\":\"kubernetes.io/cluster/benchmark-rules\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Value\":\"benchmark-rules-vpc-private-eu-west-1b\",\"Key\":\"Name\"}],\"OwnerId\":\"704479110758\",\"State\":\"available\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":250,\"CustomerOwnedIpv4Pool\":null,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"CidrBlock\":\"10.0.2.0/24\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03aa6072b34eae6a9\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1b\",\"EnableDns64\":false,\"Ipv6Native\":false,\"SubnetId\":\"subnet-03aa6072b34eae6a9\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03aa6072b34eae6a9\",\"subnet-03aa6072b34eae6a9\"],\"name\":\"subnet-03aa6072b34eae6a9\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CustomerOwnedIpv4Pool\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0aa05616d99e52cd6\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/dg-cis\",\"Value\":\"shared\"},{\"Value\":\"dg-cis-vpc-public-eu-west-1b\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"AvailableIpAddressCount\":251,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"State\":\"available\",\"AvailabilityZone\":\"eu-west-1b\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az2\",\"CidrBlock\":\"10.0.5.0/24\",\"DefaultForAz\":false,\"EnableDns64\":false,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-0aa05616d99e52cd6\",\"VpcId\":\"vpc-06b023d1fc8665055\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0aa05616d99e52cd6\",\"subnet-0aa05616d99e52cd6\"],\"name\":\"subnet-0aa05616d99e52cd6\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0aa05616d99e52cd6\",\"subnet-0aa05616d99e52cd6\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0aa05616d99e52cd6\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-078d82cbf3e581986\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":251,\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-078d82cbf3e581986\",\"VpcId\":\"vpc-06b023d1fc8665055\",\"AvailabilityZoneId\":\"euw1-az3\",\"Tags\":[{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/elb\"},{\"Key\":\"kubernetes.io/cluster/dg-cis\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"dg-cis-vpc-public-eu-west-1c\"}],\"CidrBlock\":\"10.0.6.0/24\",\"AvailabilityZone\":\"eu-west-1c\",\"EnableDns64\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-078d82cbf3e581986\",\"AssignIpv6AddressOnCreation\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"CustomerOwnedIpv4Pool\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-078d82cbf3e581986\",\"subnet-078d82cbf3e581986\"],\"name\":\"subnet-078d82cbf3e581986\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-078d82cbf3e581986\",\"subnet-078d82cbf3e581986\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02d427894b12f050b\",\"subnet-02d427894b12f050b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02d427894b12f050b\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"AvailabilityZone\":\"eu-west-1b\",\"AvailableIpAddressCount\":251,\"OutpostArn\":null,\"State\":\"available\",\"SubnetId\":\"subnet-02d427894b12f050b\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-WWZ-vpc-public-eu-west-1b\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-WWZ\"}],\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.5.0/24\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"AvailabilityZoneId\":\"euw1-az2\",\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02d427894b12f050b\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02d427894b12f050b\",\"subnet-02d427894b12f050b\"],\"name\":\"subnet-02d427894b12f050b\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-070b0039edbb3ea35\",\"subnet-070b0039edbb3ea35\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-070b0039edbb3ea35\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/kfir-qa-project\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-vpc-public-eu-west-1a\"}],\"VpcId\":\"vpc-0096efe3aab3734db\",\"CidrBlock\":\"10.0.4.0/24\",\"Ipv6CidrBlockAssociationSet\":[],\"EnableDns64\":false,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetId\":\"subnet-070b0039edbb3ea35\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AvailableIpAddressCount\":250,\"DefaultForAz\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-070b0039edbb3ea35\",\"AvailabilityZoneId\":\"euw1-az1\",\"CustomerOwnedIpv4Pool\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-070b0039edbb3ea35\",\"subnet-070b0039edbb3ea35\"],\"name\":\"subnet-070b0039edbb3ea35\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02b6ea79f0e7227f7\",\"subnet-02b6ea79f0e7227f7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02b6ea79f0e7227f7\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":false,\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-nsZ-vpc-private-eu-west-1a\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-nsZ\"}],\"VpcId\":\"vpc-0a74788000c2f0013\",\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-02b6ea79f0e7227f7\",\"AvailabilityZone\":\"eu-west-1a\",\"CidrBlock\":\"10.0.1.0/24\",\"EnableDns64\":false,\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":251,\"OutpostArn\":null,\"MapPublicIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02b6ea79f0e7227f7\",\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02b6ea79f0e7227f7\",\"subnet-02b6ea79f0e7227f7\"],\"name\":\"subnet-02b6ea79f0e7227f7\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e8a6a6a9dd61ba2d\",\"subnet-0e8a6a6a9dd61ba2d\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e8a6a6a9dd61ba2d\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":251,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e8a6a6a9dd61ba2d\",\"AssignIpv6AddressOnCreation\":false,\"EnableDns64\":false,\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-0de5d19ac894b58c9\",\"AvailabilityZoneId\":\"euw1-az1\",\"CidrBlock\":\"10.0.1.0/24\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-Gfp-vpc-private-eu-west-1a\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-Gfp\",\"Value\":\"shared\"}],\"AvailabilityZone\":\"eu-west-1a\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"State\":\"available\",\"SubnetId\":\"subnet-0e8a6a6a9dd61ba2d\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e8a6a6a9dd61ba2d\",\"subnet-0e8a6a6a9dd61ba2d\"],\"name\":\"subnet-0e8a6a6a9dd61ba2d\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6Native\":false,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"dg-cis-vpc-private-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/dg-cis\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}],\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"CidrBlock\":\"10.0.2.0/24\",\"MapPublicIpOnLaunch\":false,\"VpcId\":\"vpc-06b023d1fc8665055\",\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"State\":\"available\",\"AvailabilityZone\":\"eu-west-1b\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ee9db2f83d931918\",\"SubnetId\":\"subnet-0ee9db2f83d931918\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az2\",\"DefaultForAz\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ee9db2f83d931918\",\"subnet-0ee9db2f83d931918\"],\"name\":\"subnet-0ee9db2f83d931918\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ee9db2f83d931918\",\"subnet-0ee9db2f83d931918\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ee9db2f83d931918\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZone\":\"eu-west-1b\",\"AvailabilityZoneId\":\"euw1-az2\",\"DefaultForAz\":false,\"OwnerId\":\"704479110758\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.5.0/24\",\"EnableDns64\":false,\"MapPublicIpOnLaunch\":true,\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"VpcId\":\"vpc-0096efe3aab3734db\",\"CustomerOwnedIpv4Pool\":null,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0078ca27a20c0e6fd\",\"SubnetId\":\"subnet-0078ca27a20c0e6fd\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-vpc-public-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/kfir-qa-project\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0078ca27a20c0e6fd\",\"subnet-0078ca27a20c0e6fd\"],\"name\":\"subnet-0078ca27a20c0e6fd\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0078ca27a20c0e6fd\",\"subnet-0078ca27a20c0e6fd\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0078ca27a20c0e6fd\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-015b984f7a5a99749\",\"subnet-015b984f7a5a99749\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-015b984f7a5a99749\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"State\":\"available\",\"SubnetId\":\"subnet-015b984f7a5a99749\",\"AvailabilityZoneId\":\"euw1-az1\",\"CidrBlock\":\"10.0.4.0/24\",\"DefaultForAz\":false,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"AvailableIpAddressCount\":250,\"MapPublicIpOnLaunch\":true,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"dg-cis-vpc-public-eu-west-1a\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/dg-cis\",\"Value\":\"shared\"}],\"VpcId\":\"vpc-06b023d1fc8665055\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"EnableLniAtDeviceIndex\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-015b984f7a5a99749\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-015b984f7a5a99749\",\"subnet-015b984f7a5a99749\"],\"name\":\"subnet-015b984f7a5a99749\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ed154aa70918550b\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"euw1-az1\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":false,\"SubnetId\":\"subnet-0ed154aa70918550b\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"benchmark-rules-vpc-private-eu-west-1a\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/benchmark-rules\",\"Value\":\"shared\"}],\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"OutpostArn\":null,\"State\":\"available\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.1.0/24\",\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ed154aa70918550b\",\"AvailabilityZone\":\"eu-west-1a\",\"AvailableIpAddressCount\":243}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ed154aa70918550b\",\"subnet-0ed154aa70918550b\"],\"name\":\"subnet-0ed154aa70918550b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ed154aa70918550b\",\"subnet-0ed154aa70918550b\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02ad7a3d0af24c4d8\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"name\":\"subnet-02ad7a3d0af24c4d8\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"VpcId\":\"vpc-02190da3c759732a9\",\"AssignIpv6AddressOnCreation\":false,\"EnableDns64\":false,\"State\":\"available\",\"SubnetId\":\"subnet-02ad7a3d0af24c4d8\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-private-eu-west-1c\"}],\"AvailabilityZoneId\":\"euw1-az3\",\"CidrBlock\":\"10.0.3.0/24\",\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02ad7a3d0af24c4d8\",\"AvailabilityZone\":\"eu-west-1c\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02ad7a3d0af24c4d8\",\"subnet-02ad7a3d0af24c4d8\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02ad7a3d0af24c4d8\",\"subnet-02ad7a3d0af24c4d8\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-009eb15ec5020262d\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-009eb15ec5020262d\",\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-public-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"}],\"AvailabilityZone\":\"eu-west-1b\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-009eb15ec5020262d\",\"State\":\"available\",\"VpcId\":\"vpc-02190da3c759732a9\",\"AvailabilityZoneId\":\"euw1-az2\",\"CidrBlock\":\"10.0.5.0/24\",\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-009eb15ec5020262d\",\"subnet-009eb15ec5020262d\"],\"name\":\"subnet-009eb15ec5020262d\",\"category\":\"infrastructure\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-009eb15ec5020262d\",\"subnet-009eb15ec5020262d\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0c52bb149ee4c3903\",\"subnet-0c52bb149ee4c3903\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0c52bb149ee4c3903\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1b\",\"CustomerOwnedIpv4Pool\":null,\"MapPublicIpOnLaunch\":true,\"SubnetId\":\"subnet-0c52bb149ee4c3903\",\"CidrBlock\":\"10.0.5.0/24\",\"EnableDns64\":false,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0c52bb149ee4c3903\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-Gfp-vpc-public-eu-west-1b\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-Gfp\",\"Value\":\"shared\"}],\"AvailabilityZoneId\":\"euw1-az2\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"OutpostArn\":null,\"AvailableIpAddressCount\":251,\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"VpcId\":\"vpc-0de5d19ac894b58c9\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0c52bb149ee4c3903\",\"subnet-0c52bb149ee4c3903\"],\"name\":\"subnet-0c52bb149ee4c3903\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e121700fc0341fcb\",\"subnet-0e121700fc0341fcb\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e121700fc0341fcb\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6CidrBlockAssociationSet\":[],\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e121700fc0341fcb\",\"AvailabilityZoneId\":\"euw1-az3\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"OwnerId\":\"704479110758\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.6.0/24\",\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"AvailabilityZone\":\"eu-west-1c\",\"EnableDns64\":false,\"SubnetId\":\"subnet-0e121700fc0341fcb\",\"VpcId\":\"vpc-06635215f51bfd343\",\"AssignIpv6AddressOnCreation\":false,\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"amir-env-vpc-public-eu-west-1c\"},{\"Key\":\"kubernetes.io/cluster/amir-env\",\"Value\":\"shared\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e121700fc0341fcb\",\"subnet-0e121700fc0341fcb\"],\"name\":\"subnet-0e121700fc0341fcb\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-06635215f51bfd343\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-056c5f97d89fe38e8\",\"subnet-056c5f97d89fe38e8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-056c5f97d89fe38e8\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":251,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"State\":\"available\",\"SubnetId\":\"subnet-056c5f97d89fe38e8\",\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/benchmark-rules\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"benchmark-rules-vpc-public-eu-west-1b\"}],\"AvailabilityZone\":\"eu-west-1b\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"DefaultForAz\":false,\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-056c5f97d89fe38e8\",\"CidrBlock\":\"10.0.5.0/24\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AssignIpv6AddressOnCreation\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-056c5f97d89fe38e8\",\"subnet-056c5f97d89fe38e8\"],\"name\":\"subnet-056c5f97d89fe38e8\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"State\":\"available\",\"AvailabilityZoneId\":\"euw1-az3\",\"CidrBlock\":\"10.0.3.0/24\",\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-01382f5e89be0e460\",\"VpcId\":\"vpc-0a74788000c2f0013\",\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":false,\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-nsZ\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-nsZ-vpc-private-eu-west-1c\"}],\"AvailabilityZone\":\"eu-west-1c\",\"DefaultForAz\":false,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01382f5e89be0e460\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01382f5e89be0e460\",\"subnet-01382f5e89be0e460\"],\"name\":\"subnet-01382f5e89be0e460\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01382f5e89be0e460\",\"subnet-01382f5e89be0e460\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01382f5e89be0e460\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"raw\":{\"subnet\":{\"AvailabilityZone\":\"eu-west-1a\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"State\":\"available\",\"SubnetId\":\"subnet-00e9a5645e8fe263e\",\"VpcId\":\"vpc-05dd3a849e821fafc\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az1\",\"DefaultForAz\":false,\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-AhU-vpc-private-eu-west-1a\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-AhU\",\"Value\":\"shared\"}],\"CidrBlock\":\"10.0.1.0/24\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"AvailableIpAddressCount\":251,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00e9a5645e8fe263e\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00e9a5645e8fe263e\",\"subnet-00e9a5645e8fe263e\"],\"name\":\"subnet-00e9a5645e8fe263e\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00e9a5645e8fe263e\",\"subnet-00e9a5645e8fe263e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00e9a5645e8fe263e\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"State\":\"available\",\"AvailabilityZoneId\":\"euw1-az3\",\"DefaultForAz\":false,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1c\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-064a6141dfe98c933\",\"VpcId\":\"vpc-0de5d19ac894b58c9\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.3.0/24\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"SubnetId\":\"subnet-064a6141dfe98c933\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-Gfp-vpc-private-eu-west-1c\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-Gfp\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-064a6141dfe98c933\",\"subnet-064a6141dfe98c933\"],\"name\":\"subnet-064a6141dfe98c933\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-064a6141dfe98c933\",\"subnet-064a6141dfe98c933\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-064a6141dfe98c933\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0b5ada4550b941390\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08970bf23eae9264b\",\"subnet-08970bf23eae9264b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08970bf23eae9264b\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"AvailabilityZoneId\":\"euw1-az1\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08970bf23eae9264b\",\"DefaultForAz\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":[{\"Key\":\"kubernetes.io/cluster/maxcold-test\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"maxcold-test-vpc-public-eu-west-1a\"}],\"CidrBlock\":\"10.0.4.0/24\",\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"VpcId\":\"vpc-0b5ada4550b941390\",\"AvailableIpAddressCount\":251,\"EnableDns64\":false,\"SubnetId\":\"subnet-08970bf23eae9264b\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08970bf23eae9264b\",\"subnet-08970bf23eae9264b\"],\"name\":\"subnet-08970bf23eae9264b\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-007829077de560c69\",\"subnet-007829077de560c69\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-007829077de560c69\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-007829077de560c69\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az2\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-vpc-private-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/kfir-qa-project\",\"Value\":\"shared\"}],\"VpcId\":\"vpc-0096efe3aab3734db\",\"AvailabilityZone\":\"eu-west-1b\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"CidrBlock\":\"10.0.2.0/24\",\"Ipv6CidrBlockAssociationSet\":[],\"State\":\"available\",\"MapPublicIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-007829077de560c69\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-007829077de560c69\",\"subnet-007829077de560c69\"],\"name\":\"subnet-007829077de560c69\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"resource_policies\":[],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0b239250c16bbb84b\",\"subnet-0b239250c16bbb84b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0b239250c16bbb84b\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"EnableDns64\":false,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"State\":\"available\",\"SubnetId\":\"subnet-0b239250c16bbb84b\",\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0b239250c16bbb84b\",\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"AvailabilityZone\":\"eu-west-1b\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.2.0/24\",\"Ipv6CidrBlockAssociationSet\":[],\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-WWZ\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-WWZ-vpc-private-eu-west-1b\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0b239250c16bbb84b\",\"subnet-0b239250c16bbb84b\"],\"name\":\"subnet-0b239250c16bbb84b\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0799634ae05f2b209\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"EnableDns64\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0799634ae05f2b209\",\"AvailableIpAddressCount\":250,\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kuba-logs-vpc-public-eu-west-1a\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/kuba-logs\",\"Value\":\"shared\"}],\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetId\":\"subnet-0799634ae05f2b209\",\"State\":\"available\",\"VpcId\":\"vpc-08d87433815da7907\",\"AvailabilityZoneId\":\"euw1-az1\",\"CidrBlock\":\"10.0.4.0/24\",\"Ipv6CidrBlockAssociationSet\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0799634ae05f2b209\",\"subnet-0799634ae05f2b209\"],\"name\":\"subnet-0799634ae05f2b209\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0799634ae05f2b209\",\"subnet-0799634ae05f2b209\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e27ed9e54263c4e3\",\"subnet-0e27ed9e54263c4e3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e27ed9e54263c4e3\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"eu-west-1c\",\"AvailableIpAddressCount\":251,\"MapPublicIpOnLaunch\":true,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e27ed9e54263c4e3\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/kfir-qa-project\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-vpc-public-eu-west-1c\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"AvailabilityZoneId\":\"euw1-az3\",\"CidrBlock\":\"10.0.6.0/24\",\"EnableDns64\":false,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetId\":\"subnet-0e27ed9e54263c4e3\",\"AssignIpv6AddressOnCreation\":false,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"VpcId\":\"vpc-0096efe3aab3734db\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e27ed9e54263c4e3\",\"subnet-0e27ed9e54263c4e3\"],\"name\":\"subnet-0e27ed9e54263c4e3\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0096efe3aab3734db\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03d0cff9718e7aeb2\",\"subnet-03d0cff9718e7aeb2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03d0cff9718e7aeb2\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZone\":\"eu-west-1a\",\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":250,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-03d0cff9718e7aeb2\",\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-Gfp\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-Gfp-vpc-public-eu-west-1a\"}],\"VpcId\":\"vpc-0de5d19ac894b58c9\",\"DefaultForAz\":false,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03d0cff9718e7aeb2\",\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.4.0/24\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03d0cff9718e7aeb2\",\"subnet-03d0cff9718e7aeb2\"],\"name\":\"subnet-03d0cff9718e7aeb2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"10.0.2.0/24\",\"EnableLniAtDeviceIndex\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-08f2f48be1493d1ff\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"State\":\"available\",\"AvailabilityZone\":\"eu-west-1b\",\"Ipv6Native\":false,\"OutpostArn\":null,\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-AhU-vpc-private-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-AhU\",\"Value\":\"shared\"}],\"EnableDns64\":false,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08f2f48be1493d1ff\",\"VpcId\":\"vpc-05dd3a849e821fafc\",\"AvailabilityZoneId\":\"euw1-az2\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08f2f48be1493d1ff\",\"subnet-08f2f48be1493d1ff\"],\"name\":\"subnet-08f2f48be1493d1ff\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08f2f48be1493d1ff\",\"subnet-08f2f48be1493d1ff\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08f2f48be1493d1ff\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03471f9d33d77b2d3\",\"subnet-03471f9d33d77b2d3\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03471f9d33d77b2d3\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03471f9d33d77b2d3\",\"subnet-03471f9d33d77b2d3\"],\"name\":\"subnet-03471f9d33d77b2d3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":250,\"CidrBlock\":\"10.0.4.0/24\",\"DefaultForAz\":false,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"SubnetId\":\"subnet-03471f9d33d77b2d3\",\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-vpc-public-eu-west-1a\"},{\"Key\":\"kubernetes.io/cluster/test-env-ci-tf\",\"Value\":\"shared\"}],\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"AvailabilityZone\":\"eu-west-1a\",\"Ipv6CidrBlockAssociationSet\":[],\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03471f9d33d77b2d3\"}}},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0265091ed79292f2c\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e9a99fb7f8f99434\",\"subnet-0e9a99fb7f8f99434\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e9a99fb7f8f99434\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Tags\":[{\"Key\":\"kubernetes.io/cluster/amir-env6\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Value\":\"amir-env6-vpc-private-eu-west-1a\",\"Key\":\"Name\"}],\"VpcId\":\"vpc-0265091ed79292f2c\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.1.0/24\",\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e9a99fb7f8f99434\",\"CustomerOwnedIpv4Pool\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"AvailabilityZoneId\":\"euw1-az1\",\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetId\":\"subnet-0e9a99fb7f8f99434\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0e9a99fb7f8f99434\",\"subnet-0e9a99fb7f8f99434\"],\"name\":\"subnet-0e9a99fb7f8f99434\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a49da801aa320357\",\"subnet-0a49da801aa320357\"],\"name\":\"subnet-0a49da801aa320357\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a49da801aa320357\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-private-eu-west-1b\"}],\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1b\",\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.2.0/24\",\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-0a49da801aa320357\",\"VpcId\":\"vpc-02190da3c759732a9\"}}},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a49da801aa320357\",\"subnet-0a49da801aa320357\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a49da801aa320357\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-07ac380f66015b607\",\"subnet-07ac380f66015b607\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-07ac380f66015b607\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-0a74788000c2f0013\",\"CidrBlock\":\"10.0.6.0/24\",\"EnableDns64\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-07ac380f66015b607\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"SubnetId\":\"subnet-07ac380f66015b607\",\"Tags\":[{\"Value\":\"cloudbeat-tf-nsZ-vpc-public-eu-west-1c\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-nsZ\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1c\",\"DefaultForAz\":false,\"Ipv6Native\":false,\"AvailabilityZoneId\":\"euw1-az3\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-07ac380f66015b607\",\"subnet-07ac380f66015b607\"],\"name\":\"subnet-07ac380f66015b607\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fa6ec9a07ddabafe\",\"subnet-0fa6ec9a07ddabafe\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fa6ec9a07ddabafe\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"name\":\"subnet-0fa6ec9a07ddabafe\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZone\":\"eu-west-1b\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.5.0/24\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fa6ec9a07ddabafe\",\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az2\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"DefaultForAz\":false,\"SubnetId\":\"subnet-0fa6ec9a07ddabafe\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-vpc-public-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/test-env-ci-tf\",\"Value\":\"shared\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/elb\"}],\"VpcId\":\"vpc-0d0d507f15a7baefb\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fa6ec9a07ddabafe\",\"subnet-0fa6ec9a07ddabafe\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-045fe0eb1312d2ebf\",\"subnet-045fe0eb1312d2ebf\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-045fe0eb1312d2ebf\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"name\":\"subnet-045fe0eb1312d2ebf\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":false,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"AvailabilityZoneId\":\"euw1-az3\",\"AvailabilityZone\":\"eu-west-1c\",\"AvailableIpAddressCount\":251,\"Ipv6CidrBlockAssociationSet\":[],\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-5jA-vpc-private-eu-west-1c\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-5jA\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}],\"AssignIpv6AddressOnCreation\":false,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-045fe0eb1312d2ebf\",\"CidrBlock\":\"10.0.3.0/24\",\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"OutpostArn\":null,\"State\":\"available\",\"SubnetId\":\"subnet-045fe0eb1312d2ebf\",\"CustomerOwnedIpv4Pool\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-045fe0eb1312d2ebf\",\"subnet-045fe0eb1312d2ebf\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"euw1-az3\",\"CidrBlock\":\"10.0.3.0/24\",\"MapPublicIpOnLaunch\":false,\"State\":\"available\",\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-0ba97db4a20518b40\",\"VpcId\":\"vpc-06b023d1fc8665055\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1c\",\"EnableDns64\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ba97db4a20518b40\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"dg-cis-vpc-private-eu-west-1c\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/dg-cis\",\"Value\":\"shared\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ba97db4a20518b40\",\"subnet-0ba97db4a20518b40\"],\"name\":\"subnet-0ba97db4a20518b40\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ba97db4a20518b40\",\"subnet-0ba97db4a20518b40\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0ba97db4a20518b40\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f5599e2c5f7309f8\",\"subnet-0f5599e2c5f7309f8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f5599e2c5f7309f8\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f5599e2c5f7309f8\",\"subnet-0f5599e2c5f7309f8\"],\"name\":\"subnet-0f5599e2c5f7309f8\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az3\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"CidrBlock\":\"10.0.3.0/24\",\"OutpostArn\":null,\"VpcId\":\"vpc-096d5aaf84103883c\",\"AvailableIpAddressCount\":247,\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":false,\"State\":\"available\",\"AvailabilityZone\":\"eu-west-1c\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f5599e2c5f7309f8\",\"SubnetId\":\"subnet-0f5599e2c5f7309f8\",\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"long-running-project-vpc-private-eu-west-1c\"},{\"Key\":\"kubernetes.io/cluster/long-running-project\",\"Value\":\"shared\"}]}}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01ea8f2367f2311ae\",\"subnet-01ea8f2367f2311ae\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01ea8f2367f2311ae\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-04ece708af6c9b689\",\"AvailabilityZone\":\"eu-west-1c\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"AvailabilityZoneId\":\"euw1-az3\",\"Ipv6Native\":false,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-pEN-vpc-private-eu-west-1c\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/internal-elb\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-pEN\",\"Value\":\"shared\"}],\"CidrBlock\":\"10.0.3.0/24\",\"OutpostArn\":null,\"State\":\"available\",\"SubnetId\":\"subnet-01ea8f2367f2311ae\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01ea8f2367f2311ae\",\"AssignIpv6AddressOnCreation\":false,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-01ea8f2367f2311ae\",\"subnet-01ea8f2367f2311ae\"],\"name\":\"subnet-01ea8f2367f2311ae\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-043f1e41224a5fb12\",\"subnet-043f1e41224a5fb12\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-043f1e41224a5fb12\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az3\",\"OwnerId\":\"704479110758\",\"EnableLniAtDeviceIndex\":null,\"SubnetId\":\"subnet-043f1e41224a5fb12\",\"AvailabilityZone\":\"eu-west-1c\",\"CidrBlock\":\"10.0.3.0/24\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-043f1e41224a5fb12\",\"DefaultForAz\":false,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"Tags\":[{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/internal-elb\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/amir-env\"},{\"Value\":\"amir-env-vpc-private-eu-west-1c\",\"Key\":\"Name\"}],\"VpcId\":\"vpc-06635215f51bfd343\",\"AvailableIpAddressCount\":251,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-043f1e41224a5fb12\",\"subnet-043f1e41224a5fb12\"],\"name\":\"subnet-043f1e41224a5fb12\",\"category\":\"infrastructure\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-06635215f51bfd343\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":250,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az1\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/amir-env\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"amir-env-vpc-public-eu-west-1a\"}],\"AvailabilityZone\":\"eu-west-1a\",\"CidrBlock\":\"10.0.4.0/24\",\"Ipv6Native\":false,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d369ee4ec7b9c3a7\",\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-0d369ee4ec7b9c3a7\",\"VpcId\":\"vpc-061fc9c22f73c7d3e\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d369ee4ec7b9c3a7\",\"subnet-0d369ee4ec7b9c3a7\"],\"name\":\"subnet-0d369ee4ec7b9c3a7\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-061fc9c22f73c7d3e\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d369ee4ec7b9c3a7\",\"subnet-0d369ee4ec7b9c3a7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d369ee4ec7b9c3a7\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0211e573f34ef5921\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"CidrBlock\":\"10.0.6.0/24\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"SubnetId\":\"subnet-0211e573f34ef5921\",\"VpcId\":\"vpc-05dd3a849e821fafc\",\"AvailabilityZone\":\"eu-west-1c\",\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"AvailabilityZoneId\":\"euw1-az3\",\"AvailableIpAddressCount\":251,\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-AhU\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Value\":\"cloudbeat-tf-AhU-vpc-public-eu-west-1c\",\"Key\":\"Name\"}],\"AssignIpv6AddressOnCreation\":false,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0211e573f34ef5921\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0211e573f34ef5921\",\"subnet-0211e573f34ef5921\"],\"name\":\"subnet-0211e573f34ef5921\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0211e573f34ef5921\",\"subnet-0211e573f34ef5921\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00b864f5fca41b8f4\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AvailabilityZone\":\"eu-west-1b\",\"AvailableIpAddressCount\":251,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"VpcId\":\"vpc-08d87433815da7907\",\"AvailabilityZoneId\":\"euw1-az2\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00b864f5fca41b8f4\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kuba-logs-vpc-public-eu-west-1b\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/elb\"},{\"Key\":\"kubernetes.io/cluster/kuba-logs\",\"Value\":\"shared\"}],\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.5.0/24\",\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"SubnetId\":\"subnet-00b864f5fca41b8f4\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00b864f5fca41b8f4\",\"subnet-00b864f5fca41b8f4\"],\"name\":\"subnet-00b864f5fca41b8f4\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00b864f5fca41b8f4\",\"subnet-00b864f5fca41b8f4\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"raw\":{\"subnet\":{\"SubnetId\":\"subnet-0190249d34f071ca9\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-nsZ-vpc-private-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-nsZ\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}],\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"AvailabilityZoneId\":\"euw1-az2\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"State\":\"available\",\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-0a74788000c2f0013\",\"AvailabilityZone\":\"eu-west-1b\",\"CidrBlock\":\"10.0.2.0/24\",\"DefaultForAz\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0190249d34f071ca9\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0190249d34f071ca9\",\"subnet-0190249d34f071ca9\"],\"name\":\"subnet-0190249d34f071ca9\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0190249d34f071ca9\",\"subnet-0190249d34f071ca9\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0190249d34f071ca9\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-7a841e20\",\"subnet-7a841e20\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-7a841e20\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"raw\":{\"subnet\":{\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"VpcId\":\"vpc-6cb55a15\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":4079,\"DefaultForAz\":true,\"Ipv6CidrBlockAssociationSet\":[],\"SubnetId\":\"subnet-7a841e20\",\"CidrBlock\":\"172.31.32.0/20\",\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-7a841e20\",\"State\":\"available\",\"Tags\":null,\"AvailabilityZone\":\"eu-west-1c\",\"AvailabilityZoneId\":\"euw1-az3\",\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"}}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-7a841e20\",\"subnet-7a841e20\"],\"name\":\"subnet-7a841e20\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-pEN-vpc-private-eu-west-1b\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-pEN\",\"Value\":\"shared\"}],\"VpcId\":\"vpc-04ece708af6c9b689\",\"AvailabilityZone\":\"eu-west-1b\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-07456aebc63be1f86\",\"CidrBlock\":\"10.0.2.0/24\",\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-07456aebc63be1f86\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":251,\"DefaultForAz\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-07456aebc63be1f86\",\"subnet-07456aebc63be1f86\"],\"name\":\"subnet-07456aebc63be1f86\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-07456aebc63be1f86\",\"subnet-07456aebc63be1f86\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-07456aebc63be1f86\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-071bb079367aba847\",\"subnet-071bb079367aba847\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-071bb079367aba847\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Ipv6CidrBlockAssociationSet\":[],\"CidrBlock\":\"10.0.5.0/24\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"AvailableIpAddressCount\":251,\"AvailabilityZoneId\":\"euw1-az2\",\"SubnetId\":\"subnet-071bb079367aba847\",\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"long-running-project-vpc-public-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/long-running-project\",\"Value\":\"shared\"}],\"VpcId\":\"vpc-096d5aaf84103883c\",\"AvailabilityZone\":\"eu-west-1b\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6Native\":false,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-071bb079367aba847\",\"AssignIpv6AddressOnCreation\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-071bb079367aba847\",\"subnet-071bb079367aba847\"],\"name\":\"subnet-071bb079367aba847\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-0a74788000c2f0013\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03b066524255a77b4\",\"subnet-03b066524255a77b4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03b066524255a77b4\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":250,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03b066524255a77b4\",\"SubnetId\":\"subnet-03b066524255a77b4\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-nsZ\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-nsZ-vpc-public-eu-west-1a\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/elb\"}],\"AvailabilityZone\":\"eu-west-1a\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az1\",\"DefaultForAz\":false,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"State\":\"available\",\"VpcId\":\"vpc-0a74788000c2f0013\",\"CidrBlock\":\"10.0.4.0/24\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-03b066524255a77b4\",\"subnet-03b066524255a77b4\"],\"name\":\"subnet-03b066524255a77b4\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-072b100ec47a4b6e4\",\"subnet-072b100ec47a4b6e4\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-072b100ec47a4b6e4\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"raw\":{\"subnet\":{\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/kuba-logs\",\"Value\":\"shared\"},{\"Value\":\"kuba-logs-vpc-private-eu-west-1c\",\"Key\":\"Name\"}],\"VpcId\":\"vpc-08d87433815da7907\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"State\":\"available\",\"Ipv6Native\":false,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1c\",\"CidrBlock\":\"10.0.3.0/24\",\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-072b100ec47a4b6e4\",\"SubnetId\":\"subnet-072b100ec47a4b6e4\",\"AvailabilityZoneId\":\"euw1-az3\",\"DefaultForAz\":false,\"EnableDns64\":false,\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-072b100ec47a4b6e4\",\"subnet-072b100ec47a4b6e4\"],\"name\":\"subnet-072b100ec47a4b6e4\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-08d87433815da7907\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f8c4fc8a013d6e18\",\"subnet-0f8c4fc8a013d6e18\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f8c4fc8a013d6e18\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f8c4fc8a013d6e18\",\"VpcId\":\"vpc-08d87433815da7907\",\"CidrBlock\":\"10.0.6.0/24\",\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"kuba-logs-vpc-public-eu-west-1c\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/kuba-logs\"}],\"AvailabilityZoneId\":\"euw1-az3\",\"SubnetId\":\"subnet-0f8c4fc8a013d6e18\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1c\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0f8c4fc8a013d6e18\",\"subnet-0f8c4fc8a013d6e18\"],\"name\":\"subnet-0f8c4fc8a013d6e18\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-b50028fd\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"172.31.16.0/20\",\"DefaultForAz\":true,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":4082,\"SubnetId\":\"subnet-b50028fd\",\"VpcId\":\"vpc-6cb55a15\",\"AvailabilityZone\":\"eu-west-1b\",\"Ipv6CidrBlockAssociationSet\":[],\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-b50028fd\",\"AssignIpv6AddressOnCreation\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"Tags\":null,\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-b50028fd\",\"subnet-b50028fd\"],\"name\":\"subnet-b50028fd\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-b50028fd\",\"subnet-b50028fd\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-031a3c5f3616abbf8\",\"subnet-031a3c5f3616abbf8\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-031a3c5f3616abbf8\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":false,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"AvailableIpAddressCount\":251,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-031a3c5f3616abbf8\",\"SubnetId\":\"subnet-031a3c5f3616abbf8\",\"State\":\"available\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-SXE\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-vpc-private-eu-west-1a\"}],\"AvailabilityZoneId\":\"euw1-az1\",\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"VpcId\":\"vpc-0bf78569aaae50b84\",\"OwnerId\":\"704479110758\",\"CidrBlock\":\"10.0.1.0/24\",\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-031a3c5f3616abbf8\",\"subnet-031a3c5f3616abbf8\"],\"name\":\"subnet-031a3c5f3616abbf8\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.096+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-059a72f44f27a917a\",\"subnet-059a72f44f27a917a\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-059a72f44f27a917a\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-SXE\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-vpc-public-eu-west-1a\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"AvailabilityZone\":\"eu-west-1a\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"OwnerId\":\"704479110758\",\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":250,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-059a72f44f27a917a\",\"SubnetId\":\"subnet-059a72f44f27a917a\",\"VpcId\":\"vpc-0bf78569aaae50b84\",\"CidrBlock\":\"10.0.4.0/24\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"AvailabilityZoneId\":\"euw1-az1\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-059a72f44f27a917a\",\"subnet-059a72f44f27a917a\"],\"name\":\"subnet-059a72f44f27a917a\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZone\":\"eu-west-1b\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"State\":\"available\",\"SubnetId\":\"subnet-056e3f276ec4c5310\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az2\",\"CidrBlock\":\"10.0.2.0/24\",\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-056e3f276ec4c5310\",\"DefaultForAz\":false,\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Value\":\"amir-env6-vpc-private-eu-west-1b\",\"Key\":\"Name\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/amir-env6\"}],\"VpcId\":\"vpc-0265091ed79292f2c\",\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-056e3f276ec4c5310\",\"subnet-056e3f276ec4c5310\"],\"name\":\"subnet-056e3f276ec4c5310\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0265091ed79292f2c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-056e3f276ec4c5310\",\"subnet-056e3f276ec4c5310\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-056e3f276ec4c5310\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-005be66a652673241\",\"subnet-005be66a652673241\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-005be66a652673241\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-005be66a652673241\",\"VpcId\":\"vpc-0bf78569aaae50b84\",\"AvailableIpAddressCount\":251,\"EnableDns64\":false,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-005be66a652673241\",\"AvailabilityZone\":\"eu-west-1b\",\"CidrBlock\":\"10.0.5.0/24\",\"EnableLniAtDeviceIndex\":null,\"AvailabilityZoneId\":\"euw1-az2\",\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-SXE\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-vpc-public-eu-west-1b\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-005be66a652673241\",\"subnet-005be66a652673241\"],\"name\":\"subnet-005be66a652673241\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-0bf78569aaae50b84\"]},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d0baa38ef0fd2426\",\"subnet-0d0baa38ef0fd2426\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d0baa38ef0fd2426\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6CidrBlockAssociationSet\":[],\"AvailableIpAddressCount\":251,\"EnableDns64\":false,\"CustomerOwnedIpv4Pool\":null,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d0baa38ef0fd2426\",\"SubnetId\":\"subnet-0d0baa38ef0fd2426\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-AhU\",\"Value\":\"shared\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/elb\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-AhU-vpc-public-eu-west-1a\"}],\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-05dd3a849e821fafc\",\"AvailabilityZoneId\":\"euw1-az1\",\"CidrBlock\":\"10.0.4.0/24\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d0baa38ef0fd2426\",\"subnet-0d0baa38ef0fd2426\"],\"name\":\"subnet-0d0baa38ef0fd2426\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"name\":\"subnet-d4cf96b2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"OutpostArn\":null,\"State\":\"available\",\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":4088,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-d4cf96b2\",\"VpcId\":\"vpc-6cb55a15\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"CidrBlock\":\"172.31.0.0/20\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"OwnerId\":\"704479110758\",\"Tags\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-d4cf96b2\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-d4cf96b2\",\"subnet-d4cf96b2\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-6cb55a15\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-d4cf96b2\",\"subnet-d4cf96b2\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-d4cf96b2\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-05dd3a849e821fafc\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a59dafcae832542c\",\"subnet-0a59dafcae832542c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a59dafcae832542c\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"SubnetId\":\"subnet-0a59dafcae832542c\",\"Tags\":[{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/elb\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-AhU\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-AhU-vpc-public-eu-west-1b\"}],\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":251,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"OutpostArn\":null,\"AssignIpv6AddressOnCreation\":false,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"AvailabilityZone\":\"eu-west-1b\",\"CidrBlock\":\"10.0.5.0/24\",\"CustomerOwnedIpv4Pool\":null,\"MapPublicIpOnLaunch\":true,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a59dafcae832542c\",\"VpcId\":\"vpc-05dd3a849e821fafc\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a59dafcae832542c\",\"subnet-0a59dafcae832542c\"],\"name\":\"subnet-0a59dafcae832542c\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fe81c65bd681a8bc\",\"subnet-0fe81c65bd681a8bc\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fe81c65bd681a8bc\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fe81c65bd681a8bc\",\"SubnetId\":\"subnet-0fe81c65bd681a8bc\",\"CidrBlock\":\"10.0.3.0/24\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-vpc-private-eu-west-1c\"},{\"Key\":\"kubernetes.io/cluster/test-env-ci-tf\",\"Value\":\"shared\"}],\"AvailabilityZoneId\":\"euw1-az3\",\"DefaultForAz\":false,\"EnableDns64\":false,\"MapPublicIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"State\":\"available\",\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1c\",\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fe81c65bd681a8bc\",\"subnet-0fe81c65bd681a8bc\"],\"name\":\"subnet-0fe81c65bd681a8bc\",\"category\":\"infrastructure\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0c8299d2fc2a16cfd\",\"subnet-0c8299d2fc2a16cfd\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0c8299d2fc2a16cfd\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"AvailabilityZone\":\"eu-west-1b\",\"CidrBlock\":\"10.0.2.0/24\",\"State\":\"available\",\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-5jA\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-5jA-vpc-private-eu-west-1b\"}],\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"DefaultForAz\":false,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"AvailabilityZoneId\":\"euw1-az2\",\"AvailableIpAddressCount\":251,\"MapPublicIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0c8299d2fc2a16cfd\",\"SubnetId\":\"subnet-0c8299d2fc2a16cfd\",\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0c8299d2fc2a16cfd\",\"subnet-0c8299d2fc2a16cfd\"],\"name\":\"subnet-0c8299d2fc2a16cfd\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-05eeaaeb72e2eb28b\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0db44e7206e0bf6e7\",\"subnet-0db44e7206e0bf6e7\"],\"name\":\"subnet-0db44e7206e0bf6e7\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":250,\"MapPublicIpOnLaunch\":true,\"VpcId\":\"vpc-096d5aaf84103883c\",\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"SubnetId\":\"subnet-0db44e7206e0bf6e7\",\"OutpostArn\":null,\"AvailabilityZone\":\"eu-west-1a\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"long-running-project-vpc-public-eu-west-1a\"},{\"Key\":\"kubernetes.io/cluster/long-running-project\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"CidrBlock\":\"10.0.4.0/24\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0db44e7206e0bf6e7\"}}},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0db44e7206e0bf6e7\",\"subnet-0db44e7206e0bf6e7\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0db44e7206e0bf6e7\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08af497c9d775fa00\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"name\":\"subnet-08af497c9d775fa00\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.2.0/24\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-08af497c9d775fa00\",\"AvailabilityZone\":\"eu-west-1b\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"VpcId\":\"vpc-06635215f51bfd343\",\"AvailabilityZoneId\":\"euw1-az2\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"amir-env-vpc-private-eu-west-1b\"},{\"Key\":\"kubernetes.io/cluster/amir-env\",\"Value\":\"shared\"}],\"AvailableIpAddressCount\":251,\"DefaultForAz\":false,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08af497c9d775fa00\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08af497c9d775fa00\",\"subnet-08af497c9d775fa00\"]},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-06635215f51bfd343\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-08af497c9d775fa00\",\"subnet-08af497c9d775fa00\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fb8525d06f28be51\",\"subnet-0fb8525d06f28be51\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fb8525d06f28be51\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"CidrBlock\":\"10.0.1.0/24\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":false,\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":251,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"AssignIpv6AddressOnCreation\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fb8525d06f28be51\",\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-0fb8525d06f28be51\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/test-env-ci-tf\",\"Value\":\"shared\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/internal-elb\"},{\"Value\":\"test-env-ci-tf-vpc-private-eu-west-1a\",\"Key\":\"Name\"}],\"AvailabilityZone\":\"eu-west-1a\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fb8525d06f28be51\",\"subnet-0fb8525d06f28be51\"],\"name\":\"subnet-0fb8525d06f28be51\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0146aa28d861caaec\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZone\":\"eu-west-1a\",\"CidrBlock\":\"10.0.1.0/24\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-pEN-vpc-private-eu-west-1a\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/internal-elb\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-pEN\",\"Value\":\"shared\"}],\"VpcId\":\"vpc-04ece708af6c9b689\",\"AssignIpv6AddressOnCreation\":false,\"DefaultForAz\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-0146aa28d861caaec\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AvailabilityZoneId\":\"euw1-az1\",\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0146aa28d861caaec\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0146aa28d861caaec\",\"subnet-0146aa28d861caaec\"],\"name\":\"subnet-0146aa28d861caaec\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-04ece708af6c9b689\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0146aa28d861caaec\",\"subnet-0146aa28d861caaec\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02551800069422c82\",\"subnet-02551800069422c82\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02551800069422c82\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"euw1-az3\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02551800069422c82\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"SubnetId\":\"subnet-02551800069422c82\",\"OutpostArn\":null,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-Gfp-vpc-public-eu-west-1c\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/elb\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-Gfp\",\"Value\":\"shared\"}],\"VpcId\":\"vpc-0de5d19ac894b58c9\",\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"eu-west-1c\",\"CidrBlock\":\"10.0.6.0/24\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-02551800069422c82\",\"subnet-02551800069422c82\"],\"name\":\"subnet-02551800069422c82\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0de5d19ac894b58c9\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0cf8bf662fe6a15d3\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"name\":\"subnet-0cf8bf662fe6a15d3\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"dg-cis-vpc-private-eu-west-1a\"},{\"Key\":\"kubernetes.io/cluster/dg-cis\",\"Value\":\"shared\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/internal-elb\"}],\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.1.0/24\",\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"VpcId\":\"vpc-06b023d1fc8665055\",\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0cf8bf662fe6a15d3\",\"SubnetId\":\"subnet-0cf8bf662fe6a15d3\",\"AvailabilityZone\":\"eu-west-1a\",\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":251,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0cf8bf662fe6a15d3\",\"subnet-0cf8bf662fe6a15d3\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-06b023d1fc8665055\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0cf8bf662fe6a15d3\",\"subnet-0cf8bf662fe6a15d3\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fd184fdb6f6d6625\",\"subnet-0fd184fdb6f6d6625\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fd184fdb6f6d6625\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"Ipv6CidrBlockAssociationSet\":[],\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fd184fdb6f6d6625\",\"SubnetId\":\"subnet-0fd184fdb6f6d6625\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"AvailabilityZoneId\":\"euw1-az3\",\"CidrBlock\":\"10.0.6.0/24\",\"EnableDns64\":false,\"Ipv6Native\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-096d5aaf84103883c\",\"AvailabilityZone\":\"eu-west-1c\",\"CustomerOwnedIpv4Pool\":null,\"MapPublicIpOnLaunch\":true,\"Tags\":[{\"Key\":\"kubernetes.io/cluster/long-running-project\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"long-running-project-vpc-public-eu-west-1c\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0fd184fdb6f6d6625\",\"subnet-0fd184fdb6f6d6625\"],\"name\":\"subnet-0fd184fdb6f6d6625\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-096d5aaf84103883c\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-00103fb710b9960ab\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d13fe1170a652ad1\",\"subnet-0d13fe1170a652ad1\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d13fe1170a652ad1\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZone\":\"eu-west-1a\",\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"benchmark-rules-vpc-public-eu-west-1a\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/benchmark-rules\"}],\"AvailableIpAddressCount\":250,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d13fe1170a652ad1\",\"SubnetId\":\"subnet-0d13fe1170a652ad1\",\"VpcId\":\"vpc-00103fb710b9960ab\",\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.4.0/24\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6Native\":false,\"AvailabilityZoneId\":\"euw1-az1\",\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false}}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0d13fe1170a652ad1\",\"subnet-0d13fe1170a652ad1\"],\"name\":\"subnet-0d13fe1170a652ad1\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"euw1-az3\",\"OutpostArn\":null,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-02190da3c759732a9\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.6.0/24\",\"DefaultForAz\":false,\"SubnetId\":\"subnet-0a341ccb080e9e498\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-public-eu-west-1c\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"}],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a341ccb080e9e498\",\"AvailabilityZone\":\"eu-west-1c\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a341ccb080e9e498\",\"subnet-0a341ccb080e9e498\"],\"name\":\"subnet-0a341ccb080e9e498\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"network\":{\"vpc_ids\":[\"vpc-02190da3c759732a9\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a341ccb080e9e498\",\"subnet-0a341ccb080e9e498\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0a341ccb080e9e498\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00212758e91e53e60\",\"subnet-00212758e91e53e60\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00212758e91e53e60\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"name\":\"subnet-00212758e91e53e60\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"eu-west-1a\",\"CidrBlock\":\"10.0.1.0/24\",\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00212758e91e53e60\",\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"State\":\"available\",\"AvailabilityZoneId\":\"euw1-az1\",\"AvailableIpAddressCount\":251,\"MapPublicIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-00212758e91e53e60\",\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-WWZ\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-WWZ-vpc-private-eu-west-1a\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/internal-elb\"}]}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-00212758e91e53e60\",\"subnet-00212758e91e53e60\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"network\":{\"vpc_ids\":[\"vpc-0d0d507f15a7baefb\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04b09e2d9de9285ad\",\"subnet-04b09e2d9de9285ad\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04b09e2d9de9285ad\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"AvailabilityZoneId\":\"euw1-az3\",\"CustomerOwnedIpv4Pool\":null,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"AvailableIpAddressCount\":251,\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Tags\":[{\"Value\":\"test-env-ci-tf-vpc-public-eu-west-1c\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/test-env-ci-tf\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}],\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.6.0/24\",\"EnableDns64\":false,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04b09e2d9de9285ad\",\"AvailabilityZone\":\"eu-west-1c\",\"SubnetId\":\"subnet-04b09e2d9de9285ad\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-04b09e2d9de9285ad\",\"subnet-04b09e2d9de9285ad\"],\"name\":\"subnet-04b09e2d9de9285ad\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"name\":\"subnet-0496f9fc35ccabcdd\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"EnableDns64\":false,\"OutpostArn\":null,\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-WWZ\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-WWZ-vpc-private-eu-west-1c\"}],\"AvailabilityZone\":\"eu-west-1c\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.3.0/24\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"SubnetArn\":\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0496f9fc35ccabcdd\",\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"AvailabilityZoneId\":\"euw1-az3\",\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":false,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetId\":\"subnet-0496f9fc35ccabcdd\",\"AssignIpv6AddressOnCreation\":false}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0496f9fc35ccabcdd\",\"subnet-0496f9fc35ccabcdd\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0e838e42ce3e6d30c\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0496f9fc35ccabcdd\",\"subnet-0496f9fc35ccabcdd\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:subnet/subnet-0496f9fc35ccabcdd\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-03fc8d807f516fff8\",\"subnet-03fc8d807f516fff8\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-03fc8d807f516fff8\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"State\":\"available\",\"AvailabilityZoneId\":\"aps1-az3\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"ap-south-1b\",\"AvailableIpAddressCount\":251,\"Ipv6Native\":false,\"VpcId\":\"vpc-0400c449f7d20cd09\",\"CidrBlock\":\"10.0.5.0/24\",\"CustomerOwnedIpv4Pool\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-03fc8d807f516fff8\",\"SubnetId\":\"subnet-03fc8d807f516fff8\",\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Value\":\"cloudbeat-tf-T5Z-vpc-public-ap-south-1b\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"}]}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-03fc8d807f516fff8\",\"subnet-03fc8d807f516fff8\"],\"name\":\"subnet-03fc8d807f516fff8\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0bf2fcb3d5feece8f\",\"subnet-0bf2fcb3d5feece8f\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0bf2fcb3d5feece8f\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0bf2fcb3d5feece8f\",\"subnet-0bf2fcb3d5feece8f\"],\"name\":\"subnet-0bf2fcb3d5feece8f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"aps1-az3\",\"CidrBlock\":\"10.0.5.0/24\",\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-0bf2fcb3d5feece8f\",\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0bf2fcb3d5feece8f\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Value\":\"cloudbeat-tf-T5Z-vpc-public-ap-south-1b\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"}],\"Ipv6Native\":false,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"ap-south-1b\",\"AvailableIpAddressCount\":251,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"State\":\"available\",\"VpcId\":\"vpc-0d34957e50abb854b\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-47893e3c\",\"subnet-47893e3c\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-47893e3c\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-47893e3c\",\"subnet-47893e3c\"],\"name\":\"subnet-47893e3c\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Tags\":null,\"DefaultForAz\":true,\"EnableDns64\":false,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"CidrBlock\":\"172.31.16.0/20\",\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"ap-south-1c\",\"AvailabilityZoneId\":\"aps1-az2\",\"AvailableIpAddressCount\":4091,\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-47893e3c\",\"SubnetId\":\"subnet-47893e3c\",\"VpcId\":\"vpc-eb7e6883\"}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-eb7e6883\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0b3d166bfb1d91f45\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"10.0.2.0/24\",\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0b3d166bfb1d91f45\",\"SubnetId\":\"subnet-0b3d166bfb1d91f45\",\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Value\":\"cloudbeat-tf-T5Z-vpc-private-ap-south-1b\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"}],\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"VpcId\":\"vpc-0d34957e50abb854b\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"MapPublicIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"ap-south-1b\",\"AvailabilityZoneId\":\"aps1-az3\",\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"}}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0b3d166bfb1d91f45\",\"subnet-0b3d166bfb1d91f45\"],\"name\":\"subnet-0b3d166bfb1d91f45\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\"},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0b3d166bfb1d91f45\",\"subnet-0b3d166bfb1d91f45\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0647f2dc7ebb81e17\",\"subnet-0647f2dc7ebb81e17\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0647f2dc7ebb81e17\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0647f2dc7ebb81e17\",\"subnet-0647f2dc7ebb81e17\"],\"name\":\"subnet-0647f2dc7ebb81e17\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"SubnetId\":\"subnet-0647f2dc7ebb81e17\",\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"},{\"Value\":\"cloudbeat-tf-T5Z-vpc-private-ap-south-1c\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}],\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"aps1-az2\",\"CidrBlock\":\"10.0.3.0/24\",\"MapPublicIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0647f2dc7ebb81e17\",\"VpcId\":\"vpc-0d34957e50abb854b\",\"AvailableIpAddressCount\":251,\"DefaultForAz\":false,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AvailabilityZone\":\"ap-south-1c\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[]}}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-018cce758d7e85742\",\"subnet-018cce758d7e85742\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-018cce758d7e85742\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"Tags\":[{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-public-ap-south-1c\"}],\"AvailabilityZone\":\"ap-south-1c\",\"AvailabilityZoneId\":\"aps1-az2\",\"DefaultForAz\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true,\"VpcId\":\"vpc-0400c449f7d20cd09\",\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-018cce758d7e85742\",\"SubnetId\":\"subnet-018cce758d7e85742\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.6.0/24\",\"EnableDns64\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\"}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-018cce758d7e85742\",\"subnet-018cce758d7e85742\"],\"name\":\"subnet-018cce758d7e85742\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\"},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-014bc35788d91ba5e\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZone\":\"ap-south-1a\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":250,\"OutpostArn\":null,\"VpcId\":\"vpc-0d34957e50abb854b\",\"AvailabilityZoneId\":\"aps1-az1\",\"MapPublicIpOnLaunch\":true,\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-014bc35788d91ba5e\",\"CidrBlock\":\"10.0.4.0/24\",\"DefaultForAz\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"SubnetId\":\"subnet-014bc35788d91ba5e\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-public-ap-south-1a\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"}]}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-014bc35788d91ba5e\",\"subnet-014bc35788d91ba5e\"],\"name\":\"subnet-014bc35788d91ba5e\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-014bc35788d91ba5e\",\"subnet-014bc35788d91ba5e\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":false,\"CidrBlock\":\"10.0.1.0/24\",\"AvailabilityZone\":\"ap-south-1a\",\"AvailabilityZoneId\":\"aps1-az1\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-private-ap-south-1a\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"}],\"AssignIpv6AddressOnCreation\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"SubnetId\":\"subnet-0b48289a395640def\",\"VpcId\":\"vpc-0d34957e50abb854b\",\"AvailableIpAddressCount\":251,\"EnableLniAtDeviceIndex\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0b48289a395640def\",\"EnableDns64\":false}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0b48289a395640def\",\"subnet-0b48289a395640def\"],\"name\":\"subnet-0b48289a395640def\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0b48289a395640def\",\"subnet-0b48289a395640def\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0b48289a395640def\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0c01ece534ccb5532\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"VpcId\":\"vpc-0d34957e50abb854b\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"ap-south-1c\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"State\":\"available\",\"AvailableIpAddressCount\":251,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-0c01ece534ccb5532\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-public-ap-south-1c\"}],\"AvailabilityZoneId\":\"aps1-az2\",\"CidrBlock\":\"10.0.6.0/24\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0c01ece534ccb5532\"}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0c01ece534ccb5532\",\"subnet-0c01ece534ccb5532\"],\"name\":\"subnet-0c01ece534ccb5532\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0d34957e50abb854b\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0c01ece534ccb5532\",\"subnet-0c01ece534ccb5532\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0477cccc31d37da62\",\"subnet-0477cccc31d37da62\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0477cccc31d37da62\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"CidrBlock\":\"10.0.4.0/24\",\"Ipv6Native\":false,\"OutpostArn\":null,\"State\":\"available\",\"Tags\":[{\"Key\":\"kubernetes.io/role/elb\",\"Value\":\"1\"},{\"Value\":\"shared\",\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-public-ap-south-1a\"}],\"VpcId\":\"vpc-0400c449f7d20cd09\",\"AvailableIpAddressCount\":250,\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0477cccc31d37da62\",\"AvailabilityZone\":\"ap-south-1a\",\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"AvailabilityZoneId\":\"aps1-az1\",\"SubnetId\":\"subnet-0477cccc31d37da62\"}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0477cccc31d37da62\",\"subnet-0477cccc31d37da62\"],\"name\":\"subnet-0477cccc31d37da62\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-047a5fd445e2c0f08\",\"subnet-047a5fd445e2c0f08\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-047a5fd445e2c0f08\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.1.0/24\",\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"SubnetId\":\"subnet-047a5fd445e2c0f08\",\"Tags\":[{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"},{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-private-ap-south-1a\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"}],\"VpcId\":\"vpc-0400c449f7d20cd09\",\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"MapPublicIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-047a5fd445e2c0f08\",\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"ap-south-1a\",\"AvailabilityZoneId\":\"aps1-az1\",\"DefaultForAz\":false,\"EnableDns64\":false}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-047a5fd445e2c0f08\",\"subnet-047a5fd445e2c0f08\"],\"name\":\"subnet-047a5fd445e2c0f08\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc-private-ap-south-1c\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"},{\"Value\":\"1\",\"Key\":\"kubernetes.io/role/internal-elb\"}],\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0c381cc237aef92ff\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"CustomerOwnedIpv4Pool\":null,\"OutpostArn\":null,\"State\":\"available\",\"SubnetId\":\"subnet-0c381cc237aef92ff\",\"VpcId\":\"vpc-0400c449f7d20cd09\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.3.0/24\",\"AvailabilityZoneId\":\"aps1-az2\",\"MapPublicIpOnLaunch\":false,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"ap-south-1c\"}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0c381cc237aef92ff\",\"subnet-0c381cc237aef92ff\"],\"name\":\"subnet-0c381cc237aef92ff\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0c381cc237aef92ff\",\"subnet-0c381cc237aef92ff\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-0c381cc237aef92ff\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-06e637400bc669e4b\",\"subnet-06e637400bc669e4b\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-06e637400bc669e4b\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"EnableLniAtDeviceIndex\":null,\"OwnerId\":\"704479110758\",\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-06e637400bc669e4b\",\"AvailabilityZoneId\":\"aps1-az3\",\"CidrBlock\":\"10.0.2.0/24\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"Ipv6Native\":false,\"OutpostArn\":null,\"State\":\"available\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":251,\"MapPublicIpOnLaunch\":false,\"SubnetId\":\"subnet-06e637400bc669e4b\",\"Tags\":[{\"Value\":\"cloudbeat-tf-T5Z-vpc-private-ap-south-1b\",\"Key\":\"Name\"},{\"Key\":\"kubernetes.io/cluster/cloudbeat-tf-T5Z\",\"Value\":\"shared\"},{\"Key\":\"kubernetes.io/role/internal-elb\",\"Value\":\"1\"}],\"VpcId\":\"vpc-0400c449f7d20cd09\",\"AvailabilityZone\":\"ap-south-1b\",\"MapCustomerOwnedIpOnLaunch\":false}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-06e637400bc669e4b\",\"subnet-06e637400bc669e4b\"],\"name\":\"subnet-06e637400bc669e4b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"region\":\"ap-south-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"network\":{\"vpc_ids\":[\"vpc-0400c449f7d20cd09\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-eb7e6883\"]},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-5194f91d\",\"subnet-5194f91d\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-5194f91d\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-5194f91d\",\"subnet-5194f91d\"],\"name\":\"subnet-5194f91d\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true,\"VpcId\":\"vpc-eb7e6883\",\"AvailabilityZone\":\"ap-south-1b\",\"DefaultForAz\":true,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"AvailabilityZoneId\":\"aps1-az3\",\"CidrBlock\":\"172.31.0.0/20\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetId\":\"subnet-5194f91d\",\"Tags\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":4091,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-5194f91d\"}}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-a8734cc0\",\"subnet-a8734cc0\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-a8734cc0\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"SubnetId\":\"subnet-a8734cc0\",\"AvailableIpAddressCount\":4091,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-a8734cc0\",\"State\":\"available\",\"Tags\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"ap-south-1a\",\"AvailabilityZoneId\":\"aps1-az1\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"VpcId\":\"vpc-eb7e6883\",\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"CidrBlock\":\"172.31.32.0/20\",\"DefaultForAz\":true,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false}},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:subnet/subnet-a8734cc0\",\"subnet-a8734cc0\"],\"name\":\"subnet-a8734cc0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-eb7e6883\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:subnet/subnet-66dd0500\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZone\":\"us-west-1c\",\"CidrBlock\":\"172.31.16.0/20\",\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"SubnetId\":\"subnet-66dd0500\",\"Tags\":null,\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:us-west-1:704479110758:subnet/subnet-66dd0500\",\"VpcId\":\"vpc-f6816890\",\"AvailabilityZoneId\":\"usw1-az1\",\"AvailableIpAddressCount\":4091,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"State\":\"available\"}},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:subnet/subnet-66dd0500\",\"subnet-66dd0500\"],\"name\":\"subnet-66dd0500\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:subnet/subnet-66dd0500\",\"subnet-66dd0500\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:subnet/subnet-bead59e4\",\"subnet-bead59e4\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:subnet/subnet-bead59e4\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":true,\"EnableDns64\":false,\"OutpostArn\":null,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:us-west-1:704479110758:subnet/subnet-bead59e4\",\"AvailabilityZone\":\"us-west-1b\",\"AvailabilityZoneId\":\"usw1-az3\",\"CustomerOwnedIpv4Pool\":null,\"SubnetId\":\"subnet-bead59e4\",\"EnableLniAtDeviceIndex\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-f6816890\",\"Tags\":null,\"CidrBlock\":\"172.31.0.0/20\",\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":4091,\"Ipv6CidrBlockAssociationSet\":[]}},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:subnet/subnet-bead59e4\",\"subnet-bead59e4\"],\"name\":\"subnet-bead59e4\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-f6816890\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-b9b1a6f2\",\"subnet-b9b1a6f2\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-b9b1a6f2\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"AvailabilityZone\":\"us-west-2a\",\"DefaultForAz\":true,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetArn\":\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-b9b1a6f2\",\"VpcId\":\"vpc-36a1394e\",\"AvailableIpAddressCount\":4091,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true,\"Tags\":null,\"AssignIpv6AddressOnCreation\":false,\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"State\":\"available\",\"SubnetId\":\"subnet-b9b1a6f2\",\"AvailabilityZoneId\":\"usw2-az2\",\"CidrBlock\":\"172.31.48.0/20\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6Native\":false,\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-b9b1a6f2\",\"subnet-b9b1a6f2\"],\"name\":\"subnet-b9b1a6f2\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-0651124b0263e6018\",\"subnet-0651124b0263e6018\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-0651124b0263e6018\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"name\":\"subnet-0651124b0263e6018\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"OwnerId\":\"704479110758\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"usw2-az2\",\"AvailableIpAddressCount\":251,\"CidrBlock\":\"10.0.2.0/24\",\"MapPublicIpOnLaunch\":false,\"OutpostArn\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"aws-reinvent-2024-pwncloud-private-subnet-f934c03f\"}],\"MapCustomerOwnedIpOnLaunch\":false,\"VpcId\":\"vpc-0180a1dc90512f144\",\"SubnetArn\":\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-0651124b0263e6018\",\"SubnetId\":\"subnet-0651124b0263e6018\",\"AvailabilityZone\":\"us-west-2a\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false}}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-0651124b0263e6018\",\"subnet-0651124b0263e6018\"]},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-0180a1dc90512f144\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"name\":\"subnet-5283762a\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"172.31.16.0/20\",\"DefaultForAz\":true,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-5283762a\",\"Ipv6CidrBlockAssociationSet\":[],\"Tags\":null,\"AvailabilityZone\":\"us-west-2b\",\"AvailabilityZoneId\":\"usw2-az1\",\"AvailableIpAddressCount\":4062,\"EnableDns64\":false,\"SubnetId\":\"subnet-5283762a\",\"VpcId\":\"vpc-36a1394e\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-5283762a\",\"subnet-5283762a\"]},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-5283762a\",\"subnet-5283762a\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-5283762a\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-10e39f3b\",\"subnet-10e39f3b\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-10e39f3b\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"AvailabilityZone\":\"us-west-2d\",\"AvailabilityZoneId\":\"usw2-az4\",\"CidrBlock\":\"172.31.32.0/20\",\"EnableDns64\":false,\"CustomerOwnedIpv4Pool\":null,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"VpcId\":\"vpc-36a1394e\",\"SubnetId\":\"subnet-10e39f3b\",\"Tags\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"SubnetArn\":\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-10e39f3b\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":4087,\"DefaultForAz\":true}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-10e39f3b\",\"subnet-10e39f3b\"],\"name\":\"subnet-10e39f3b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"cloud\":{\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-0e40d676cc223ac12\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"aws-reinvent-2024-pwncloud-public-subnet-f934c03f\"}],\"SubnetArn\":\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-0e40d676cc223ac12\",\"AvailabilityZone\":\"us-west-2a\",\"AvailabilityZoneId\":\"usw2-az2\",\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":false,\"EnableLniAtDeviceIndex\":null,\"SubnetId\":\"subnet-0e40d676cc223ac12\",\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":250,\"CidrBlock\":\"10.0.1.0/24\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-0180a1dc90512f144\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-0e40d676cc223ac12\",\"subnet-0e40d676cc223ac12\"],\"name\":\"subnet-0e40d676cc223ac12\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-0180a1dc90512f144\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-0e40d676cc223ac12\",\"subnet-0e40d676cc223ac12\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-36a1394e\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-dc1cd881\",\"subnet-dc1cd881\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-dc1cd881\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"tags\":null,\"raw\":{\"subnet\":{\"OwnerId\":\"704479110758\",\"Tags\":null,\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-dc1cd881\",\"OutpostArn\":null,\"AvailableIpAddressCount\":4086,\"CidrBlock\":\"172.31.0.0/20\",\"DefaultForAz\":true,\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"us-west-2c\",\"AvailabilityZoneId\":\"usw2-az3\",\"SubnetId\":\"subnet-dc1cd881\",\"VpcId\":\"vpc-36a1394e\",\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"State\":\"available\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:subnet/subnet-dc1cd881\",\"subnet-dc1cd881\"],\"name\":\"subnet-dc1cd881\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-2caf1375\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AssignIpv6AddressOnCreation\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"DefaultForAz\":true,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-2caf1375\",\"VpcId\":\"vpc-e4a9b483\",\"AvailabilityZone\":\"ap-southeast-1c\",\"AvailabilityZoneId\":\"apse1-az3\",\"CustomerOwnedIpv4Pool\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"AvailableIpAddressCount\":4091,\"CidrBlock\":\"172.31.0.0/20\",\"EnableDns64\":false,\"State\":\"available\",\"SubnetId\":\"subnet-2caf1375\",\"Tags\":null}},\"id\":[\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-2caf1375\",\"subnet-2caf1375\"],\"name\":\"subnet-2caf1375\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-southeast-1\"},\"network\":{\"vpc_ids\":[\"vpc-e4a9b483\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-2caf1375\",\"subnet-2caf1375\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-71f03117\",\"subnet-71f03117\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-71f03117\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"apse1-az1\",\"OwnerId\":\"704479110758\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"ap-southeast-1b\",\"EnableDns64\":false,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-e4a9b483\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-71f03117\",\"AvailableIpAddressCount\":4091,\"EnableLniAtDeviceIndex\":null,\"SubnetId\":\"subnet-71f03117\",\"Tags\":null,\"CidrBlock\":\"172.31.16.0/20\",\"State\":\"available\"}},\"id\":[\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-71f03117\",\"subnet-71f03117\"],\"name\":\"subnet-71f03117\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-e4a9b483\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-b89e6ff0\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"id\":[\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-b89e6ff0\",\"subnet-b89e6ff0\"],\"name\":\"subnet-b89e6ff0\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"MapPublicIpOnLaunch\":true,\"SubnetId\":\"subnet-b89e6ff0\",\"Tags\":null,\"VpcId\":\"vpc-e4a9b483\",\"AvailableIpAddressCount\":4091,\"DefaultForAz\":true,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"EnableDns64\":false,\"Ipv6Native\":false,\"EnableLniAtDeviceIndex\":null,\"State\":\"available\",\"AvailabilityZone\":\"ap-southeast-1a\",\"CustomerOwnedIpv4Pool\":null,\"CidrBlock\":\"172.31.32.0/20\",\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"SubnetArn\":\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-b89e6ff0\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"apse1-az2\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-e4a9b483\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-1:704479110758:subnet/subnet-b89e6ff0\",\"subnet-b89e6ff0\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-01758f68\",\"subnet-01758f68\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-01758f68\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":4091,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-01758f68\",\"SubnetId\":\"subnet-01758f68\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"ap-northeast-3b\",\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"VpcId\":\"vpc-04076d6d\",\"AvailabilityZoneId\":\"apne3-az1\",\"CidrBlock\":\"172.31.16.0/20\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"DefaultForAz\":true,\"EnableLniAtDeviceIndex\":null,\"State\":\"available\",\"Tags\":null}},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-01758f68\",\"subnet-01758f68\"],\"name\":\"subnet-01758f68\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-70fa1e0b\",\"subnet-70fa1e0b\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-70fa1e0b\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":4091,\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"OutpostArn\":null,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false},\"Tags\":null,\"MapCustomerOwnedIpOnLaunch\":null,\"SubnetArn\":\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-70fa1e0b\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"apne3-az2\",\"CidrBlock\":\"172.31.0.0/20\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"SubnetId\":\"subnet-70fa1e0b\",\"AvailabilityZone\":\"ap-northeast-3c\",\"EnableDns64\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"VpcId\":\"vpc-04076d6d\"}},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-70fa1e0b\",\"subnet-70fa1e0b\"],\"name\":\"subnet-70fa1e0b\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-3135917c\",\"subnet-3135917c\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-3135917c\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-3135917c\",\"AvailabilityZoneId\":\"apne3-az3\",\"AvailableIpAddressCount\":4090,\"Ipv6Native\":false,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\",\"EnableResourceNameDnsAAAARecord\":false},\"DefaultForAz\":true,\"EnableLniAtDeviceIndex\":null,\"VpcId\":\"vpc-04076d6d\",\"AssignIpv6AddressOnCreation\":false,\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"Tags\":null,\"AvailabilityZone\":\"ap-northeast-3a\",\"CidrBlock\":\"172.31.32.0/20\",\"MapCustomerOwnedIpOnLaunch\":null,\"MapPublicIpOnLaunch\":true,\"SubnetId\":\"subnet-3135917c\"}},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:subnet/subnet-3135917c\",\"subnet-3135917c\"],\"name\":\"subnet-3135917c\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-04076d6d\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"sa-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-f7181690\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-aed66dc8\",\"subnet-aed66dc8\"],\"entity.metadata\":{\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-aed66dc8\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailabilityZoneId\":\"sae1-az1\",\"MapCustomerOwnedIpOnLaunch\":false,\"Tags\":null,\"AvailableIpAddressCount\":4091,\"CidrBlock\":\"172.31.0.0/20\",\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"SubnetArn\":\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-aed66dc8\",\"SubnetId\":\"subnet-aed66dc8\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"sa-east-1a\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"State\":\"available\",\"VpcId\":\"vpc-f7181690\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"Ipv6CidrBlockAssociationSet\":[],\"OutpostArn\":null,\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-aed66dc8\",\"subnet-aed66dc8\"],\"name\":\"subnet-aed66dc8\",\"category\":\"infrastructure\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-20ac1569\":{\"type\":\"subnet\",\"category\":\"infrastructure\"}},\"asset\":{\"id\":[\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-20ac1569\",\"subnet-20ac1569\"],\"name\":\"subnet-20ac1569\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"VpcId\":\"vpc-f7181690\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"sa-east-1b\",\"AvailableIpAddressCount\":4091,\"CustomerOwnedIpv4Pool\":null,\"MapPublicIpOnLaunch\":true,\"State\":\"available\",\"CidrBlock\":\"172.31.16.0/20\",\"DefaultForAz\":true,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"SubnetArn\":\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-20ac1569\",\"SubnetId\":\"subnet-20ac1569\",\"Tags\":null,\"AvailabilityZoneId\":\"sae1-az2\",\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"}}}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"sa-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"network\":{\"vpc_ids\":[\"vpc-f7181690\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-20ac1569\",\"subnet-20ac1569\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"network\":{\"vpc_ids\":[\"vpc-f7181690\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-c16cea9a\",\"subnet-c16cea9a\"],\"entity.metadata\":{\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-c16cea9a\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-c16cea9a\",\"subnet-c16cea9a\"],\"name\":\"subnet-c16cea9a\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":4091,\"MapCustomerOwnedIpOnLaunch\":false,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:sa-east-1:704479110758:subnet/subnet-c16cea9a\",\"CidrBlock\":\"172.31.32.0/20\",\"CustomerOwnedIpv4Pool\":null,\"SubnetId\":\"subnet-c16cea9a\",\"VpcId\":\"vpc-f7181690\",\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"sa-east-1c\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"Tags\":null,\"AvailabilityZoneId\":\"sae1-az3\",\"DefaultForAz\":true,\"EnableDns64\":false,\"OutpostArn\":null}}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"sa-east-1\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-51c00a3a\",\"subnet-51c00a3a\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-51c00a3a\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"raw\":{\"subnet\":{\"EnableLniAtDeviceIndex\":null,\"CidrBlock\":\"172.31.0.0/20\",\"AvailableIpAddressCount\":4091,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetId\":\"subnet-51c00a3a\",\"Tags\":null,\"VpcId\":\"vpc-3e76af55\",\"AssignIpv6AddressOnCreation\":false,\"Ipv6CidrBlockAssociationSet\":[],\"MapPublicIpOnLaunch\":true,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"AvailabilityZoneId\":\"apne2-az1\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"Ipv6Native\":false,\"OutpostArn\":null,\"SubnetArn\":\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-51c00a3a\",\"AvailabilityZone\":\"ap-northeast-2a\"}},\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-51c00a3a\",\"subnet-51c00a3a\"],\"name\":\"subnet-51c00a3a\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-3e76af55\"]},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-a6880fdd\",\"subnet-a6880fdd\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-a6880fdd\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":4091,\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"AvailabilityZone\":\"ap-northeast-2b\",\"AvailabilityZoneId\":\"apne2-az2\",\"VpcId\":\"vpc-3e76af55\",\"AssignIpv6AddressOnCreation\":false,\"SubnetId\":\"subnet-a6880fdd\",\"Ipv6Native\":false,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-a6880fdd\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"Tags\":null,\"CidrBlock\":\"172.31.16.0/20\",\"DefaultForAz\":true}},\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-a6880fdd\",\"subnet-a6880fdd\"],\"name\":\"subnet-a6880fdd\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-3e76af55\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"network\":{\"vpc_ids\":[\"vpc-3e76af55\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-d06f4f8c\",\"subnet-d06f4f8c\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-d06f4f8c\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AvailableIpAddressCount\":4091,\"MapPublicIpOnLaunch\":true,\"SubnetId\":\"subnet-d06f4f8c\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"ap-northeast-2d\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"SubnetArn\":\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-d06f4f8c\",\"VpcId\":\"vpc-3e76af55\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Ipv6Native\":false,\"OutpostArn\":null,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":null,\"AvailabilityZoneId\":\"apne2-az4\",\"CidrBlock\":\"172.31.48.0/20\"}},\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-d06f4f8c\",\"subnet-d06f4f8c\"],\"name\":\"subnet-d06f4f8c\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-3e76af55\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-d3417f9f\",\"subnet-d3417f9f\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-d3417f9f\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-d3417f9f\",\"subnet-d3417f9f\"],\"name\":\"subnet-d3417f9f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"SubnetArn\":\"arn:aws:ec2:ap-northeast-2:704479110758:subnet/subnet-d3417f9f\",\"AvailabilityZoneId\":\"apne2-az3\",\"EnableLniAtDeviceIndex\":null,\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-3e76af55\",\"AvailabilityZone\":\"ap-northeast-2c\",\"DefaultForAz\":true,\"EnableDns64\":false,\"Ipv6Native\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailableIpAddressCount\":4091,\"CustomerOwnedIpv4Pool\":null,\"OutpostArn\":null,\"CidrBlock\":\"172.31.32.0/20\",\"MapPublicIpOnLaunch\":true,\"State\":\"available\",\"SubnetId\":\"subnet-d3417f9f\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-7f8e5c54\",\"subnet-7f8e5c54\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-7f8e5c54\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-7f8e5c54\",\"subnet-7f8e5c54\"],\"name\":\"subnet-7f8e5c54\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"DefaultForAz\":true,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-7f8e5c54\",\"AvailabilityZoneId\":\"apne1-az2\",\"CidrBlock\":\"172.31.16.0/20\",\"MapCustomerOwnedIpOnLaunch\":false,\"SubnetId\":\"subnet-7f8e5c54\",\"AssignIpv6AddressOnCreation\":false,\"Ipv6Native\":false,\"EnableLniAtDeviceIndex\":null,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"State\":\"available\",\"AvailabilityZone\":\"ap-northeast-1d\",\"CustomerOwnedIpv4Pool\":null,\"Ipv6CidrBlockAssociationSet\":[],\"Tags\":null,\"VpcId\":\"vpc-75343a12\",\"AvailableIpAddressCount\":4091,\"EnableDns64\":false}}},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-75343a12\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-459f540d\",\"subnet-459f540d\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-459f540d\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"172.31.32.0/20\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"EnableLniAtDeviceIndex\":null,\"OwnerId\":\"704479110758\",\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":null,\"VpcId\":\"vpc-75343a12\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"apne1-az4\",\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"MapPublicIpOnLaunch\":true,\"State\":\"available\",\"AvailabilityZone\":\"ap-northeast-1a\",\"Ipv6CidrBlockAssociationSet\":[],\"SubnetArn\":\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-459f540d\",\"SubnetId\":\"subnet-459f540d\",\"AvailableIpAddressCount\":4091,\"EnableDns64\":false,\"OutpostArn\":null}},\"id\":[\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-459f540d\",\"subnet-459f540d\"],\"name\":\"subnet-459f540d\",\"category\":\"infrastructure\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"network\":{\"vpc_ids\":[\"vpc-75343a12\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"network\":{\"vpc_ids\":[\"vpc-75343a12\"]},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-7f5d5824\",\"subnet-7f5d5824\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-7f5d5824\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZone\":\"ap-northeast-1c\",\"EnableDns64\":false,\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"OutpostArn\":null,\"OwnerId\":\"704479110758\",\"AvailableIpAddressCount\":4091,\"MapPublicIpOnLaunch\":true,\"SubnetArn\":\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-7f5d5824\",\"SubnetId\":\"subnet-7f5d5824\",\"VpcId\":\"vpc-75343a12\",\"State\":\"available\",\"Tags\":null,\"AvailabilityZoneId\":\"apne1-az1\",\"CidrBlock\":\"172.31.0.0/20\",\"CustomerOwnedIpv4Pool\":null,\"DefaultForAz\":true,\"Ipv6CidrBlockAssociationSet\":[],\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"}}},\"id\":[\"arn:aws:ec2:ap-northeast-1:704479110758:subnet/subnet-7f5d5824\",\"subnet-7f5d5824\"],\"name\":\"subnet-7f5d5824\",\"category\":\"infrastructure\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-0926c341\",\"subnet-0926c341\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-0926c341\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"raw\":{\"subnet\":{\"DefaultForAz\":true,\"EnableDns64\":false,\"MapCustomerOwnedIpOnLaunch\":false,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"OwnerId\":\"704479110758\",\"SubnetArn\":\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-0926c341\",\"SubnetId\":\"subnet-0926c341\",\"CidrBlock\":\"172.31.32.0/20\",\"Ipv6CidrBlockAssociationSet\":[],\"Ipv6Native\":false,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"Tags\":null,\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"apse2-az3\",\"CustomerOwnedIpv4Pool\":null,\"State\":\"available\",\"VpcId\":\"vpc-bbfefedc\",\"AvailabilityZone\":\"ap-southeast-2b\",\"AvailableIpAddressCount\":4091,\"EnableLniAtDeviceIndex\":null}},\"id\":[\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-0926c341\",\"subnet-0926c341\"],\"name\":\"subnet-0926c341\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-southeast-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"network\":{\"vpc_ids\":[\"vpc-bbfefedc\"]},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-southeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"network\":{\"vpc_ids\":[\"vpc-bbfefedc\"]},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-0b648c6d\",\"subnet-0b648c6d\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-0b648c6d\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"State\":\"available\",\"SubnetId\":\"subnet-0b648c6d\",\"AssignIpv6AddressOnCreation\":false,\"AvailabilityZoneId\":\"apse2-az1\",\"AvailableIpAddressCount\":4091,\"MapCustomerOwnedIpOnLaunch\":false,\"OwnerId\":\"704479110758\",\"AvailabilityZone\":\"ap-southeast-2a\",\"CustomerOwnedIpv4Pool\":null,\"EnableDns64\":false,\"Ipv6CidrBlockAssociationSet\":[],\"VpcId\":\"vpc-bbfefedc\",\"DefaultForAz\":true,\"MapPublicIpOnLaunch\":true,\"OutpostArn\":null,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"Tags\":null,\"CidrBlock\":\"172.31.0.0/20\",\"EnableLniAtDeviceIndex\":null,\"Ipv6Native\":false,\"SubnetArn\":\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-0b648c6d\"}},\"id\":[\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-0b648c6d\",\"subnet-0b648c6d\"],\"name\":\"subnet-0b648c6d\",\"category\":\"infrastructure\",\"sub_category\":\"network\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-b09a00e8\",\"subnet-b09a00e8\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-b09a00e8\":{\"category\":\"infrastructure\",\"type\":\"subnet\"}},\"asset\":{\"id\":[\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-b09a00e8\",\"subnet-b09a00e8\"],\"name\":\"subnet-b09a00e8\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"subnet\",\"sub_type\":\"ec2-subnet\",\"tags\":null,\"raw\":{\"subnet\":{\"CidrBlock\":\"172.31.16.0/20\",\"EnableDns64\":false,\"Ipv6Native\":false,\"OwnerId\":\"704479110758\",\"SubnetId\":\"subnet-b09a00e8\",\"AvailabilityZone\":\"ap-southeast-2c\",\"AvailableIpAddressCount\":4091,\"AssignIpv6AddressOnCreation\":false,\"Tags\":null,\"DefaultForAz\":true,\"EnableLniAtDeviceIndex\":null,\"OutpostArn\":null,\"State\":\"available\",\"SubnetArn\":\"arn:aws:ec2:ap-southeast-2:704479110758:subnet/subnet-b09a00e8\",\"AvailabilityZoneId\":\"apse2-az2\",\"CustomerOwnedIpv4Pool\":null,\"MapPublicIpOnLaunch\":true,\"PrivateDnsNameOptionsOnLaunch\":{\"EnableResourceNameDnsAAAARecord\":false,\"EnableResourceNameDnsARecord\":false,\"HostnameType\":\"ip-name\"},\"VpcId\":\"vpc-bbfefedc\",\"Ipv6CidrBlockAssociationSet\":[],\"MapCustomerOwnedIpOnLaunch\":false}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-southeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"network\":{\"vpc_ids\":[\"vpc-bbfefedc\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"InstanceTenancy\":\"default\",\"IsDefault\":true,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":null,\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockAssociationSet\":[{\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-0d9a4266\"}],\"DhcpOptionsId\":\"dopt-27824a4d\",\"Ipv6CidrBlockAssociationSet\":null,\"VpcId\":\"vpc-ed6da487\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-central-1:704479110758:vpc/vpc-ed6da487\",\"vpc-ed6da487\"],\"name\":\"vpc-ed6da487\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-central-1:704479110758:vpc/vpc-ed6da487\",\"vpc-ed6da487\"],\"entity.metadata\":{\"arn:aws:ec2:eu-central-1:704479110758:vpc/vpc-ed6da487\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-north-1:704479110758:vpc/vpc-e6e43c8f\",\"vpc-e6e43c8f\"],\"entity.metadata\":{\"arn:aws:ec2:eu-north-1:704479110758:vpc/vpc-e6e43c8f\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"raw\":{\"flow_logs\":[],\"vpc\":{\"DhcpOptionsId\":\"dopt-047ba36d\",\"InstanceTenancy\":\"default\",\"VpcId\":\"vpc-e6e43c8f\",\"CidrBlockAssociationSet\":[{\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-41b06b28\"}],\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":true,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":null,\"CidrBlock\":\"172.31.0.0/16\"}},\"id\":[\"arn:aws:ec2:eu-north-1:704479110758:vpc/vpc-e6e43c8f\",\"vpc-e6e43c8f\"],\"name\":\"vpc-e6e43c8f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-north-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:vpc/vpc-7d397e15\",\"vpc-7d397e15\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:vpc/vpc-7d397e15\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"raw\":{\"vpc\":{\"DhcpOptionsId\":\"dopt-8f1846e7\",\"OwnerId\":\"704479110758\",\"Tags\":null,\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":true,\"State\":\"available\",\"VpcId\":\"vpc-7d397e15\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-e98bd481\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"InstanceTenancy\":\"default\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:vpc/vpc-7d397e15\",\"vpc-7d397e15\"],\"name\":\"vpc-7d397e15\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:vpc/vpc-0655e251b572f3c6c\",\"vpc-0655e251b572f3c6c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:vpc/vpc-0655e251b572f3c6c\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"buildsec-ec2-vpc\",\"Key\":\"Name\"}],\"CidrBlock\":\"10.1.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0619c716c0bd82661\",\"CidrBlock\":\"10.1.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-8f1846e7\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":false,\"State\":\"available\",\"VpcId\":\"vpc-0655e251b572f3c6c\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:vpc/vpc-0655e251b572f3c6c\",\"vpc-0655e251b572f3c6c\"],\"name\":\"vpc-0655e251b572f3c6c\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"raw\":{\"vpc\":{\"DhcpOptionsId\":\"dopt-00483d5d92abd1e8f\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-07a563f0f2224524c\",\"IpSource\":\"amazon\",\"Ipv6AddressAttribute\":\"public\",\"Ipv6CidrBlock\":\"2a05:d01c:3c9:ff00::/56\",\"Ipv6CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"Ipv6Pool\":\"Amazon\",\"NetworkBorderGroup\":\"eu-west-2\"}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"kops-csp-demo-1.k8s.local\",\"Key\":\"KubernetesCluster\"},{\"Key\":\"Name\",\"Value\":\"kops-csp-demo-1.k8s.local\"},{\"Key\":\"kubernetes.io/cluster/kops-csp-demo-1.k8s.local\",\"Value\":\"owned\"}],\"CidrBlock\":\"172.20.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-02ba0cd3b7c3da7dd\",\"CidrBlock\":\"172.20.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"VpcId\":\"vpc-058b21b3bf0f435b0\",\"IsDefault\":false,\"State\":\"available\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-2:704479110758:vpc/vpc-058b21b3bf0f435b0\",\"vpc-058b21b3bf0f435b0\"],\"name\":\"vpc-058b21b3bf0f435b0\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-2:704479110758:vpc/vpc-058b21b3bf0f435b0\",\"vpc-058b21b3bf0f435b0\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-2:704479110758:vpc/vpc-058b21b3bf0f435b0\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-1:704479110758:vpc/vpc-73d2e309\",\"vpc-73d2e309\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-1:704479110758:vpc/vpc-73d2e309\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"Tags\":null,\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-46dddf2a\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":true,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"VpcId\":\"vpc-73d2e309\",\"CidrBlock\":\"172.31.0.0/16\",\"DhcpOptionsId\":\"dopt-9012c0ea\",\"InstanceTenancy\":\"default\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:us-east-1:704479110758:vpc/vpc-73d2e309\",\"vpc-73d2e309\"],\"name\":\"vpc-73d2e309\",\"category\":\"infrastructure\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:vpc/vpc-0e4b5c650a5bc0bdd\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"buildsec-ec2-vpc\"}],\"CidrBlock\":\"10.1.0.0/16\",\"CidrBlockAssociationSet\":[{\"CidrBlockState\":{\"StatusMessage\":null,\"State\":\"associated\"},\"AssociationId\":\"vpc-cidr-assoc-05f20d544f430b0e9\",\"CidrBlock\":\"10.1.0.0/16\"}],\"Ipv6CidrBlockAssociationSet\":null,\"State\":\"available\",\"VpcId\":\"vpc-0e4b5c650a5bc0bdd\",\"DhcpOptionsId\":\"dopt-a1627ac8\",\"InstanceTenancy\":\"default\",\"IsDefault\":false},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:vpc/vpc-0e4b5c650a5bc0bdd\",\"vpc-0e4b5c650a5bc0bdd\"],\"name\":\"vpc-0e4b5c650a5bc0bdd\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:vpc/vpc-0e4b5c650a5bc0bdd\",\"vpc-0e4b5c650a5bc0bdd\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"region\":\"eu-west-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:vpc/vpc-0bcb5768ab0ca697f\",\"vpc-0bcb5768ab0ca697f\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:vpc/vpc-0bcb5768ab0ca697f\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:vpc/vpc-0bcb5768ab0ca697f\",\"vpc-0bcb5768ab0ca697f\"],\"name\":\"vpc-0bcb5768ab0ca697f\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"IsDefault\":false,\"State\":\"available\",\"VpcId\":\"vpc-0bcb5768ab0ca697f\",\"DhcpOptionsId\":\"dopt-a1627ac8\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-3:704479110758:stack/eksctl-qa-8-8-bc3-cluster/7a9e02d0-f002-11ed-a001-0ec2ee260ba0\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"VPC\"},{\"Key\":\"eksctl.cluster.k8s.io/v1alpha1/cluster-name\",\"Value\":\"qa-8-8-bc3\"},{\"Key\":\"alpha.eksctl.io/cluster-name\",\"Value\":\"qa-8-8-bc3\"},{\"Key\":\"alpha.eksctl.io/eksctl-version\",\"Value\":\"0.139.0\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"eksctl-qa-8-8-bc3-cluster\"},{\"Key\":\"alpha.eksctl.io/cluster-oidc-enabled\",\"Value\":\"false\"},{\"Key\":\"Name\",\"Value\":\"eksctl-qa-8-8-bc3-cluster/VPC\"}],\"CidrBlock\":\"192.168.0.0/16\",\"CidrBlockAssociationSet\":[{\"CidrBlock\":\"192.168.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-0009000dd49f7c784\"}]},\"flow_logs\":[]}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-3:704479110758:vpc/vpc-cf796aa6\",\"vpc-cf796aa6\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-3:704479110758:vpc/vpc-cf796aa6\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"CidrBlock\":\"172.31.0.0/16\",\"InstanceTenancy\":\"default\",\"IsDefault\":true,\"State\":\"available\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-a6bd78ce\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-a1627ac8\",\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"Tags\":null,\"VpcId\":\"vpc-cf796aa6\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-3:704479110758:vpc/vpc-cf796aa6\",\"vpc-cf796aa6\"],\"name\":\"vpc-cf796aa6\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-3\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:ca-central-1:704479110758:vpc/vpc-8bb1fde3\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-611f4509\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-267f584e\",\"InstanceTenancy\":\"default\",\"IsDefault\":true,\"State\":\"available\",\"Tags\":null,\"VpcId\":\"vpc-8bb1fde3\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:ca-central-1:704479110758:vpc/vpc-8bb1fde3\",\"vpc-8bb1fde3\"],\"name\":\"vpc-8bb1fde3\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ca-central-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ca-central-1:704479110758:vpc/vpc-8bb1fde3\",\"vpc-8bb1fde3\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-1:704479110758:vpc/vpc-f6816890\",\"vpc-f6816890\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-1:704479110758:vpc/vpc-f6816890\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"flow_logs\":[],\"vpc\":{\"State\":\"available\",\"Tags\":null,\"VpcId\":\"vpc-f6816890\",\"CidrBlock\":\"172.31.0.0/16\",\"DhcpOptionsId\":\"dopt-73afb614\",\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-979a4bfc\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"InstanceTenancy\":\"default\",\"IsDefault\":true}},\"id\":[\"arn:aws:ec2:us-west-1:704479110758:vpc/vpc-f6816890\",\"vpc-f6816890\"],\"name\":\"vpc-f6816890\"},\"cloud\":{\"region\":\"us-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-southeast-1:704479110758:vpc/vpc-e4a9b483\",\"vpc-e4a9b483\"],\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-1:704479110758:vpc/vpc-e4a9b483\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"raw\":{\"vpc\":{\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":null,\"VpcId\":\"vpc-e4a9b483\",\"CidrBlock\":\"172.31.0.0/16\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":true,\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-cfb813a4\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"StatusMessage\":null,\"State\":\"associated\"}}],\"DhcpOptionsId\":\"dopt-f1766196\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:ap-southeast-1:704479110758:vpc/vpc-e4a9b483\",\"vpc-e4a9b483\"],\"name\":\"vpc-e4a9b483\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-southeast-1\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:ap-northeast-3:704479110758:vpc/vpc-04076d6d\",\"vpc-04076d6d\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-3:704479110758:vpc/vpc-04076d6d\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"CidrBlock\":\"172.31.0.0/16\",\"Ipv6CidrBlockAssociationSet\":null,\"State\":\"available\",\"VpcId\":\"vpc-04076d6d\",\"CidrBlockAssociationSet\":[{\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-fb541592\",\"CidrBlock\":\"172.31.0.0/16\"}],\"DhcpOptionsId\":\"dopt-c7235eae\",\"InstanceTenancy\":\"default\",\"IsDefault\":true,\"OwnerId\":\"704479110758\",\"Tags\":null},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:ap-northeast-3:704479110758:vpc/vpc-04076d6d\",\"vpc-04076d6d\"],\"name\":\"vpc-04076d6d\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-northeast-3\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-2:704479110758:vpc/vpc-3e76af55\",\"vpc-3e76af55\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-2:704479110758:vpc/vpc-3e76af55\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"tags\":null,\"raw\":{\"vpc\":{\"DhcpOptionsId\":\"dopt-e66ae78d\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":true,\"State\":\"available\",\"VpcId\":\"vpc-3e76af55\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-efc5f687\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"InstanceTenancy\":\"default\",\"OwnerId\":\"704479110758\",\"Tags\":null},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:ap-northeast-2:704479110758:vpc/vpc-3e76af55\",\"vpc-3e76af55\"],\"name\":\"vpc-3e76af55\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-2\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-northeast-1\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-northeast-1:704479110758:vpc/vpc-75343a12\",\"vpc-75343a12\"],\"entity.metadata\":{\"arn:aws:ec2:ap-northeast-1:704479110758:vpc/vpc-75343a12\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"flow_logs\":[],\"vpc\":{\"CidrBlock\":\"172.31.0.0/16\",\"DhcpOptionsId\":\"dopt-39dce85e\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-75343a12\",\"CidrBlockAssociationSet\":[{\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-15bcb77d\"}],\"IsDefault\":true,\"State\":\"available\",\"Tags\":null}},\"id\":[\"arn:aws:ec2:ap-northeast-1:704479110758:vpc/vpc-75343a12\",\"vpc-75343a12\"],\"name\":\"vpc-75343a12\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:vpc/vpc-09b1bd8bbf4508a52\",\"vpc-09b1bd8bbf4508a52\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:vpc/vpc-09b1bd8bbf4508a52\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"flow_logs\":[],\"vpc\":{\"DhcpOptionsId\":\"dopt-9c5cfaf7\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"cloud-nuke-first-seen\",\"Value\":\"2022-12-04T11:27:09Z\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-east-2:704479110758:stack/eks-vpc-elastic/ad361b00-365f-11ec-b99c-0aa9570074f2\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"VPC\"},{\"Key\":\"Name\",\"Value\":\"eks-vpc-elastic-VPC\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"eks-vpc-elastic\"}],\"CidrBlock\":\"192.168.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0734c34ac7c872882\",\"CidrBlock\":\"192.168.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"IsDefault\":false,\"State\":\"available\",\"VpcId\":\"vpc-09b1bd8bbf4508a52\"}},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:vpc/vpc-09b1bd8bbf4508a52\",\"vpc-09b1bd8bbf4508a52\"],\"name\":\"vpc-09b1bd8bbf4508a52\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"id\":[\"arn:aws:ec2:us-east-2:704479110758:vpc/vpc-0fa96564\",\"vpc-0fa96564\"],\"name\":\"vpc-0fa96564\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"VpcId\":\"vpc-0fa96564\",\"CidrBlock\":\"172.31.0.0/16\",\"DhcpOptionsId\":\"dopt-9c5cfaf7\",\"InstanceTenancy\":\"default\",\"IsDefault\":true,\"State\":\"available\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-aea46ac5\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"Tags\":null},\"flow_logs\":[]}},\"cloud\":{\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:vpc/vpc-0fa96564\",\"vpc-0fa96564\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:vpc/vpc-0fa96564\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:us-east-2:704479110758:vpc/vpc-02c354cf7457127fd\",\"vpc-02c354cf7457127fd\"],\"entity.metadata\":{\"arn:aws:ec2:us-east-2:704479110758:vpc/vpc-02c354cf7457127fd\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"raw\":{\"vpc\":{\"CidrBlock\":\"192.168.0.0/16\",\"CidrBlockAssociationSet\":[{\"CidrBlock\":\"192.168.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-0dee5486fb165fb6b\"}],\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"eksctl-exciting-gopher-1659539920-cluster/VPC\"},{\"Value\":\"false\",\"Key\":\"alpha.eksctl.io/cluster-oidc-enabled\"},{\"Key\":\"cloud-nuke-first-seen\",\"Value\":\"2022-12-04T11:27:10Z\"},{\"Value\":\"exciting-gopher-1659539920\",\"Key\":\"eksctl.cluster.k8s.io/v1alpha1/cluster-name\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"VPC\"},{\"Key\":\"alpha.eksctl.io/cluster-name\",\"Value\":\"exciting-gopher-1659539920\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:us-east-2:704479110758:stack/eksctl-exciting-gopher-1659539920-cluster/8fdff540-133f-11ed-9805-022008bbe766\"},{\"Key\":\"alpha.eksctl.io/eksctl-version\",\"Value\":\"0.107.0\"},{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"eksctl-exciting-gopher-1659539920-cluster\"}],\"VpcId\":\"vpc-02c354cf7457127fd\",\"DhcpOptionsId\":\"dopt-9c5cfaf7\",\"IsDefault\":false,\"OwnerId\":\"704479110758\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:us-east-2:704479110758:vpc/vpc-02c354cf7457127fd\",\"vpc-02c354cf7457127fd\"],\"name\":\"vpc-02c354cf7457127fd\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:ec2:ap-southeast-2:704479110758:vpc/vpc-bbfefedc\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"flow_logs\":[],\"vpc\":{\"Ipv6CidrBlockAssociationSet\":null,\"Tags\":null,\"CidrBlockAssociationSet\":[{\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-996984f2\",\"CidrBlock\":\"172.31.0.0/16\"}],\"DhcpOptionsId\":\"dopt-6593b102\",\"InstanceTenancy\":\"default\",\"State\":\"available\",\"VpcId\":\"vpc-bbfefedc\",\"CidrBlock\":\"172.31.0.0/16\",\"IsDefault\":true,\"OwnerId\":\"704479110758\"}},\"id\":[\"arn:aws:ec2:ap-southeast-2:704479110758:vpc/vpc-bbfefedc\",\"vpc-bbfefedc\"],\"name\":\"vpc-bbfefedc\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-southeast-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-southeast-2:704479110758:vpc/vpc-bbfefedc\",\"vpc-bbfefedc\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:vpc/vpc-36a1394e\",\"vpc-36a1394e\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:vpc/vpc-36a1394e\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"flow_logs\":[],\"vpc\":{\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-17ba8d7d\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-3588194d\",\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":null,\"CidrBlock\":\"172.31.0.0/16\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":true,\"VpcId\":\"vpc-36a1394e\"}},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:vpc/vpc-36a1394e\",\"vpc-36a1394e\"],\"name\":\"vpc-36a1394e\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"us-west-2\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:ec2:us-west-2:704479110758:vpc/vpc-0180a1dc90512f144\",\"vpc-0180a1dc90512f144\"],\"entity.metadata\":{\"arn:aws:ec2:us-west-2:704479110758:vpc/vpc-0180a1dc90512f144\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"IsDefault\":false,\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-067c15175b2e65bd3\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-3588194d\",\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"aws-reinvent-2024-pwncloud-vpc-f934c03f\"}],\"VpcId\":\"vpc-0180a1dc90512f144\",\"CidrBlock\":\"10.0.0.0/16\",\"InstanceTenancy\":\"default\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:us-west-2:704479110758:vpc/vpc-0180a1dc90512f144\",\"vpc-0180a1dc90512f144\"],\"name\":\"vpc-0180a1dc90512f144\",\"category\":\"infrastructure\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:sa-east-1:704479110758:vpc/vpc-f7181690\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"raw\":{\"vpc\":{\"CidrBlock\":\"172.31.0.0/16\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":true,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":null,\"CidrBlockAssociationSet\":[{\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-844770ec\",\"CidrBlock\":\"172.31.0.0/16\"}],\"DhcpOptionsId\":\"dopt-5368f334\",\"VpcId\":\"vpc-f7181690\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:sa-east-1:704479110758:vpc/vpc-f7181690\",\"vpc-f7181690\"],\"name\":\"vpc-f7181690\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"sa-east-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:sa-east-1:704479110758:vpc/vpc-f7181690\",\"vpc-f7181690\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:vpc/vpc-0d34957e50abb854b\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"DhcpOptionsId\":\"dopt-25ee134e\",\"IsDefault\":false,\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc\"}],\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0cb897584a85426a6\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-0d34957e50abb854b\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:vpc/vpc-0d34957e50abb854b\",\"vpc-0d34957e50abb854b\"],\"name\":\"vpc-0d34957e50abb854b\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:vpc/vpc-0d34957e50abb854b\",\"vpc-0d34957e50abb854b\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"tags\":null,\"raw\":{\"vpc\":{\"State\":\"available\",\"VpcId\":\"vpc-eb7e6883\",\"CidrBlockAssociationSet\":[{\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-96fad0fe\",\"CidrBlock\":\"172.31.0.0/16\"}],\"IsDefault\":true,\"OwnerId\":\"704479110758\",\"Ipv6CidrBlockAssociationSet\":null,\"Tags\":null,\"CidrBlock\":\"172.31.0.0/16\",\"DhcpOptionsId\":\"dopt-25ee134e\",\"InstanceTenancy\":\"default\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:vpc/vpc-eb7e6883\",\"vpc-eb7e6883\"],\"name\":\"vpc-eb7e6883\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:vpc/vpc-eb7e6883\",\"vpc-eb7e6883\"],\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:vpc/vpc-eb7e6883\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc\"}],\"VpcId\":\"vpc-0400c449f7d20cd09\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0ec54771a1a09da8a\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-25ee134e\",\"Ipv6CidrBlockAssociationSet\":null,\"State\":\"available\",\"CidrBlock\":\"10.0.0.0/16\",\"InstanceTenancy\":\"default\",\"IsDefault\":false,\"OwnerId\":\"704479110758\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:ap-south-1:704479110758:vpc/vpc-0400c449f7d20cd09\",\"vpc-0400c449f7d20cd09\"],\"name\":\"vpc-0400c449f7d20cd09\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"ap-south-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:ap-south-1:704479110758:vpc/vpc-0400c449f7d20cd09\",\"vpc-0400c449f7d20cd09\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:ec2:ap-south-1:704479110758:vpc/vpc-0400c449f7d20cd09\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0e838e42ce3e6d30c\",\"vpc-0e838e42ce3e6d30c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0e838e42ce3e6d30c\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-WWZ-vpc\"}],\"CidrBlockAssociationSet\":[{\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-05f32c764a21590fc\",\"CidrBlock\":\"10.0.0.0/16\"}],\"InstanceTenancy\":\"default\",\"OwnerId\":\"704479110758\",\"State\":\"available\",\"VpcId\":\"vpc-0e838e42ce3e6d30c\",\"CidrBlock\":\"10.0.0.0/16\",\"DhcpOptionsId\":\"dopt-5c78263a\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":false},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0e838e42ce3e6d30c\",\"vpc-0e838e42ce3e6d30c\"],\"name\":\"vpc-0e838e42ce3e6d30c\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\"},\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-Gfp-vpc\"}],\"VpcId\":\"vpc-0de5d19ac894b58c9\",\"CidrBlock\":\"10.0.0.0/16\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":false,\"OwnerId\":\"704479110758\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-04acdd75e9eafba88\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"StatusMessage\":null,\"State\":\"associated\"}}],\"DhcpOptionsId\":\"dopt-5c78263a\",\"InstanceTenancy\":\"default\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0de5d19ac894b58c9\",\"vpc-0de5d19ac894b58c9\"],\"name\":\"vpc-0de5d19ac894b58c9\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0de5d19ac894b58c9\",\"vpc-0de5d19ac894b58c9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0de5d19ac894b58c9\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0bf78569aaae50b84\",\"vpc-0bf78569aaae50b84\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0bf78569aaae50b84\":{\"type\":\"virtual-network\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"VpcId\":\"vpc-0bf78569aaae50b84\",\"CidrBlock\":\"10.0.0.0/16\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-SXE-vpc\"}],\"CidrBlockAssociationSet\":[{\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-04f7bf5f2b2f3a1c8\"}],\"DhcpOptionsId\":\"dopt-5c78263a\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0bf78569aaae50b84\",\"vpc-0bf78569aaae50b84\"],\"name\":\"vpc-0bf78569aaae50b84\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-05eeaaeb72e2eb28b\",\"vpc-05eeaaeb72e2eb28b\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-05eeaaeb72e2eb28b\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-01a4f49f57e6cd559\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-5c78263a\",\"IsDefault\":false,\"State\":\"available\",\"VpcId\":\"vpc-05eeaaeb72e2eb28b\",\"CidrBlock\":\"10.0.0.0/16\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-5jA-vpc\"}]},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-05eeaaeb72e2eb28b\",\"vpc-05eeaaeb72e2eb28b\"],\"name\":\"vpc-05eeaaeb72e2eb28b\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"tags\":null,\"raw\":{\"vpc\":{\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"dg-cis-vpc\"}],\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0b0338db3dfc59c03\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"InstanceTenancy\":\"default\",\"DhcpOptionsId\":\"dopt-5c78263a\",\"VpcId\":\"vpc-06b023d1fc8665055\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-06b023d1fc8665055\",\"vpc-06b023d1fc8665055\"],\"name\":\"vpc-06b023d1fc8665055\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-06b023d1fc8665055\",\"vpc-06b023d1fc8665055\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-06b023d1fc8665055\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-05dd3a849e821fafc\",\"vpc-05dd3a849e821fafc\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-05dd3a849e821fafc\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"name\":\"vpc-05dd3a849e821fafc\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-AhU-vpc\"}],\"CidrBlock\":\"10.0.0.0/16\",\"DhcpOptionsId\":\"dopt-5c78263a\",\"State\":\"available\",\"IsDefault\":false,\"OwnerId\":\"704479110758\",\"VpcId\":\"vpc-05dd3a849e821fafc\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0e50c57606c9fbf61\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-05dd3a849e821fafc\",\"vpc-05dd3a849e821fafc\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-pEN-vpc\"}],\"VpcId\":\"vpc-04ece708af6c9b689\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0ccb15f35c55bc67e\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-5c78263a\",\"InstanceTenancy\":\"default\",\"IsDefault\":false,\"State\":\"available\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-04ece708af6c9b689\",\"vpc-04ece708af6c9b689\"],\"name\":\"vpc-04ece708af6c9b689\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"resource_policies\":[],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-04ece708af6c9b689\",\"vpc-04ece708af6c9b689\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-04ece708af6c9b689\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-02190da3c759732a9\",\"vpc-02190da3c759732a9\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-02190da3c759732a9\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"raw\":{\"vpc\":{\"IsDefault\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"cloudbeat-tf-T5Z-vpc\"}],\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-098a75dec1561bf3b\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-5c78263a\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"VpcId\":\"vpc-02190da3c759732a9\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-02190da3c759732a9\",\"vpc-02190da3c759732a9\"],\"name\":\"vpc-02190da3c759732a9\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0a2008710cab48539\",\"vpc-0a2008710cab48539\"],\"name\":\"vpc-0a2008710cab48539\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"CidrBlock\":\"192.168.0.0/16\",\"InstanceTenancy\":\"default\",\"VpcId\":\"vpc-0a2008710cab48539\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-07d78e3361c06d158\",\"CidrBlock\":\"192.168.0.0/16\",\"CidrBlockState\":{\"StatusMessage\":null,\"State\":\"associated\"}}],\"DhcpOptionsId\":\"dopt-5c78263a\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":[{\"Key\":\"aws:cloudformation:stack-name\",\"Value\":\"eksctl-testcluster-cluster\"},{\"Key\":\"alpha.eksctl.io/cluster-oidc-enabled\",\"Value\":\"false\"},{\"Key\":\"alpha.eksctl.io/eksctl-version\",\"Value\":\"0.131.0-dev+d4917e5d1.2023-02-23T12:50:40Z\"},{\"Key\":\"Name\",\"Value\":\"eksctl-testcluster-cluster/VPC\"},{\"Key\":\"aws:cloudformation:stack-id\",\"Value\":\"arn:aws:cloudformation:eu-west-1:704479110758:stack/eksctl-testcluster-cluster/361fc040-b848-11ed-bfcd-0614f5444b31\"},{\"Key\":\"alpha.eksctl.io/cluster-name\",\"Value\":\"testcluster\"},{\"Key\":\"eksctl.cluster.k8s.io/v1alpha1/cluster-name\",\"Value\":\"testcluster\"},{\"Key\":\"aws:cloudformation:logical-id\",\"Value\":\"VPC\"}]},\"flow_logs\":[]}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0a2008710cab48539\",\"vpc-0a2008710cab48539\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0a2008710cab48539\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-6cb55a15\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"raw\":{\"flow_logs\":[],\"vpc\":{\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":true,\"OwnerId\":\"704479110758\",\"Tags\":null,\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-95bbaffe\",\"CidrBlock\":\"172.31.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-5c78263a\",\"InstanceTenancy\":\"default\",\"State\":\"available\",\"VpcId\":\"vpc-6cb55a15\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-6cb55a15\",\"vpc-6cb55a15\"],\"name\":\"vpc-6cb55a15\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-6cb55a15\",\"vpc-6cb55a15\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-08d87433815da7907\",\"vpc-08d87433815da7907\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-08d87433815da7907\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-057d125bf6c63d067\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"State\":\"available\",\"CidrBlock\":\"10.0.0.0/16\",\"DhcpOptionsId\":\"dopt-5c78263a\",\"IsDefault\":false,\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kuba-logs-vpc\"}],\"VpcId\":\"vpc-08d87433815da7907\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-08d87433815da7907\",\"vpc-08d87433815da7907\"],\"name\":\"vpc-08d87433815da7907\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-096d5aaf84103883c\",\"vpc-096d5aaf84103883c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-096d5aaf84103883c\":{\"type\":\"virtual-network\",\"category\":\"infrastructure\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"flow_logs\":[],\"vpc\":{\"DhcpOptionsId\":\"dopt-5c78263a\",\"InstanceTenancy\":\"default\",\"IsDefault\":false,\"State\":\"available\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-01116da4669fb5fd8\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"Tags\":[{\"Value\":\"long-running-project-vpc\",\"Key\":\"Name\"}],\"VpcId\":\"vpc-096d5aaf84103883c\"}},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-096d5aaf84103883c\",\"vpc-096d5aaf84103883c\"],\"name\":\"vpc-096d5aaf84103883c\"},\"cloud\":{\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0b5ada4550b941390\",\"vpc-0b5ada4550b941390\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0b5ada4550b941390\":{\"type\":\"virtual-network\",\"category\":\"infrastructure\"}},\"asset\":{\"tags\":null,\"raw\":{\"vpc\":{\"DhcpOptionsId\":\"dopt-5c78263a\",\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"maxcold-wiz-vpc\"}],\"VpcId\":\"vpc-0b5ada4550b941390\",\"IsDefault\":false,\"State\":\"available\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-051bcad55b559af0f\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0b5ada4550b941390\",\"vpc-0b5ada4550b941390\"],\"name\":\"vpc-0b5ada4550b941390\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-00103fb710b9960ab\",\"vpc-00103fb710b9960ab\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-00103fb710b9960ab\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"raw\":{\"vpc\":{\"CidrBlock\":\"10.0.0.0/16\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":false,\"Tags\":[{\"Key\":\"Name\",\"Value\":\"benchmark-rules-vpc\"}],\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-045092909fb517c3c\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"DhcpOptionsId\":\"dopt-5c78263a\",\"OwnerId\":\"704479110758\",\"State\":\"available\",\"VpcId\":\"vpc-00103fb710b9960ab\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-00103fb710b9960ab\",\"vpc-00103fb710b9960ab\"],\"name\":\"vpc-00103fb710b9960ab\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"cloud\":{\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-06635215f51bfd343\",\"vpc-06635215f51bfd343\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-06635215f51bfd343\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"amir-env-vpc\"}],\"VpcId\":\"vpc-06635215f51bfd343\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0de87ca8160012e39\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":false,\"DhcpOptionsId\":\"dopt-5c78263a\",\"InstanceTenancy\":\"default\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-06635215f51bfd343\",\"vpc-06635215f51bfd343\"],\"name\":\"vpc-06635215f51bfd343\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-061fc9c22f73c7d3e\",\"vpc-061fc9c22f73c7d3e\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-061fc9c22f73c7d3e\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-061fc9c22f73c7d3e\",\"vpc-061fc9c22f73c7d3e\"],\"name\":\"vpc-061fc9c22f73c7d3e\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0c6a97b12f082895a\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"IsDefault\":false,\"State\":\"available\",\"Tags\":[{\"Value\":\"amir-env-vpc\",\"Key\":\"Name\"}],\"VpcId\":\"vpc-061fc9c22f73c7d3e\",\"CidrBlock\":\"10.0.0.0/16\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"OwnerId\":\"704479110758\",\"DhcpOptionsId\":\"dopt-5c78263a\"},\"flow_logs\":[]}},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"Ipv6CidrBlockAssociationSet\":null,\"State\":\"available\",\"DhcpOptionsId\":\"dopt-5c78263a\",\"InstanceTenancy\":\"default\",\"IsDefault\":false,\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"kfir-qa-project-vpc\"}],\"VpcId\":\"vpc-0096efe3aab3734db\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0b339874ff74e507c\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}]},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0096efe3aab3734db\",\"vpc-0096efe3aab3734db\"],\"name\":\"vpc-0096efe3aab3734db\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0096efe3aab3734db\",\"vpc-0096efe3aab3734db\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0096efe3aab3734db\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0d0d507f15a7baefb\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null,\"raw\":{\"vpc\":{\"State\":\"available\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"test-env-ci-tf-vpc\"}],\"VpcId\":\"vpc-0d0d507f15a7baefb\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-02e300ed5ffa90a24\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":false,\"OwnerId\":\"704479110758\",\"DhcpOptionsId\":\"dopt-5c78263a\",\"InstanceTenancy\":\"default\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0d0d507f15a7baefb\",\"vpc-0d0d507f15a7baefb\"],\"name\":\"vpc-0d0d507f15a7baefb\",\"category\":\"infrastructure\",\"sub_category\":\"network\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0d0d507f15a7baefb\",\"vpc-0d0d507f15a7baefb\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0a74788000c2f0013\",\"vpc-0a74788000c2f0013\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0a74788000c2f0013\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"raw\":{\"vpc\":{\"IsDefault\":false,\"OwnerId\":\"704479110758\",\"State\":\"available\",\"Tags\":[{\"Value\":\"cloudbeat-tf-nsZ-vpc\",\"Key\":\"Name\"}],\"CidrBlock\":\"10.0.0.0/16\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"CidrBlockAssociationSet\":[{\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null},\"AssociationId\":\"vpc-cidr-assoc-0eb765fddc07633a8\",\"CidrBlock\":\"10.0.0.0/16\"}],\"DhcpOptionsId\":\"dopt-5c78263a\",\"VpcId\":\"vpc-0a74788000c2f0013\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0a74788000c2f0013\",\"vpc-0a74788000c2f0013\"],\"name\":\"vpc-0a74788000c2f0013\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"},\"provider\":\"aws\",\"region\":\"eu-west-1\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:08:56.097+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:08:45.344Z\",\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0265091ed79292f2c\",\"vpc-0265091ed79292f2c\"],\"entity.metadata\":{\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0265091ed79292f2c\":{\"category\":\"infrastructure\",\"type\":\"virtual-network\"}},\"asset\":{\"tags\":null,\"raw\":{\"vpc\":{\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockAssociationSet\":[{\"AssociationId\":\"vpc-cidr-assoc-0b4bed2d805e896f8\",\"CidrBlock\":\"10.0.0.0/16\",\"CidrBlockState\":{\"State\":\"associated\",\"StatusMessage\":null}}],\"OwnerId\":\"704479110758\",\"Tags\":[{\"Key\":\"Name\",\"Value\":\"amir-env6-vpc\"}],\"DhcpOptionsId\":\"dopt-5c78263a\",\"InstanceTenancy\":\"default\",\"Ipv6CidrBlockAssociationSet\":null,\"IsDefault\":false,\"State\":\"available\",\"VpcId\":\"vpc-0265091ed79292f2c\"},\"flow_logs\":[]},\"id\":[\"arn:aws:ec2:eu-west-1:704479110758:vpc/vpc-0265091ed79292f2c\",\"vpc-0265091ed79292f2c\"],\"name\":\"vpc-0265091ed79292f2c\",\"category\":\"infrastructure\",\"sub_category\":\"network\",\"type\":\"virtual-network\",\"sub_type\":\"vpc\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"eu-west-1\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS Networking\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AccessAnalyzerMonitorServicePolicy_K5Y2BB6RLI\",\"ANPA2IBR2EZTHLQCCV5KQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AccessAnalyzerMonitorServicePolicy_K5Y2BB6RLI\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AccessAnalyzerMonitorServicePolicy_K5Y2BB6RLI\",\"ANPA2IBR2EZTHLQCCV5KQ\"],\"name\":\"AccessAnalyzerMonitorServicePolicy_K5Y2BB6RLI\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"roles\":null,\"AttachmentCount\":1,\"CreateDate\":\"2023-03-06T14:15:02Z\",\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AccessAnalyzerMonitorServicePolicy_K5Y2BB6RLI\",\"Tags\":null,\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Action\":\"cloudtrail:GetTrail\",\"Effect\":\"Allow\"},{\"Resource\":\"*\",\"Action\":[\"iam:GenerateServiceLastAccessedDetails\",\"iam:GetServiceLastAccessedDetails\"],\"Effect\":\"Allow\"},{\"Resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63\",\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/*\"],\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AccessAnalyzerMonitorServicePolicy_K5Y2BB6RLI\",\"Description\":null,\"PolicyId\":\"ANPA2IBR2EZTHLQCCV5KQ\",\"UpdateDate\":\"2023-03-06T14:15:02Z\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"cloudtrail:GetTrail\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/appsync-ds-ddb-jeqm57-AppSyncCommentTable-\",\"ANPA2IBR2EZTB7VXJORP3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/appsync-ds-ddb-jeqm57-AppSyncCommentTable-\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTB7VXJORP3\",\"document\":{\"Statement\":[{\"Resource\":[\"arn:aws:dynamodb:eu-west-1:704479110758:table/AppSyncCommentTable-xJJVaZKO\",\"arn:aws:dynamodb:eu-west-1:704479110758:table/AppSyncCommentTable-xJJVaZKO/*\"],\"Action\":[\"dynamodb:DeleteItem\",\"dynamodb:GetItem\",\"dynamodb:PutItem\",\"dynamodb:Query\",\"dynamodb:Scan\",\"dynamodb:UpdateItem\"],\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/appsync-ds-ddb-jeqm57-AppSyncCommentTable-\",\"CreateDate\":\"2021-06-28T11:10:16Z\",\"Description\":null,\"PolicyName\":\"appsync-ds-ddb-jeqm57-AppSyncCommentTable-\",\"IsAttachable\":true,\"Path\":\"/service-role/\",\"UpdateDate\":\"2021-06-28T11:10:16Z\",\"roles\":null},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/appsync-ds-ddb-jeqm57-AppSyncCommentTable-\",\"ANPA2IBR2EZTB7VXJORP3\"],\"name\":\"appsync-ds-ddb-jeqm57-AppSyncCommentTable-\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\",\"ANPA2IBR2EZTCEFQZOJBC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PermissionsBoundaryUsageCount\":0,\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\",\"DefaultVersionId\":\"v1\",\"document\":{\"Statement\":[{\"Action\":[\"dynamodb:DeleteItem\",\"dynamodb:GetItem\",\"dynamodb:PutItem\",\"dynamodb:Query\",\"dynamodb:Scan\",\"dynamodb:UpdateItem\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:dynamodb:eu-west-1:704479110758:table/AppSyncEventTable-xJJVaZKO\",\"arn:aws:dynamodb:eu-west-1:704479110758:table/AppSyncEventTable-xJJVaZKO/*\"]}],\"Version\":\"2012-10-17\"},\"roles\":null,\"IsAttachable\":true,\"Tags\":null,\"UpdateDate\":\"2021-06-28T11:10:17Z\",\"AttachmentCount\":1,\"CreateDate\":\"2021-06-28T11:10:17Z\",\"Description\":null,\"Path\":\"/service-role/\",\"PolicyId\":\"ANPA2IBR2EZTCEFQZOJBC\",\"PolicyName\":\"appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\"},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\",\"ANPA2IBR2EZTCEFQZOJBC\"],\"name\":\"appsync-ds-ddb-jeqm57-AppSyncEventTable-xJ\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTKWIDXGKP7\",\"PolicyName\":\"assume-eks-cloudbeat-tf-5jA\",\"Tags\":null,\"AttachmentCount\":1,\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"UpdateDate\":\"2024-02-13T09:39:55Z\",\"roles\":null,\"CreateDate\":\"2024-02-13T09:39:55Z\",\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Sid\":\"VisualEditor0\",\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/assume-eks-cloudbeat-tf-5jA\"},\"id\":[\"arn:aws:iam::704479110758:policy/assume-eks-cloudbeat-tf-5jA\",\"ANPA2IBR2EZTKWIDXGKP7\"],\"name\":\"assume-eks-cloudbeat-tf-5jA\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"action\":[\"sts:AssumeRole\"],\"resource\":[\"arn:aws:iam::704479110758:role/cloudbeat-tf-5jA\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/assume-eks-cloudbeat-tf-5jA\",\"ANPA2IBR2EZTKWIDXGKP7\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/assume-eks-cloudbeat-tf-5jA\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSGlueServiceRole-demoalb\",\"ANPA2IBR2EZTH4SMDGXSM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSGlueServiceRole-demoalb\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-12-02T14:20:38Z\",\"DefaultVersionId\":\"v1\",\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSGlueServiceRole-demoalb\",\"IsAttachable\":true,\"Path\":\"/service-role/\",\"Tags\":null,\"AttachmentCount\":1,\"PolicyName\":\"AWSGlueServiceRole-demoalb\",\"document\":{\"Statement\":[{\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::demo-alb-leseas8v/alb/*\"]}],\"Version\":\"2012-10-17\"},\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTH4SMDGXSM\",\"UpdateDate\":\"2020-12-02T14:20:38Z\",\"roles\":null},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSGlueServiceRole-demoalb\",\"ANPA2IBR2EZTH4SMDGXSM\"],\"name\":\"AWSGlueServiceRole-demoalb\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-109e7451-9f84-498b-8d44-083e9ca5c002\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-109e7451-9f84-498b-8d44-083e9ca5c002\",\"DefaultVersionId\":\"v1\",\"roles\":null,\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Resource\":\"arn:aws:logs:us-west-2:704479110758:*\",\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\"},{\"Resource\":[\"arn:aws:logs:us-west-2:704479110758:log-group:/aws/lambda/gtback-test-function:*\"],\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"PolicyId\":\"ANPA2IBR2EZTFXG2NKVHK\",\"PolicyName\":\"AWSLambdaBasicExecutionRole-109e7451-9f84-498b-8d44-083e9ca5c002\",\"Tags\":null,\"CreateDate\":\"2022-04-15T18:01:45Z\",\"IsAttachable\":true,\"Path\":\"/service-role/\",\"UpdateDate\":\"2022-04-15T18:01:45Z\",\"AttachmentCount\":1,\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-109e7451-9f84-498b-8d44-083e9ca5c002\",\"ANPA2IBR2EZTFXG2NKVHK\"],\"name\":\"AWSLambdaBasicExecutionRole-109e7451-9f84-498b-8d44-083e9ca5c002\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"action\":[\"logs:CreateLogGroup\"],\"resource\":[\"arn:aws:logs:us-west-2:704479110758:*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-109e7451-9f84-498b-8d44-083e9ca5c002\",\"ANPA2IBR2EZTFXG2NKVHK\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-1b7e2683-cf45-455a-98fb-d4cb9074bde1\",\"ANPA2IBR2EZTDKQ2HWF3A\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-1b7e2683-cf45-455a-98fb-d4cb9074bde1\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AWSLambdaBasicExecutionRole-1b7e2683-cf45-455a-98fb-d4cb9074bde1\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2022-04-14T19:12:41Z\",\"PolicyName\":\"AWSLambdaBasicExecutionRole-1b7e2683-cf45-455a-98fb-d4cb9074bde1\",\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-1b7e2683-cf45-455a-98fb-d4cb9074bde1\",\"IsAttachable\":true,\"PolicyId\":\"ANPA2IBR2EZTDKQ2HWF3A\",\"Tags\":null,\"UpdateDate\":\"2022-04-14T19:12:41Z\",\"document\":{\"Statement\":[{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:us-west-2:704479110758:*\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:us-west-2:704479110758:log-group:/aws/lambda/gtback-test-function:*\"]}],\"Version\":\"2012-10-17\"},\"Description\":null,\"DefaultVersionId\":\"v1\",\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0,\"roles\":null,\"AttachmentCount\":1},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-1b7e2683-cf45-455a-98fb-d4cb9074bde1\",\"ANPA2IBR2EZTDKQ2HWF3A\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"effect\":\"Allow\",\"action\":[\"logs:CreateLogGroup\"],\"resource\":[\"arn:aws:logs:us-west-2:704479110758:*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-2adedcc2-2aa7-4802-b0e6-db6d08950aa9\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-2adedcc2-2aa7-4802-b0e6-db6d08950aa9\",\"document\":{\"Statement\":[{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:us-west-2:704479110758:*\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:us-west-2:704479110758:log-group:/aws/lambda/test-function-gtback:*\"]}],\"Version\":\"2012-10-17\"},\"IsAttachable\":true,\"UpdateDate\":\"2022-04-18T22:33:49Z\",\"DefaultVersionId\":\"v1\",\"Tags\":null,\"roles\":null,\"PolicyName\":\"AWSLambdaBasicExecutionRole-2adedcc2-2aa7-4802-b0e6-db6d08950aa9\",\"AttachmentCount\":1,\"CreateDate\":\"2022-04-18T22:33:49Z\",\"Description\":null,\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTMBAXDQNAF\"},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-2adedcc2-2aa7-4802-b0e6-db6d08950aa9\",\"ANPA2IBR2EZTMBAXDQNAF\"],\"name\":\"AWSLambdaBasicExecutionRole-2adedcc2-2aa7-4802-b0e6-db6d08950aa9\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"logs:CreateLogGroup\"],\"resource\":[\"arn:aws:logs:us-west-2:704479110758:*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-2adedcc2-2aa7-4802-b0e6-db6d08950aa9\",\"ANPA2IBR2EZTMBAXDQNAF\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"logs:CreateLogGroup\"],\"resource\":[\"arn:aws:logs:us-west-2:704479110758:*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-3a3d20d1-312d-4cd7-a191-22761b32c197\",\"ANPA2IBR2EZTK5WNJN4NX\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-3a3d20d1-312d-4cd7-a191-22761b32c197\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"document\":{\"Statement\":[{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:us-west-2:704479110758:*\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:us-west-2:704479110758:log-group:/aws/lambda/gtback-test-function:*\"]}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Description\":null,\"Path\":\"/service-role/\",\"PolicyName\":\"AWSLambdaBasicExecutionRole-3a3d20d1-312d-4cd7-a191-22761b32c197\",\"CreateDate\":\"2022-04-20T17:48:36Z\",\"IsAttachable\":true,\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-3a3d20d1-312d-4cd7-a191-22761b32c197\",\"PolicyId\":\"ANPA2IBR2EZTK5WNJN4NX\",\"Tags\":null,\"UpdateDate\":\"2022-04-20T17:48:36Z\",\"AttachmentCount\":1,\"DefaultVersionId\":\"v1\",\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-3a3d20d1-312d-4cd7-a191-22761b32c197\",\"ANPA2IBR2EZTK5WNJN4NX\"],\"name\":\"AWSLambdaBasicExecutionRole-3a3d20d1-312d-4cd7-a191-22761b32c197\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"name\":\"AWSLambdaBasicExecutionRole-4fdcc5e3-2542-4dd1-b3ca-aebae4d94f6b\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2021-03-08T08:35:51Z\",\"Tags\":null,\"AttachmentCount\":1,\"PolicyId\":\"ANPA2IBR2EZTLSK54OHUE\",\"document\":{\"Statement\":[{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:eu-west-1:704479110758:*\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:eu-west-1:704479110758:log-group:/aws/lambda/test:*\"]}],\"Version\":\"2012-10-17\"},\"roles\":null,\"IsAttachable\":true,\"DefaultVersionId\":\"v1\",\"Description\":null,\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AWSLambdaBasicExecutionRole-4fdcc5e3-2542-4dd1-b3ca-aebae4d94f6b\",\"UpdateDate\":\"2021-03-08T08:35:51Z\",\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-4fdcc5e3-2542-4dd1-b3ca-aebae4d94f6b\"},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-4fdcc5e3-2542-4dd1-b3ca-aebae4d94f6b\",\"ANPA2IBR2EZTLSK54OHUE\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"resource\":[\"arn:aws:logs:eu-west-1:704479110758:*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"logs:CreateLogGroup\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-4fdcc5e3-2542-4dd1-b3ca-aebae4d94f6b\",\"ANPA2IBR2EZTLSK54OHUE\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-4fdcc5e3-2542-4dd1-b3ca-aebae4d94f6b\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"action\":[\"logs:CreateLogGroup\"],\"resource\":[\"arn:aws:logs:eu-west-1:704479110758:*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-bf39cf60-c75c-4ed0-b7db-555039645a24\",\"ANPA2IBR2EZTBNLA6YPNM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-bf39cf60-c75c-4ed0-b7db-555039645a24\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-bf39cf60-c75c-4ed0-b7db-555039645a24\",\"ANPA2IBR2EZTBNLA6YPNM\"],\"name\":\"AWSLambdaBasicExecutionRole-bf39cf60-c75c-4ed0-b7db-555039645a24\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"IsAttachable\":true,\"Path\":\"/service-role/\",\"AttachmentCount\":1,\"Tags\":null,\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-bf39cf60-c75c-4ed0-b7db-555039645a24\",\"CreateDate\":\"2020-11-30T19:25:30Z\",\"DefaultVersionId\":\"v1\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AWSLambdaBasicExecutionRole-bf39cf60-c75c-4ed0-b7db-555039645a24\",\"PolicyId\":\"ANPA2IBR2EZTBNLA6YPNM\",\"UpdateDate\":\"2020-11-30T19:25:30Z\",\"document\":{\"Statement\":[{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:eu-west-1:704479110758:*\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:eu-west-1:704479110758:log-group:/aws/lambda/Postgres_ReadOnly_User_Creation:*\"]}],\"Version\":\"2012-10-17\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"logs:CreateLogGroup\"],\"resource\":[\"arn:aws:logs:eu-west-1:704479110758:*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-bfabea5f-39f7-4b9b-8479-305a22b7efc0\",\"ANPA2IBR2EZTESI4SXSF4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-bfabea5f-39f7-4b9b-8479-305a22b7efc0\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"Description\":null,\"PolicyId\":\"ANPA2IBR2EZTESI4SXSF4\",\"UpdateDate\":\"2021-03-29T16:08:25Z\",\"PolicyName\":\"AWSLambdaBasicExecutionRole-bfabea5f-39f7-4b9b-8479-305a22b7efc0\",\"AttachmentCount\":1,\"CreateDate\":\"2021-03-29T16:08:25Z\",\"IsAttachable\":true,\"document\":{\"Statement\":[{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:eu-west-1:704479110758:*\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:eu-west-1:704479110758:log-group:/aws/lambda/test-lambda:*\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-bfabea5f-39f7-4b9b-8479-305a22b7efc0\",\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"roles\":null},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-bfabea5f-39f7-4b9b-8479-305a22b7efc0\",\"ANPA2IBR2EZTESI4SXSF4\"],\"name\":\"AWSLambdaBasicExecutionRole-bfabea5f-39f7-4b9b-8479-305a22b7efc0\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-c7671261-23b8-435c-b511-c7f4d07e8f7f\",\"ANPA2IBR2EZTPCB7ORNF5\"],\"name\":\"AWSLambdaBasicExecutionRole-c7671261-23b8-435c-b511-c7f4d07e8f7f\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-c7671261-23b8-435c-b511-c7f4d07e8f7f\",\"Description\":null,\"IsAttachable\":true,\"Path\":\"/service-role/\",\"DefaultVersionId\":\"v3\",\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2024-04-02T15:22:41Z\",\"document\":{\"Statement\":[{\"Resource\":\"arn:aws:logs:eu-west-1:704479110758:*\",\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:eu-west-1:704479110758:log-group:/aws/lambda/MapCreatedEC2s:*\"],\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\"]},{\"Action\":\"ec2:DescribeInstances\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ec2:DescribeRegions\",\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"CreateDate\":\"2024-03-31T10:20:21Z\",\"PolicyId\":\"ANPA2IBR2EZTPCB7ORNF5\",\"PolicyName\":\"AWSLambdaBasicExecutionRole-c7671261-23b8-435c-b511-c7f4d07e8f7f\",\"Tags\":null,\"roles\":null}},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"action\":[\"logs:CreateLogGroup\"],\"resource\":[\"arn:aws:logs:eu-west-1:704479110758:*\"],\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"ec2:DescribeInstances\"],\"resource\":[\"*\"]},{\"action\":[\"ec2:DescribeRegions\"],\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-c7671261-23b8-435c-b511-c7f4d07e8f7f\",\"ANPA2IBR2EZTPCB7ORNF5\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSLambdaBasicExecutionRole-c7671261-23b8-435c-b511-c7f4d07e8f7f\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightIAMPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AWSQuickSightIAMPolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"Description\":null,\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2024-10-16T18:23:10Z\",\"roles\":null,\"AttachmentCount\":1,\"document\":{\"Statement\":[{\"Action\":[\"iam:List*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightIAMPolicy\",\"CreateDate\":\"2024-10-16T18:23:10Z\",\"PolicyId\":\"ANPA2IBR2EZTCTHLJJJ4N\",\"PolicyName\":\"AWSQuickSightIAMPolicy\",\"Path\":\"/service-role/\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightIAMPolicy\",\"ANPA2IBR2EZTCTHLJJJ4N\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightIAMPolicy\",\"ANPA2IBR2EZTCTHLJJJ4N\"],\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Action\":[\"rds:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightRDSPolicy\",\"CreateDate\":\"2024-10-16T18:23:11Z\",\"Path\":\"/service-role/\",\"UpdateDate\":\"2024-10-16T18:23:11Z\",\"IsAttachable\":true,\"Tags\":null,\"AttachmentCount\":1,\"DefaultVersionId\":\"v1\",\"PolicyId\":\"ANPA2IBR2EZTIGA6Y4COB\",\"PolicyName\":\"AWSQuickSightRDSPolicy\"},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightRDSPolicy\",\"ANPA2IBR2EZTIGA6Y4COB\"],\"name\":\"AWSQuickSightRDSPolicy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightRDSPolicy\",\"ANPA2IBR2EZTIGA6Y4COB\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightRDSPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightRedshiftPolicy\",\"ANPA2IBR2EZTEUOQE2PJT\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightRedshiftPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"IsAttachable\":true,\"PolicyName\":\"AWSQuickSightRedshiftPolicy\",\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightRedshiftPolicy\",\"CreateDate\":\"2024-10-16T18:23:10Z\",\"DefaultVersionId\":\"v1\",\"Tags\":null,\"roles\":null,\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2024-10-16T18:23:10Z\",\"Path\":\"/service-role/\",\"PolicyId\":\"ANPA2IBR2EZTEUOQE2PJT\",\"document\":{\"Statement\":[{\"Action\":[\"redshift:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightRedshiftPolicy\",\"ANPA2IBR2EZTEUOQE2PJT\"],\"name\":\"AWSQuickSightRedshiftPolicy\",\"category\":\"identity\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightSecretsManagerReadOnlyPolicy\",\"ANPA2IBR2EZTMOT7OT2XJ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightSecretsManagerReadOnlyPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AWSQuickSightSecretsManagerReadOnlyPolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AWSQuickSightSecretsManagerReadOnlyPolicy\",\"UpdateDate\":\"2024-10-16T18:23:10Z\",\"roles\":null,\"AttachmentCount\":1,\"CreateDate\":\"2024-10-16T18:23:10Z\",\"DefaultVersionId\":\"v1\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightSecretsManagerReadOnlyPolicy\",\"Path\":\"/service-role/\",\"PolicyId\":\"ANPA2IBR2EZTMOT7OT2XJ\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:secretsmanager:us-east-1:704479110758:secret:DdApiKeySecret-aUFEgO4SmSGN-xqgqXR\"],\"Action\":[\"secretsmanager:GetSecretValue\"]}],\"Version\":\"2012-10-17\"},\"IsAttachable\":true},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/AWSQuickSightSecretsManagerReadOnlyPolicy\",\"ANPA2IBR2EZTMOT7OT2XJ\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/BuildSecSupport\",\"ANPA2IBR2EZTKKCA3KWBT\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/BuildSecSupport\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"BuildSecSupport\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTKKCA3KWBT\",\"UpdateDate\":\"2020-09-07T15:16:30Z\",\"AttachmentCount\":1,\"Tags\":null,\"DefaultVersionId\":\"v4\",\"IsAttachable\":true,\"document\":{\"Statement\":[{\"Action\":[\"trustedadvisor:DescribeAccount\",\"support:SearchForCases\",\"support:CreateCase\",\"support:DescribeCases\",\"support:DescribeIssueTypes\",\"support:DescribeSeverityLevels\",\"trustedadvisor:DescribeChecks\",\"support:DescribeServices\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor0\"}],\"Version\":\"2012-10-17\"},\"CreateDate\":\"2020-09-07T14:55:01Z\",\"Description\":null,\"Path\":\"/\",\"PolicyName\":\"BuildSecSupport\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/BuildSecSupport\"},\"id\":[\"arn:aws:iam::704479110758:policy/BuildSecSupport\",\"ANPA2IBR2EZTKKCA3KWBT\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/cloudbeat-tf-Jzj-cluster-ClusterEncryption20230204094300174600000008\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"DefaultVersionId\":\"v1\",\"PermissionsBoundaryUsageCount\":0,\"IsAttachable\":true,\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTKBS2N7GMQ\",\"UpdateDate\":\"2023-02-04T09:43:00Z\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/cloudbeat-tf-Jzj-cluster-ClusterEncryption20230204094300174600000008\",\"AttachmentCount\":1,\"CreateDate\":\"2023-02-04T09:43:00Z\",\"PolicyName\":\"cloudbeat-tf-Jzj-cluster-ClusterEncryption20230204094300174600000008\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"kms:Encrypt\",\"kms:Decrypt\",\"kms:ListGrants\",\"kms:DescribeKey\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:kms:eu-north-1:704479110758:key/777ef989-ec44-4a29-b174-ffc0850a78b0\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::704479110758:policy/cloudbeat-tf-Jzj-cluster-ClusterEncryption20230204094300174600000008\",\"ANPA2IBR2EZTKBS2N7GMQ\"],\"name\":\"cloudbeat-tf-Jzj-cluster-ClusterEncryption20230204094300174600000008\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"resource\":[\"arn:aws:kms:eu-north-1:704479110758:key/777ef989-ec44-4a29-b174-ffc0850a78b0\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/cloudbeat-tf-Jzj-cluster-ClusterEncryption20230204094300174600000008\",\"ANPA2IBR2EZTKBS2N7GMQ\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:kms:eu-north-1:704479110758:key/1bc2a7c2-4438-40c6-b75f-2417fd986c15\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/cloudbeat-tf-QZn-cluster-ClusterEncryption20230204160825885000000008\",\"ANPA2IBR2EZTLSYG5U7AG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/cloudbeat-tf-QZn-cluster-ClusterEncryption20230204160825885000000008\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"Description\":null,\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/cloudbeat-tf-QZn-cluster-ClusterEncryption20230204160825885000000008\",\"DefaultVersionId\":\"v1\",\"Path\":\"/\",\"PolicyName\":\"cloudbeat-tf-QZn-cluster-ClusterEncryption20230204160825885000000008\",\"CreateDate\":\"2023-02-04T16:08:25Z\",\"PolicyId\":\"ANPA2IBR2EZTLSYG5U7AG\",\"UpdateDate\":\"2023-02-04T16:08:25Z\",\"document\":{\"Statement\":[{\"Action\":[\"kms:Encrypt\",\"kms:Decrypt\",\"kms:ListGrants\",\"kms:DescribeKey\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:kms:eu-north-1:704479110758:key/1bc2a7c2-4438-40c6-b75f-2417fd986c15\"}],\"Version\":\"2012-10-17\"},\"roles\":null},\"id\":[\"arn:aws:iam::704479110758:policy/cloudbeat-tf-QZn-cluster-ClusterEncryption20230204160825885000000008\",\"ANPA2IBR2EZTLSYG5U7AG\"],\"name\":\"cloudbeat-tf-QZn-cluster-ClusterEncryption20230204160825885000000008\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/Cloudbeat_Eks_policy\",\"ANPA2IBR2EZTHTTO7JNRY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/Cloudbeat_Eks_policy\":{\"type\":\"policy\",\"category\":\"identity\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"roles\":null,\"UpdateDate\":\"2023-09-11T07:52:23Z\",\"Arn\":\"arn:aws:iam::704479110758:policy/Cloudbeat_Eks_policy\",\"Description\":null,\"IsAttachable\":true,\"PolicyName\":\"Cloudbeat_Eks_policy\",\"Tags\":null,\"document\":{\"Statement\":[{\"Sid\":\"VisualEditor0\",\"Action\":[\"ecr:GetRegistryPolicy\",\"eks:ListTagsForResource\",\"elasticloadbalancing:DescribeTags\",\"ecr-public:DescribeRegistries\",\"ecr:DescribeRegistry\",\"elasticloadbalancing:DescribeLoadBalancerPolicyTypes\",\"ecr:ListImages\",\"ecr-public:GetRepositoryPolicy\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeLoadBalancers\",\"ecr-public:DescribeRepositories\",\"eks:DescribeNodegroup\",\"ecr:DescribeImages\",\"elasticloadbalancing:DescribeLoadBalancerPolicies\",\"ecr:DescribeRepositories\",\"eks:DescribeCluster\",\"eks:ListClusters\",\"elasticloadbalancing:DescribeInstanceHealth\",\"ecr:GetRepositoryPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":2,\"CreateDate\":\"2022-07-31T11:34:52Z\",\"DefaultVersionId\":\"v2\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTHTTO7JNRY\"},\"id\":[\"arn:aws:iam::704479110758:policy/Cloudbeat_Eks_policy\",\"ANPA2IBR2EZTHTTO7JNRY\"],\"name\":\"Cloudbeat_Eks_policy\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/cloudtrail-logs-policy\",\"ANPA2IBR2EZTFEZQWL6NL\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/cloudtrail-logs-policy\":{\"type\":\"policy\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ce:GetCostAndUsage\",\"cloudwatch:GetMetricData\",\"cloudwatch:ListMetrics\",\"ec2:DescribeInstances\",\"ec2:DescribeRegions\",\"iam:ListAccountAliases\",\"logs:DescribeLogGroups\",\"logs:FilterLogEvents\",\"organizations:ListAccounts\",\"rds:DescribeDBInstances\",\"rds:ListTagsForResource\",\"s3:GetObject\",\"sns:ListTopics\",\"sqs:ChangeMessageVisibility\",\"sqs:DeleteMessage\",\"sqs:ListQueues\",\"sqs:ReceiveMessage\",\"sts:AssumeRole\",\"sts:GetCallerIdentity\",\"tag:GetResources\"]}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"IsAttachable\":true,\"DefaultVersionId\":\"v1\",\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTFEZQWL6NL\",\"PolicyName\":\"cloudtrail-logs-policy\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/cloudtrail-logs-policy\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2024-08-28T10:51:58Z\",\"CreateDate\":\"2024-08-28T10:51:58Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/cloudtrail-logs-policy\",\"ANPA2IBR2EZTFEZQWL6NL\"],\"name\":\"cloudtrail-logs-policy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_045c81e4-2131-4be0-985f-323f52f7cf90\",\"ANPA2IBR2EZTJIB4A4HAD\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_045c81e4-2131-4be0-985f-323f52f7cf90\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PolicyId\":\"ANPA2IBR2EZTJIB4A4HAD\",\"document\":{\"Statement\":[{\"Action\":[\"logs:CreateLogStream\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:eu-west-1:704479110758:log-group:aws-cloudtrail-logs-704479110758-3f2d0bcd:log-stream:704479110758_CloudTrail_eu-west-1*\"],\"Sid\":\"AWSCloudTrailCreateLogStream2014110\"},{\"Action\":[\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:eu-west-1:704479110758:log-group:aws-cloudtrail-logs-704479110758-3f2d0bcd:log-stream:704479110758_CloudTrail_eu-west-1*\"],\"Sid\":\"AWSCloudTrailPutLogEvents20141101\"}],\"Version\":\"2012-10-17\"},\"DefaultVersionId\":\"v1\",\"AttachmentCount\":1,\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_045c81e4-2131-4be0-985f-323f52f7cf90\",\"PolicyName\":\"CloudTrailPolicyForCloudWatchLogs_045c81e4-2131-4be0-985f-323f52f7cf90\",\"Tags\":null,\"UpdateDate\":\"2024-02-20T15:44:11Z\",\"roles\":null,\"CreateDate\":\"2024-02-20T15:44:11Z\",\"Path\":\"/service-role/\",\"IsAttachable\":true},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_045c81e4-2131-4be0-985f-323f52f7cf90\",\"ANPA2IBR2EZTJIB4A4HAD\"],\"name\":\"CloudTrailPolicyForCloudWatchLogs_045c81e4-2131-4be0-985f-323f52f7cf90\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"effect\":\"Allow\",\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailCreateLogStream2014110\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailPutLogEvents20141101\",\"effect\":\"Allow\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_0a68c7ae-c33f-4599-91f1-bed54fed6d5c\",\"ANPA2IBR2EZTHAJYZ6OAJ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_0a68c7ae-c33f-4599-91f1-bed54fed6d5c\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"IsAttachable\":true,\"Path\":\"/service-role/\",\"UpdateDate\":\"2023-03-26T11:46:21Z\",\"DefaultVersionId\":\"v1\",\"roles\":null,\"Tags\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"CloudTrailPolicyForCloudWatchLogs_0a68c7ae-c33f-4599-91f1-bed54fed6d5c\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:us-east-1:704479110758:log-group:aws-cloudtrail-logs-704479110758-2a23085a:log-stream:704479110758_CloudTrail_us-east-1*\"],\"Sid\":\"AWSCloudTrailCreateLogStream2014110\",\"Action\":[\"logs:CreateLogStream\"]},{\"Resource\":[\"arn:aws:logs:us-east-1:704479110758:log-group:aws-cloudtrail-logs-704479110758-2a23085a:log-stream:704479110758_CloudTrail_us-east-1*\"],\"Sid\":\"AWSCloudTrailPutLogEvents20141101\",\"Action\":[\"logs:PutLogEvents\"],\"Effect\":\"Allow\"}]},\"AttachmentCount\":1,\"CreateDate\":\"2023-03-26T11:46:21Z\",\"PolicyId\":\"ANPA2IBR2EZTHAJYZ6OAJ\",\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_0a68c7ae-c33f-4599-91f1-bed54fed6d5c\"},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_0a68c7ae-c33f-4599-91f1-bed54fed6d5c\",\"ANPA2IBR2EZTHAJYZ6OAJ\"],\"name\":\"CloudTrailPolicyForCloudWatchLogs_0a68c7ae-c33f-4599-91f1-bed54fed6d5c\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailCreateLogStream2014110\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailPutLogEvents20141101\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailCreateLogStream2014110\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailPutLogEvents20141101\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_2ebcab68-9ba3-4f47-85d6-b6e5761bdfb7\",\"ANPA2IBR2EZTPVDKLNSQR\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_2ebcab68-9ba3-4f47-85d6-b6e5761bdfb7\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"CreateDate\":\"2023-03-26T13:17:14Z\",\"Path\":\"/service-role/\",\"document\":{\"Statement\":[{\"Action\":[\"logs:CreateLogStream\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:eu-west-1:704479110758:log-group:aws-cloudtrail-logs-704479110758-3f2d0bcd:log-stream:704479110758_CloudTrail_eu-west-1*\"],\"Sid\":\"AWSCloudTrailCreateLogStream2014110\"},{\"Action\":[\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:eu-west-1:704479110758:log-group:aws-cloudtrail-logs-704479110758-3f2d0bcd:log-stream:704479110758_CloudTrail_eu-west-1*\"],\"Sid\":\"AWSCloudTrailPutLogEvents20141101\"}],\"Version\":\"2012-10-17\"},\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTPVDKLNSQR\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_2ebcab68-9ba3-4f47-85d6-b6e5761bdfb7\",\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"PolicyName\":\"CloudTrailPolicyForCloudWatchLogs_2ebcab68-9ba3-4f47-85d6-b6e5761bdfb7\",\"Tags\":null,\"UpdateDate\":\"2023-03-26T13:17:14Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_2ebcab68-9ba3-4f47-85d6-b6e5761bdfb7\",\"ANPA2IBR2EZTPVDKLNSQR\"],\"name\":\"CloudTrailPolicyForCloudWatchLogs_2ebcab68-9ba3-4f47-85d6-b6e5761bdfb7\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_75a5cf00-6501-446e-a08a-65944cece962\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"CloudTrailPolicyForCloudWatchLogs_75a5cf00-6501-446e-a08a-65944cece962\",\"UpdateDate\":\"2023-03-21T09:52:38Z\",\"document\":{\"Statement\":[{\"Resource\":[\"arn:aws:logs:us-west-2:704479110758:log-group:aws-cloudtrail-logs-704479110758-264ab649:log-stream:704479110758_CloudTrail_us-west-2*\"],\"Sid\":\"AWSCloudTrailCreateLogStream2014110\",\"Action\":[\"logs:CreateLogStream\"],\"Effect\":\"Allow\"},{\"Action\":[\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:us-west-2:704479110758:log-group:aws-cloudtrail-logs-704479110758-264ab649:log-stream:704479110758_CloudTrail_us-west-2*\"],\"Sid\":\"AWSCloudTrailPutLogEvents20141101\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_75a5cf00-6501-446e-a08a-65944cece962\",\"Description\":null,\"PolicyId\":\"ANPA2IBR2EZTDPAMINKSG\",\"Tags\":null,\"AttachmentCount\":1,\"CreateDate\":\"2023-03-21T09:52:38Z\",\"IsAttachable\":true,\"Path\":\"/service-role/\"},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_75a5cf00-6501-446e-a08a-65944cece962\",\"ANPA2IBR2EZTDPAMINKSG\"],\"name\":\"CloudTrailPolicyForCloudWatchLogs_75a5cf00-6501-446e-a08a-65944cece962\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailCreateLogStream2014110\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailPutLogEvents20141101\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_75a5cf00-6501-446e-a08a-65944cece962\",\"ANPA2IBR2EZTDPAMINKSG\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"CreateDate\":\"2023-05-14T10:36:36Z\",\"Description\":null,\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"PolicyName\":\"CloudTrailPolicyForCloudWatchLogs_8ec45a62-39be-45cc-9883-82d3d115c610\",\"roles\":null,\"Path\":\"/service-role/\",\"PolicyId\":\"ANPA2IBR2EZTJSKSBMJIP\",\"Tags\":null,\"UpdateDate\":\"2023-05-14T10:36:36Z\",\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_8ec45a62-39be-45cc-9883-82d3d115c610\",\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Action\":[\"logs:CreateLogStream\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:us-west-2:704479110758:log-group:aws-cloudtrail-logs-704479110758-28679765:log-stream:704479110758_CloudTrail_us-west-2*\"],\"Sid\":\"AWSCloudTrailCreateLogStream2014110\"},{\"Resource\":[\"arn:aws:logs:us-west-2:704479110758:log-group:aws-cloudtrail-logs-704479110758-28679765:log-stream:704479110758_CloudTrail_us-west-2*\"],\"Sid\":\"AWSCloudTrailPutLogEvents20141101\",\"Action\":[\"logs:PutLogEvents\"],\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_8ec45a62-39be-45cc-9883-82d3d115c610\",\"ANPA2IBR2EZTJSKSBMJIP\"],\"name\":\"CloudTrailPolicyForCloudWatchLogs_8ec45a62-39be-45cc-9883-82d3d115c610\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailCreateLogStream2014110\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailPutLogEvents20141101\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_8ec45a62-39be-45cc-9883-82d3d115c610\",\"ANPA2IBR2EZTJSKSBMJIP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_8ec45a62-39be-45cc-9883-82d3d115c610\":{\"type\":\"policy\",\"category\":\"identity\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailCreateLogStream2014110\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailPutLogEvents20141101\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_904e2a63-afe9-45d6-802f-b2709380729b\",\"ANPA2IBR2EZTHHSVRGNWD\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_904e2a63-afe9-45d6-802f-b2709380729b\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"DefaultVersionId\":\"v1\",\"Description\":null,\"roles\":null,\"PolicyId\":\"ANPA2IBR2EZTHHSVRGNWD\",\"PolicyName\":\"CloudTrailPolicyForCloudWatchLogs_904e2a63-afe9-45d6-802f-b2709380729b\",\"document\":{\"Statement\":[{\"Sid\":\"AWSCloudTrailCreateLogStream2014110\",\"Action\":[\"logs:CreateLogStream\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:us-west-2:704479110758:log-group:aws-cloudtrail-logs-704479110758-ec70b74e:log-stream:704479110758_CloudTrail_us-west-2*\"]},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:us-west-2:704479110758:log-group:aws-cloudtrail-logs-704479110758-ec70b74e:log-stream:704479110758_CloudTrail_us-west-2*\"],\"Sid\":\"AWSCloudTrailPutLogEvents20141101\",\"Action\":[\"logs:PutLogEvents\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_904e2a63-afe9-45d6-802f-b2709380729b\",\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2023-01-05T12:37:32Z\",\"CreateDate\":\"2023-01-05T12:37:32Z\",\"IsAttachable\":true,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_904e2a63-afe9-45d6-802f-b2709380729b\",\"ANPA2IBR2EZTHHSVRGNWD\"],\"name\":\"CloudTrailPolicyForCloudWatchLogs_904e2a63-afe9-45d6-802f-b2709380729b\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"raw\":{\"AttachmentCount\":1,\"PolicyId\":\"ANPA2IBR2EZTJHTF2ZNNM\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":[\"arn:aws:logs:eu-west-1:704479110758:log-group:aws-cloudtrail-logs-704479110758-dbfa5eba:log-stream:704479110758_CloudTrail_eu-west-1*\"],\"Sid\":\"AWSCloudTrailCreateLogStream2014110\",\"Action\":[\"logs:CreateLogStream\"],\"Effect\":\"Allow\"},{\"Sid\":\"AWSCloudTrailPutLogEvents20141101\",\"Action\":[\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:eu-west-1:704479110758:log-group:aws-cloudtrail-logs-704479110758-dbfa5eba:log-stream:704479110758_CloudTrail_eu-west-1*\"]}]},\"Arn\":\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_a5366667-0a4c-4b97-bbc7-6aa179e89109\",\"IsAttachable\":true,\"roles\":null,\"CreateDate\":\"2024-02-20T15:37:19Z\",\"DefaultVersionId\":\"v1\",\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"CloudTrailPolicyForCloudWatchLogs_a5366667-0a4c-4b97-bbc7-6aa179e89109\",\"Description\":null,\"Tags\":null,\"UpdateDate\":\"2024-02-20T15:37:19Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_a5366667-0a4c-4b97-bbc7-6aa179e89109\",\"ANPA2IBR2EZTJHTF2ZNNM\"],\"name\":\"CloudTrailPolicyForCloudWatchLogs_a5366667-0a4c-4b97-bbc7-6aa179e89109\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSCloudTrailCreateLogStream2014110\",\"effect\":\"Allow\"},{\"id\":\"AWSCloudTrailPutLogEvents20141101\",\"effect\":\"Allow\",\"version\":\"2012-10-17\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_a5366667-0a4c-4b97-bbc7-6aa179e89109\",\"ANPA2IBR2EZTJHTF2ZNNM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/service-role/CloudTrailPolicyForCloudWatchLogs_a5366667-0a4c-4b97-bbc7-6aa179e89109\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/csp-cross-account-role\",\"ANPA2IBR2EZTHUJPDDAA4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/csp-cross-account-role\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"name\":\"csp-cross-account-role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"IsAttachable\":true,\"PolicyId\":\"ANPA2IBR2EZTHUJPDDAA4\",\"PolicyName\":\"csp-cross-account-role\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"UpdateDate\":\"2022-12-22T12:13:03Z\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/csp-cross-account-role\",\"CreateDate\":\"2022-12-22T12:13:03Z\",\"Description\":null,\"document\":{\"Statement\":[{\"Sid\":\"VisualEditor0\",\"Action\":[\"s3:ListStorageLensConfigurations\",\"s3:ListAccessPointsForObjectLambda\",\"s3:ListBucketMultipartUploads\",\"s3:ListAllMyBuckets\",\"s3:ListAccessPoints\",\"s3:ListJobs\",\"s3:ListBucketVersions\",\"s3:ListBucket\",\"s3:ListMultiRegionAccessPoints\",\"s3:ListMultipartUploadParts\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"DefaultVersionId\":\"v1\"},\"id\":[\"arn:aws:iam::704479110758:policy/csp-cross-account-role\",\"ANPA2IBR2EZTHUJPDDAA4\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:iam::704479110758:policy/dev-cluster-asg_inline_Policy\",\"ANPA2IBR2EZTFZMUUKJM2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/dev-cluster-asg_inline_Policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"IsAttachable\":true,\"PolicyName\":\"dev-cluster-asg_inline_Policy\",\"roles\":null,\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTFZMUUKJM2\",\"UpdateDate\":\"2021-06-28T15:48:15Z\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"autoscaling:DescribeAutoScalingGroups\",\"autoscaling:DescribeAutoScalingInstances\",\"autoscaling:DescribeLaunchConfigurations\",\"autoscaling:DescribeTags\",\"autoscaling:SetDesiredCapacity\",\"autoscaling:TerminateInstanceInAutoScalingGroup\",\"ec2:DescribeLaunchTemplateVersions\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}]},\"Arn\":\"arn:aws:iam::704479110758:policy/dev-cluster-asg_inline_Policy\",\"CreateDate\":\"2021-06-28T15:48:15Z\",\"Description\":null,\"DefaultVersionId\":\"v1\"},\"id\":[\"arn:aws:iam::704479110758:policy/dev-cluster-asg_inline_Policy\",\"ANPA2IBR2EZTFZMUUKJM2\"],\"name\":\"dev-cluster-asg_inline_Policy\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/dev-eks-elb-sl-role-creation20210519150801473300000001\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"roles\":null,\"AttachmentCount\":1,\"CreateDate\":\"2021-05-19T15:08:02Z\",\"Description\":null,\"IsAttachable\":true,\"DefaultVersionId\":\"v1\",\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTBSGH6IMKS\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ec2:DescribeInternetGateways\",\"ec2:DescribeAccountAttributes\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"\"}]},\"Arn\":\"arn:aws:iam::704479110758:policy/dev-eks-elb-sl-role-creation20210519150801473300000001\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"dev-eks-elb-sl-role-creation20210519150801473300000001\",\"UpdateDate\":\"2021-05-19T15:08:02Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/dev-eks-elb-sl-role-creation20210519150801473300000001\",\"ANPA2IBR2EZTBSGH6IMKS\"],\"name\":\"dev-eks-elb-sl-role-creation20210519150801473300000001\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/dev-eks-elb-sl-role-creation20210519150801473300000001\",\"ANPA2IBR2EZTBSGH6IMKS\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/dev-eks-elb-sl-role-creation20210519174057146200000001\",\"ANPA2IBR2EZTBCEMLCDX2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/dev-eks-elb-sl-role-creation20210519174057146200000001\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:policy/dev-eks-elb-sl-role-creation20210519174057146200000001\",\"ANPA2IBR2EZTBCEMLCDX2\"],\"name\":\"dev-eks-elb-sl-role-creation20210519174057146200000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2021-05-19T17:40:57Z\",\"IsAttachable\":true,\"PolicyId\":\"ANPA2IBR2EZTBCEMLCDX2\",\"UpdateDate\":\"2021-05-19T17:40:57Z\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:DescribeInternetGateways\",\"ec2:DescribeAccountAttributes\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/dev-eks-elb-sl-role-creation20210519174057146200000001\",\"AttachmentCount\":1,\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"roles\":null,\"DefaultVersionId\":\"v1\",\"Path\":\"/\",\"PolicyName\":\"dev-eks-elb-sl-role-creation20210519174057146200000001\",\"Tags\":null}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/dev-ext_dns_Policy\",\"ANPA2IBR2EZTG7GZ35HBO\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/dev-ext_dns_Policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:policy/dev-ext_dns_Policy\",\"CreateDate\":\"2021-06-28T15:48:16Z\",\"Description\":null,\"Path\":\"/\",\"PolicyName\":\"dev-ext_dns_Policy\",\"Tags\":null,\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"UpdateDate\":\"2021-06-28T15:48:16Z\",\"document\":{\"Statement\":[{\"Resource\":[\"*\"],\"Action\":[\"route53:GetHostedZone\",\"route53:ListHostedZonesByName\",\"route53:ListHostedZones\",\"route53:ListResourceRecordSets\",\"route53:GetHealthCheck\",\"ec2:DescribeVpcs\",\"ec2:DescribeRegions\",\"servicediscovery:List*\",\"servicediscovery:Get*\",\"servicediscovery:Discover*\"],\"Effect\":\"Allow\"},{\"Action\":[\"route53:ChangeResourceRecordSets\",\"route53:DeleteHealthCheck\",\"route53:CreateHealthCheck\",\"route53:UpdateHealthCheck\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:route53:::hostedzone/Z07266301APWNB0Z0NR2H\",\"arn:aws:route53:::hostedzone/Z06144803J2I4NRAVX4K3\"]},{\"Action\":[\"servicediscovery:*\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:servicediscovery:eu-west-1:704479110758:namespace/ns-mviymhscjx6rv5gb\"]},{\"Action\":[\"servicediscovery:RegisterInstance\",\"servicediscovery:DeregisterInstance\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:servicediscovery:eu-west-1:704479110758:service/*\"]}],\"Version\":\"2012-10-17\"},\"PolicyId\":\"ANPA2IBR2EZTG7GZ35HBO\",\"AttachmentCount\":1,\"PermissionsBoundaryUsageCount\":0,\"roles\":null},\"id\":[\"arn:aws:iam::704479110758:policy/dev-ext_dns_Policy\",\"ANPA2IBR2EZTG7GZ35HBO\"],\"name\":\"dev-ext_dns_Policy\",\"category\":\"identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\"},{\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"autoscaling.amazonaws.com\",\"ec2scheduled.amazonaws.com\",\"elasticloadbalancing.amazonaws.com\",\"spot.amazonaws.com\",\"spotfleet.amazonaws.com\",\"transitgateway.amazonaws.com\"]}},\"version\":\"2012-10-17\",\"id\":\"VisualEditor1\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"]},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor2\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"eks.amazonaws.com\",\"eks-nodegroup.amazonaws.com\",\"eks-fargate.amazonaws.com\"]}}},{\"action\":[\"iam:GetRole\"],\"resource\":[\"arn:aws:iam::704479110758:role/*\"],\"version\":\"2012-10-17\",\"id\":\"VisualEditor3\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"version\":\"2012-10-17\",\"id\":\"VisualEditor4\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/Developers_eks\",\"ANPA2IBR2EZTNDIPTXKMU\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/Developers_eks\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\",\"UpdateDate\":\"2021-10-27T10:05:13Z\",\"DefaultVersionId\":\"v4\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"roles\":null,\"CreateDate\":\"2021-06-29T10:22:04Z\",\"Description\":null,\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor0\",\"Action\":[\"iam:UpdateAssumeRolePolicy\",\"iam:DeactivateMFADevice\",\"iam:CreateServiceSpecificCredential\",\"iam:DeleteAccessKey\",\"iam:DeleteGroup\",\"iam:UpdateOpenIDConnectProviderThumbprint\",\"iam:RemoveRoleFromInstanceProfile\",\"iam:UpdateGroup\",\"iam:CreateRole\",\"iam:AttachRolePolicy\",\"iam:PutRolePolicy\",\"autoscaling:*\",\"iam:AddRoleToInstanceProfile\",\"iam:SetSecurityTokenServicePreferences\",\"iam:CreateLoginProfile\",\"iam:DetachRolePolicy\",\"iam:CreateAccountAlias\",\"iam:DeleteServerCertificate\",\"iam:UploadSSHPublicKey\",\"iam:DetachGroupPolicy\",\"iam:DetachUserPolicy\",\"iam:DeleteOpenIDConnectProvider\",\"iam:ChangePassword\",\"iam:PutGroupPolicy\",\"iam:UpdateLoginProfile\",\"iam:UpdateServiceSpecificCredential\",\"iam:CreateGroup\",\"iam:RemoveClientIDFromOpenIDConnectProvider\",\"iam:UpdateUser\",\"iam:DeleteUserPolicy\",\"iam:AttachUserPolicy\",\"cloudformation:*\",\"iam:DeleteRole\",\"iam:UpdateRoleDescription\",\"iam:UpdateAccessKey\",\"iam:UpdateSSHPublicKey\",\"iam:UpdateServerCertificate\",\"iam:DeleteSigningCertificate\",\"cloudwatch:*\",\"iam:UpdateAccountPasswordPolicy\",\"ec2:*\",\"iam:DeleteServiceLinkedRole\",\"eks:*\",\"iam:CreateInstanceProfile\",\"iam:PutRolePermissionsBoundary\",\"iam:ResetServiceSpecificCredential\",\"iam:DeletePolicy\",\"iam:DeleteSSHPublicKey\",\"iam:CreateVirtualMFADevice\",\"iam:CreateSAMLProvider\",\"iam:DeleteRolePermissionsBoundary\",\"iam:CreateUser\",\"iam:CreateAccessKey\",\"iam:PassRole\",\"iam:AddUserToGroup\",\"iam:RemoveUserFromGroup\",\"iam:DeleteRolePolicy\",\"iam:EnableMFADevice\",\"iam:ResyncMFADevice\",\"kms:DescribeKey\",\"iam:DeleteAccountAlias\",\"iam:CreatePolicyVersion\",\"kms:CreateGrant\",\"iam:UpdateSAMLProvider\",\"iam:DeleteLoginProfile\",\"iam:DeleteInstanceProfile\",\"iam:UploadSigningCertificate\",\"iam:DeleteAccountPasswordPolicy\",\"iam:PutUserPermissionsBoundary\",\"elasticloadbalancing:*\",\"iam:DeleteUser\",\"iam:DeleteUserPermissionsBoundary\",\"iam:CreateOpenIDConnectProvider\",\"iam:UploadServerCertificate\",\"iam:CreatePolicy\",\"iam:DeleteVirtualMFADevice\",\"iam:AttachGroupPolicy\",\"iam:PutUserPolicy\",\"iam:UpdateRole\",\"iam:UpdateSigningCertificate\",\"iam:DeleteGroupPolicy\",\"iam:AddClientIDToOpenIDConnectProvider\",\"iam:DeleteServiceSpecificCredential\",\"iam:DeletePolicyVersion\",\"iam:SetDefaultPolicyVersion\",\"iam:DeleteSAMLProvider\"]},{\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"autoscaling.amazonaws.com\",\"ec2scheduled.amazonaws.com\",\"elasticloadbalancing.amazonaws.com\",\"spot.amazonaws.com\",\"spotfleet.amazonaws.com\",\"transitgateway.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor1\"},{\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"eks.amazonaws.com\",\"eks-nodegroup.amazonaws.com\",\"eks-fargate.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor2\"},{\"Action\":\"iam:GetRole\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::704479110758:role/*\",\"Sid\":\"VisualEditor3\"},{\"Action\":[\"iam:CreateInstanceProfile\",\"iam:DeleteInstanceProfile\",\"iam:GetRole\",\"iam:GetInstanceProfile\",\"iam:TagRole\",\"iam:RemoveRoleFromInstanceProfile\",\"iam:CreateRole\",\"iam:DeleteRole\",\"iam:AttachRolePolicy\",\"iam:PutRolePolicy\",\"ssm:GetParameters\",\"iam:ListInstanceProfiles\",\"ssm:GetParameter\",\"iam:AddRoleToInstanceProfile\",\"iam:CreateOpenIDConnectProvider\",\"iam:ListInstanceProfilesForRole\",\"iam:PassRole\",\"iam:DetachRolePolicy\",\"iam:ListAttachedRolePolicies\",\"iam:DeleteRolePolicy\",\"iam:GetOpenIDConnectProvider\",\"iam:DeleteOpenIDConnectProvider\",\"iam:TagOpenIDConnectProvider\",\"iam:GetRolePolicy\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::704479110758:instance-profile/eksctl-*\",\"arn:aws:iam::704479110758:role/eksctl-*\",\"arn:aws:iam::704479110758:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup\",\"arn:aws:iam::704479110758:role/eksctl-managed-*\",\"arn:aws:iam::704479110758:oidc-provider/*\",\"arn:aws:ssm:*:704479110758:parameter/aws/*\",\"arn:aws:ssm:*::parameter/aws/*\"],\"Sid\":\"VisualEditor4\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":41,\"IsAttachable\":true,\"PolicyId\":\"ANPA2IBR2EZTNDIPTXKMU\"},\"id\":[\"arn:aws:iam::704479110758:policy/Developers_eks\",\"ANPA2IBR2EZTNDIPTXKMU\"],\"name\":\"Developers_eks\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/devops-cluster-asg_inline_Policy\",\"ANPA2IBR2EZTD26GPSX5S\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/devops-cluster-asg_inline_Policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"autoscaling:DescribeAutoScalingGroups\",\"autoscaling:DescribeAutoScalingInstances\",\"autoscaling:DescribeLaunchConfigurations\",\"autoscaling:DescribeTags\",\"autoscaling:SetDesiredCapacity\",\"autoscaling:TerminateInstanceInAutoScalingGroup\",\"ec2:DescribeLaunchTemplateVersions\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}]},\"Description\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/devops-cluster-asg_inline_Policy\",\"CreateDate\":\"2021-06-10T11:09:40Z\",\"DefaultVersionId\":\"v1\",\"PolicyId\":\"ANPA2IBR2EZTD26GPSX5S\",\"roles\":null,\"AttachmentCount\":1,\"IsAttachable\":true,\"PolicyName\":\"devops-cluster-asg_inline_Policy\",\"Tags\":null,\"UpdateDate\":\"2021-06-10T11:09:40Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/devops-cluster-asg_inline_Policy\",\"ANPA2IBR2EZTD26GPSX5S\"],\"name\":\"devops-cluster-asg_inline_Policy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"\",\"Action\":[\"ec2:DescribeInternetGateways\",\"ec2:DescribeAccountAttributes\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/devops-eks-elb-sl-role-creation20210518163643135300000001\",\"CreateDate\":\"2021-05-18T16:36:43Z\",\"PolicyName\":\"devops-eks-elb-sl-role-creation20210518163643135300000001\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTMWZHXIV63\",\"Tags\":null,\"AttachmentCount\":1,\"DefaultVersionId\":\"v1\",\"Description\":null,\"IsAttachable\":true,\"UpdateDate\":\"2021-05-18T16:36:43Z\",\"roles\":null},\"id\":[\"arn:aws:iam::704479110758:policy/devops-eks-elb-sl-role-creation20210518163643135300000001\",\"ANPA2IBR2EZTMWZHXIV63\"],\"name\":\"devops-eks-elb-sl-role-creation20210518163643135300000001\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:iam::704479110758:policy/devops-eks-elb-sl-role-creation20210518163643135300000001\",\"ANPA2IBR2EZTMWZHXIV63\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/devops-eks-elb-sl-role-creation20210518163643135300000001\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/devops-ext_dns_Policy\",\"ANPA2IBR2EZTJCGEMDXIN\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/devops-ext_dns_Policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"devops-ext_dns_Policy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"Tags\":null,\"AttachmentCount\":1,\"CreateDate\":\"2021-06-10T11:24:38Z\",\"Path\":\"/\",\"UpdateDate\":\"2021-06-10T11:24:38Z\",\"roles\":null,\"PolicyName\":\"devops-ext_dns_Policy\",\"document\":{\"Statement\":[{\"Action\":[\"route53:GetHostedZone\",\"route53:ListHostedZonesByName\",\"route53:ListHostedZones\",\"route53:ListResourceRecordSets\",\"route53:GetHealthCheck\",\"ec2:DescribeVpcs\",\"ec2:DescribeRegions\",\"servicediscovery:List*\",\"servicediscovery:Get*\",\"servicediscovery:Discover*\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"route53:ChangeResourceRecordSets\",\"route53:DeleteHealthCheck\",\"route53:CreateHealthCheck\",\"route53:UpdateHealthCheck\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:route53:::hostedzone/Z01316592QMOD3MI8LOWX\",\"arn:aws:route53:::hostedzone/Z031518734KKU7UTSLN1H\"]},{\"Action\":[\"servicediscovery:*\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:servicediscovery:eu-west-1:704479110758:namespace/ns-cvmsf6jxseua4mah\"]},{\"Action\":[\"servicediscovery:RegisterInstance\",\"servicediscovery:DeregisterInstance\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:servicediscovery:eu-west-1:704479110758:service/*\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/devops-ext_dns_Policy\",\"Description\":null,\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTJCGEMDXIN\"},\"id\":[\"arn:aws:iam::704479110758:policy/devops-ext_dns_Policy\",\"ANPA2IBR2EZTJCGEMDXIN\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"ec2:CreateAction\":[\"CreateVolume\",\"CreateSnapshot\"]}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeName\":\"*\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"aws:RequestTag/kubernetes.io/cluster/*\":\"owned\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}}},{\"condition\":{\"StringLike\":{\"ec2:ResourceTag/CSIVolumeName\":\"*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/kubernetes.io/cluster/*\":\"owned\"}}},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/CSIVolumeSnapshotName\":\"*\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}}}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/ebs-csi-driver-policy20221227112505485700000001\",\"ANPA2IBR2EZTH7XWPFQIZ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/ebs-csi-driver-policy20221227112505485700000001\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2022-12-27T11:25:06Z\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:CreateSnapshot\",\"ec2:AttachVolume\",\"ec2:DetachVolume\",\"ec2:ModifyVolume\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeInstances\",\"ec2:DescribeSnapshots\",\"ec2:DescribeTags\",\"ec2:DescribeVolumes\",\"ec2:DescribeVolumesModifications\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":[\"CreateVolume\",\"CreateSnapshot\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"],\"Action\":[\"ec2:CreateTags\"]},{\"Action\":[\"ec2:DeleteTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"]},{\"Condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ec2:CreateVolume\"]},{\"Action\":[\"ec2:CreateVolume\"],\"Condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:CreateVolume\"],\"Condition\":{\"StringLike\":{\"aws:RequestTag/kubernetes.io/cluster/*\":\"owned\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:DeleteVolume\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:DeleteVolume\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/CSIVolumeName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:DeleteVolume\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/kubernetes.io/cluster/*\":\"owned\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:DeleteSnapshot\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/CSIVolumeSnapshotName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ec2:DeleteSnapshot\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}}}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"DefaultVersionId\":\"v1\",\"Description\":null,\"IsAttachable\":true,\"PolicyId\":\"ANPA2IBR2EZTH7XWPFQIZ\",\"Tags\":null,\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/ebs-csi-driver-policy20221227112505485700000001\",\"PolicyName\":\"ebs-csi-driver-policy20221227112505485700000001\",\"CreateDate\":\"2022-12-27T11:25:06Z\",\"Path\":\"/\"},\"id\":[\"arn:aws:iam::704479110758:policy/ebs-csi-driver-policy20221227112505485700000001\",\"ANPA2IBR2EZTH7XWPFQIZ\"],\"name\":\"ebs-csi-driver-policy20221227112505485700000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v11\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"ECR-eu-west-1-management\",\"Tags\":null,\"CreateDate\":\"2020-08-30T10:13:02Z\",\"Description\":null,\"PolicyId\":\"ANPA2IBR2EZTHEBSAMEL4\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/ECR-eu-west-1-management\",\"UpdateDate\":\"2022-02-07T10:06:39Z\",\"IsAttachable\":true,\"Path\":\"/\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor0\",\"Action\":[\"ecs:RegisterTaskDefinition\",\"ecs:DescribeTaskDefinition\"]},{\"Action\":[\"ecr:GetDownloadUrlForLayer\",\"ecr:UploadLayerPart\",\"ecr:ListImages\",\"ecr:PutImage\",\"ecs:UpdateService\",\"iam:PassRole\",\"ecr:BatchGetImage\",\"ecr:CompleteLayerUpload\",\"ecr:DescribeImages\",\"ecr:DescribeRepositories\",\"ecs:DescribeServices\",\"ecr:InitiateLayerUpload\",\"ecr:BatchCheckLayerAvailability\",\"ecr:GetRepositoryPolicy\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::704479110758:role/*\",\"arn:aws:ecr:*:704479110758:repository/*\",\"arn:aws:ecs:*:704479110758:service/*\"],\"Sid\":\"VisualEditor1\"},{\"Resource\":\"*\",\"Sid\":\"VisualEditor2\",\"Action\":\"ecr:GetAuthorizationToken\",\"Effect\":\"Allow\"},{\"Action\":\"ecr:*\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ecr:*:704479110758:repository/*\",\"Sid\":\"VisualEditor3\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1},\"id\":[\"arn:aws:iam::704479110758:policy/ECR-eu-west-1-management\",\"ANPA2IBR2EZTHEBSAMEL4\"],\"name\":\"ECR-eu-west-1-management\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor1\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor2\",\"effect\":\"Allow\",\"action\":[\"ecr:GetAuthorizationToken\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor3\",\"effect\":\"Allow\",\"action\":[\"ecr:*\"],\"resource\":[\"arn:aws:ecr:*:704479110758:repository/*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/ECR-eu-west-1-management\",\"ANPA2IBR2EZTHEBSAMEL4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/ECR-eu-west-1-management\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/ecs-exec\",\"ANPA2IBR2EZTGOHGILTFS\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/ecs-exec\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:policy/ecs-exec\",\"CreateDate\":\"2021-04-04T06:50:04Z\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"ecs-exec\",\"AttachmentCount\":2,\"DefaultVersionId\":\"v1\",\"document\":{\"Statement\":[{\"Action\":[\"ssmmessages:CreateControlChannel\",\"ssmmessages:CreateDataChannel\",\"ssmmessages:OpenControlChannel\",\"ssmmessages:OpenDataChannel\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"IsAttachable\":true,\"PolicyId\":\"ANPA2IBR2EZTGOHGILTFS\",\"UpdateDate\":\"2021-04-04T06:50:04Z\",\"Description\":null,\"Path\":\"/\",\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:policy/ecs-exec\",\"ANPA2IBR2EZTGOHGILTFS\"],\"name\":\"ecs-exec\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v3\",\"Tags\":null,\"roles\":null,\"AttachmentCount\":4,\"CreateDate\":\"2022-07-19T10:41:02Z\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTPVNWVVABA\",\"Path\":\"/\",\"PolicyName\":\"EKS-FullAccess\",\"document\":{\"Statement\":[{\"Action\":[\"logs:ListTagsLogGroup\",\"logs:GetDataProtectionPolicy\",\"logs:GetLogRecord\",\"logs:DescribeLogStreams\",\"logs:DescribeSubscriptionFilters\",\"logs:StartQuery\",\"logs:DescribeMetricFilters\",\"logs:GetLogDelivery\",\"logs:ListLogDeliveries\",\"logs:GetLogEvents\",\"kms:DescribeKey\",\"logs:FilterLogEvents\",\"logs:DescribeQueryDefinitions\",\"logs:DescribeResourcePolicies\",\"kms:CreateGrant\",\"logs:DescribeDestinations\",\"logs:DescribeQueries\",\"logs:DescribeLogGroups\",\"logs:DeleteLogGroup\",\"logs:Unmask\",\"logs:StopQuery\",\"logs:TestMetricFilter\",\"logs:CreateLogGroup\",\"logs:ListTagsForResource\",\"logs:DescribeExportTasks\",\"logs:GetQueryResults\",\"logs:PutRetentionPolicy\",\"logs:GetLogGroupFields\",\"eks:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor0\"},{\"Sid\":\"VisualEditor1\",\"Action\":[\"ssm:GetParameters\",\"ssm:GetParameter\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ssm:*:*:parameter/aws/*\",\"arn:aws:ssm:*::parameter/aws/*\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/EKS-FullAccess\",\"IsAttachable\":true,\"UpdateDate\":\"2022-12-22T13:06:55Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/EKS-FullAccess\",\"ANPA2IBR2EZTPVNWVVABA\"],\"name\":\"EKS-FullAccess\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor1\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/EKS-FullAccess\",\"ANPA2IBR2EZTPVNWVVABA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/EKS-FullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/EKS_ReadAccess\",\"ANPA2IBR2EZTHJXIZ7JSL\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/EKS_ReadAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":30,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"DefaultVersionId\":\"v1\",\"Description\":null,\"IsAttachable\":true,\"UpdateDate\":\"2021-06-06T00:24:07Z\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor0\",\"Action\":[\"eks:ListNodegroups\",\"eks:DescribeFargateProfile\",\"eks:ListTagsForResource\",\"eks:ListAddons\",\"eks:DescribeAddon\",\"eks:ListFargateProfiles\",\"eks:DescribeNodegroup\",\"eks:DescribeIdentityProviderConfig\",\"eks:ListUpdates\",\"eks:DescribeUpdate\",\"eks:AccessKubernetesApi\",\"eks:DescribeCluster\",\"eks:ListClusters\",\"eks:DescribeAddonVersions\",\"eks:ListIdentityProviderConfigs\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/EKS_ReadAccess\",\"CreateDate\":\"2021-06-06T00:24:07Z\",\"PolicyId\":\"ANPA2IBR2EZTHJXIZ7JSL\",\"PolicyName\":\"EKS_ReadAccess\",\"roles\":null},\"id\":[\"arn:aws:iam::704479110758:policy/EKS_ReadAccess\",\"ANPA2IBR2EZTHJXIZ7JSL\"],\"name\":\"EKS_ReadAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"ANPA2IBR2EZTK6KJXLRMP\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/es-dev-readonly\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"Path\":\"/\",\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Sid\":\"VisualEditor0\",\"Action\":[\"es:DescribeReservedElasticsearchInstanceOfferings\",\"es:ListElasticsearchInstanceTypeDetails\",\"es:ESHttpGet\",\"es:ListTags\",\"es:DescribeElasticsearchDomainConfig\",\"es:GetUpgradeHistory\",\"es:ESCrossClusterGet\",\"es:DescribeInboundCrossClusterSearchConnections\",\"es:DescribeReservedElasticsearchInstances\",\"es:ESHttpHead\",\"es:ListDomainNames\",\"es:DescribeElasticsearchDomain\",\"es:GetCompatibleElasticsearchVersions\",\"es:GetUpgradeStatus\",\"es:DescribeElasticsearchDomains\",\"es:ListElasticsearchInstanceTypes\",\"es:DescribeOutboundCrossClusterSearchConnections\",\"es:ListElasticsearchVersions\",\"es:DescribeElasticsearchInstanceTypeLimits\"],\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":8,\"PolicyName\":\"es-dev-readonly\",\"UpdateDate\":\"2021-04-06T13:06:23Z\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"CreateDate\":\"2021-04-06T13:06:23Z\",\"PolicyId\":\"ANPA2IBR2EZTK6KJXLRMP\"},\"id\":[\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"ANPA2IBR2EZTK6KJXLRMP\"],\"name\":\"es-dev-readonly\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/ext_dns_devops_test\",\"ANPA2IBR2EZTJQZRFVQQQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/ext_dns_devops_test\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"DefaultVersionId\":\"v3\",\"IsAttachable\":true,\"PolicyId\":\"ANPA2IBR2EZTJQZRFVQQQ\",\"PolicyName\":\"ext_dns_devops_test\",\"Description\":null,\"Path\":\"/\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/ext_dns_devops_test\",\"CreateDate\":\"2021-06-02T08:00:33Z\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"UpdateDate\":\"2021-06-02T14:57:35Z\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"route53:GetHostedZone\",\"route53:ListHostedZonesByName\",\"route53:ListHostedZones\",\"route53:ListResourceRecordSets\",\"route53:GetHealthCheck\",\"ec2:DescribeVpcs\",\"ec2:DescribeRegions\",\"servicediscovery:List*\",\"servicediscovery:Get*\",\"servicediscovery:Discover*\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:route53:::hostedzone/Z01316592QMOD3MI8LOWX\",\"arn:aws:route53:::hostedzone/Z031518734KKU7UTSLN1H\"],\"Action\":[\"route53:ChangeResourceRecordSets\",\"route53:DeleteHealthCheck\",\"route53:CreateHealthCheck\",\"route53:UpdateHealthCheck\"]},{\"Action\":[\"servicediscovery:*\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:servicediscovery:eu-west-1:704479110758:namespace/ns-cvmsf6jxseua4mah\"]},{\"Action\":[\"servicediscovery:RegisterInstance\",\"servicediscovery:DeregisterInstance\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:servicediscovery:eu-west-1:704479110758:service/*\"]}]}},\"id\":[\"arn:aws:iam::704479110758:policy/ext_dns_devops_test\",\"ANPA2IBR2EZTJQZRFVQQQ\"],\"name\":\"ext_dns_devops_test\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/eyal-cc-policy\",\"ANPA2IBR2EZTKOU4WL7KB\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/eyal-cc-policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"CreateDate\":\"2022-12-04T13:39:30Z\",\"IsAttachable\":true,\"Tags\":null,\"roles\":null,\"DefaultVersionId\":\"v1\",\"UpdateDate\":\"2022-12-04T13:39:30Z\",\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Sid\":\"VisualEditor0\",\"Action\":\"cloudwatch:*\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/eyal-cc-policy\",\"AttachmentCount\":1,\"Description\":null,\"Path\":\"/\",\"PolicyName\":\"eyal-cc-policy\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTKOU4WL7KB\"},\"id\":[\"arn:aws:iam::704479110758:policy/eyal-cc-policy\",\"ANPA2IBR2EZTKOU4WL7KB\"],\"name\":\"eyal-cc-policy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"action\":[\"cloudwatch:*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor1\",\"effect\":\"Allow\",\"action\":[\"es:*\"],\"resource\":[\"arn:aws:es:*:704479110758:domain/*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/FullElasticsearchAccessPolicy\",\"ANPA2IBR2EZTBOQIUQC5T\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/FullElasticsearchAccessPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"IsAttachable\":true,\"Path\":\"/\",\"PolicyName\":\"FullElasticsearchAccessPolicy\",\"Tags\":null,\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Sid\":\"VisualEditor0\",\"Action\":[\"es:DescribeReservedElasticsearchInstanceOfferings\",\"es:ListElasticsearchInstanceTypeDetails\",\"es:CreateElasticsearchServiceRole\",\"es:RejectInboundCrossClusterSearchConnection\",\"es:PurchaseReservedElasticsearchInstanceOffering\",\"es:DeleteElasticsearchServiceRole\",\"es:AcceptInboundCrossClusterSearchConnection\",\"es:DescribeInboundCrossClusterSearchConnections\",\"es:DescribeReservedElasticsearchInstances\",\"es:ListDomainNames\",\"es:DeleteInboundCrossClusterSearchConnection\",\"es:ListElasticsearchInstanceTypes\",\"es:DescribeOutboundCrossClusterSearchConnections\",\"es:ListElasticsearchVersions\",\"es:DescribeElasticsearchInstanceTypeLimits\",\"es:DeleteOutboundCrossClusterSearchConnection\"],\"Effect\":\"Allow\"},{\"Action\":\"es:*\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:es:*:704479110758:domain/*\",\"Sid\":\"VisualEditor1\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/FullElasticsearchAccessPolicy\",\"AttachmentCount\":2,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTBOQIUQC5T\",\"CreateDate\":\"2020-09-16T06:32:49Z\",\"Description\":null,\"roles\":null,\"DefaultVersionId\":\"v1\",\"UpdateDate\":\"2020-09-16T06:32:49Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/FullElasticsearchAccessPolicy\",\"ANPA2IBR2EZTBOQIUQC5T\"],\"name\":\"FullElasticsearchAccessPolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/gi_s3\",\"ANPA2IBR2EZTPIWWPDQBN\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/gi_s3\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:policy/gi_s3\",\"DefaultVersionId\":\"v2\",\"Description\":null,\"PolicyId\":\"ANPA2IBR2EZTPIWWPDQBN\",\"Tags\":null,\"roles\":null,\"Path\":\"/\",\"UpdateDate\":\"2022-07-09T13:03:43Z\",\"AttachmentCount\":2,\"CreateDate\":\"2022-07-09T12:22:43Z\",\"PermissionsBoundaryUsageCount\":0,\"IsAttachable\":true,\"PolicyName\":\"gi_s3\",\"document\":{\"Statement\":[{\"Action\":[\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::csp-allure-reports\"],\"Sid\":\"ListObjectsInBucket\"},{\"Action\":\"s3:*Object\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::csp-allure-reports/allure_reports/*\"],\"Sid\":\"AllObjectActions\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::704479110758:policy/gi_s3\",\"ANPA2IBR2EZTPIWWPDQBN\"],\"name\":\"gi_s3\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"ListObjectsInBucket\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"action\":[\"s3:*Object\"],\"version\":\"2012-10-17\",\"id\":\"AllObjectActions\"}],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/IamLimitedAccess\",\"ANPA2IBR2EZTBK3QLES4K\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/IamLimitedAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"CreateDate\":\"2022-07-19T10:43:10Z\",\"DefaultVersionId\":\"v2\",\"Description\":null,\"IsAttachable\":true,\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":[\"arn:aws:iam::*:instance-profile/eksctl-*\",\"arn:aws:iam::*:role/eksctl-*\",\"arn:aws:iam::*:policy/eksctl-*\",\"arn:aws:iam::*:oidc-provider/*\",\"arn:aws:iam::*:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup\",\"arn:aws:iam::*:role/eksctl-managed-*\"],\"Action\":[\"iam:CreateInstanceProfile\",\"iam:DeleteInstanceProfile\",\"iam:GetInstanceProfile\",\"iam:RemoveRoleFromInstanceProfile\",\"iam:GetRole\",\"iam:CreateRole\",\"iam:DeleteRole\",\"iam:AttachRolePolicy\",\"iam:PutRolePolicy\",\"iam:ListInstanceProfiles\",\"iam:ListRolePolicies\",\"iam:AddRoleToInstanceProfile\",\"iam:ListInstanceProfilesForRole\",\"iam:PassRole\",\"iam:DetachRolePolicy\",\"iam:DeleteRolePolicy\",\"iam:GetRolePolicy\",\"iam:GetOpenIDConnectProvider\",\"iam:CreateOpenIDConnectProvider\",\"iam:DeleteOpenIDConnectProvider\",\"iam:TagOpenIDConnectProvider\",\"iam:ListAttachedRolePolicies\",\"iam:TagRole\",\"iam:GetPolicy\",\"iam:CreatePolicy\",\"iam:DeletePolicy\",\"iam:ListPolicyVersions\"],\"Effect\":\"Allow\"},{\"Resource\":[\"arn:aws:iam::*:role/*\"],\"Action\":[\"iam:GetRole\"],\"Effect\":\"Allow\"},{\"Action\":[\"iam:CreateServiceLinkedRole\"],\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"eks.amazonaws.com\",\"eks-nodegroup.amazonaws.com\",\"eks-fargate.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"}]},\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/IamLimitedAccess\",\"UpdateDate\":\"2022-12-28T14:43:35Z\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"IamLimitedAccess\",\"Tags\":null,\"AttachmentCount\":1,\"PolicyId\":\"ANPA2IBR2EZTBK3QLES4K\"},\"id\":[\"arn:aws:iam::704479110758:policy/IamLimitedAccess\",\"ANPA2IBR2EZTBK3QLES4K\"],\"name\":\"IamLimitedAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"eks.amazonaws.com\",\"eks-nodegroup.amazonaws.com\",\"eks-fargate.amazonaws.com\"]}},\"version\":\"2012-10-17\"}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.361+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\",\"ANPA2IBR2EZTFZVQUN6KY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\",\"AttachmentCount\":8,\"CreateDate\":\"2021-02-24T13:52:46Z\",\"PermissionsBoundaryUsageCount\":0,\"Description\":null,\"IsAttachable\":true,\"Path\":\"/\",\"UpdateDate\":\"2021-02-24T13:52:46Z\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor0\",\"Action\":[\"iam:DeactivateMFADevice\",\"iam:DeleteVirtualMFADevice\",\"iam:EnableMFADevice\",\"iam:ResyncMFADevice\",\"iam:UntagMFADevice\",\"iam:TagMFADevice\",\"iam:CreateVirtualMFADevice\",\"iam:ListMFADevices\",\"iam:ListMFADeviceTags\",\"iam:ListVirtualMFADevices\"]}],\"Version\":\"2012-10-17\"},\"DefaultVersionId\":\"v1\",\"PolicyId\":\"ANPA2IBR2EZTFZVQUN6KY\",\"PolicyName\":\"IAM_ENABLE_MFA\"},\"id\":[\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\",\"ANPA2IBR2EZTFZVQUN6KY\"],\"name\":\"IAM_ENABLE_MFA\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor1\",\"effect\":\"Allow\",\"action\":[\"kms:*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/KMS-FullAccess\",\"ANPA2IBR2EZTBH5WEK4G7\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/KMS-FullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"AttachmentCount\":3,\"CreateDate\":\"2020-10-14T12:48:12Z\",\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Sid\":\"VisualEditor0\",\"Action\":[\"kms:DescribeCustomKeyStores\",\"kms:ListKeys\",\"kms:DeleteCustomKeyStore\",\"kms:GenerateRandom\",\"kms:UpdateCustomKeyStore\",\"kms:ListAliases\",\"kms:DisconnectCustomKeyStore\",\"kms:CreateKey\",\"kms:ConnectCustomKeyStore\",\"kms:CreateCustomKeyStore\"],\"Effect\":\"Allow\"},{\"Sid\":\"VisualEditor1\",\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:kms:*:704479110758:key/*\",\"arn:aws:kms:*:704479110758:alias/*\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::704479110758:policy/KMS-FullAccess\",\"Path\":\"/\",\"Tags\":null,\"roles\":null,\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTBH5WEK4G7\",\"PolicyName\":\"KMS-FullAccess\",\"UpdateDate\":\"2020-10-14T12:48:12Z\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:policy/KMS-FullAccess\",\"ANPA2IBR2EZTBH5WEK4G7\"],\"name\":\"KMS-FullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:sns:us-east-1:704479110758:cloud-trail-demo-sns\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/lambda-cloud-trail-policy\",\"ANPA2IBR2EZTARPB3YIEQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/lambda-cloud-trail-policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"lambda-cloud-trail-policy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:policy/lambda-cloud-trail-policy\",\"AttachmentCount\":1,\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2020-09-08T09:15:36Z\",\"CreateDate\":\"2020-09-08T08:49:56Z\",\"PolicyId\":\"ANPA2IBR2EZTARPB3YIEQ\",\"PolicyName\":\"lambda-cloud-trail-policy\",\"document\":{\"Statement\":[{\"Action\":[\"logs:*\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:*\"},{\"Action\":[\"s3:GetObject\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-704479110758-d741de63/*\"},{\"Action\":[\"sns:Publish\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:sns:us-east-1:704479110758:cloud-trail-demo-sns\"}],\"Version\":\"2012-10-17\"},\"DefaultVersionId\":\"v3\",\"IsAttachable\":true,\"Path\":\"/\",\"roles\":null,\"Description\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::704479110758:policy/lambda-cloud-trail-policy\",\"ANPA2IBR2EZTARPB3YIEQ\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/ManageOwnAccessKeys\",\"ANPA2IBR2EZTCS4JKLRSJ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/ManageOwnAccessKeys\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"AttachmentCount\":1,\"IsAttachable\":true,\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTCS4JKLRSJ\",\"document\":{\"Statement\":[{\"Sid\":\"VisualEditor0\",\"Action\":[\"iam:GetAccountPasswordPolicy\",\"iam:ListVirtualMFADevices\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"iam:GetUser\",\"iam:ChangePassword\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:user/${aws:username}\",\"Sid\":\"VisualEditor1\"},{\"Sid\":\"VisualEditor2\",\"Action\":[\"iam:DeleteAccessKey\",\"iam:UpdateAccessKey\",\"iam:CreateAccessKey\",\"iam:ListAccessKeys\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:user/${aws:username}\"},{\"Action\":[\"iam:UploadSigningCertificate\",\"iam:DeleteSigningCertificate\",\"iam:UpdateSigningCertificate\",\"iam:ListSigningCertificates\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:user/${aws:username}\",\"Sid\":\"VisualEditor3\"},{\"Action\":[\"iam:ListSSHPublicKeys\",\"iam:GetSSHPublicKey\",\"iam:UploadSSHPublicKey\",\"iam:DeleteSSHPublicKey\",\"iam:UpdateSSHPublicKey\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:user/${aws:username}\",\"Sid\":\"VisualEditor4\"},{\"Resource\":\"arn:aws:iam::*:user/${aws:username}\",\"Sid\":\"VisualEditor5\",\"Action\":[\"iam:CreateServiceSpecificCredential\",\"iam:UpdateServiceSpecificCredential\",\"iam:ResetServiceSpecificCredential\",\"iam:ListServiceSpecificCredentials\",\"iam:DeleteServiceSpecificCredential\"],\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:iam::*:mfa/${aws:username}\",\"Sid\":\"VisualEditor6\",\"Action\":[\"iam:DeleteVirtualMFADevice\",\"iam:CreateVirtualMFADevice\"],\"Effect\":\"Allow\"},{\"Action\":[\"iam:DeactivateMFADevice\",\"iam:EnableMFADevice\",\"iam:ResyncMFADevice\",\"iam:ListMFADevices\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:user/${aws:username}\",\"Sid\":\"VisualEditor7\"},{\"Action\":\"sts:GetFederationToken\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:sts::*:federated-user/${aws:username}\",\"Sid\":\"VisualEditor8\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/ManageOwnAccessKeys\",\"DefaultVersionId\":\"v5\",\"PermissionsBoundaryUsageCount\":0,\"CreateDate\":\"2020-07-29T11:24:46Z\",\"PolicyName\":\"ManageOwnAccessKeys\",\"Tags\":null,\"UpdateDate\":\"2022-07-31T09:29:47Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/ManageOwnAccessKeys\",\"ANPA2IBR2EZTCS4JKLRSJ\"],\"name\":\"ManageOwnAccessKeys\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"id\":\"VisualEditor1\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:user/${aws:username}\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor2\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:user/${aws:username}\"]},{\"id\":\"VisualEditor3\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:user/${aws:username}\"],\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:user/${aws:username}\"],\"version\":\"2012-10-17\",\"id\":\"VisualEditor4\"},{\"id\":\"VisualEditor5\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:user/${aws:username}\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor6\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:mfa/${aws:username}\"]},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor7\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:user/${aws:username}\"]},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor8\",\"effect\":\"Allow\",\"action\":[\"sts:GetFederationToken\"],\"resource\":[\"arn:aws:sts::*:federated-user/${aws:username}\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/*\"]},{\"resource\":[\"arn:aws:sns:eu-west-1:704479110758:opa-cloud-trail-demo.fifo\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/opa-cloud-trail-demo-policy\",\"ANPA2IBR2EZTMXZCJYUH4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/opa-cloud-trail-demo-policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Action\":[\"logs:*\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:*\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::aws-cloudtrail-logs-opa-demo/*\",\"Action\":[\"s3:GetObject\"]},{\"Action\":[\"sns:Publish\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:sns:eu-west-1:704479110758:opa-cloud-trail-demo.fifo\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/opa-cloud-trail-demo-policy\",\"CreateDate\":\"2021-06-23T09:50:56Z\",\"DefaultVersionId\":\"v1\",\"PolicyId\":\"ANPA2IBR2EZTMXZCJYUH4\",\"PolicyName\":\"opa-cloud-trail-demo-policy\",\"AttachmentCount\":1,\"Tags\":null,\"UpdateDate\":\"2021-06-23T09:50:56Z\",\"IsAttachable\":true},\"id\":[\"arn:aws:iam::704479110758:policy/opa-cloud-trail-demo-policy\",\"ANPA2IBR2EZTMXZCJYUH4\"],\"name\":\"opa-cloud-trail-demo-policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"name\":\"poc-cluster-asg_inline_Policy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"document\":{\"Statement\":[{\"Action\":[\"autoscaling:DescribeAutoScalingGroups\",\"autoscaling:DescribeAutoScalingInstances\",\"autoscaling:DescribeLaunchConfigurations\",\"autoscaling:DescribeTags\",\"autoscaling:SetDesiredCapacity\",\"autoscaling:TerminateInstanceInAutoScalingGroup\",\"ec2:DescribeLaunchTemplateVersions\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"CreateDate\":\"2021-07-11T07:55:19Z\",\"IsAttachable\":true,\"PolicyName\":\"poc-cluster-asg_inline_Policy\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/poc-cluster-asg_inline_Policy\",\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTFOOYS63R2\",\"Tags\":null,\"DefaultVersionId\":\"v1\",\"UpdateDate\":\"2021-07-11T07:55:19Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/poc-cluster-asg_inline_Policy\",\"ANPA2IBR2EZTFOOYS63R2\"]},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/poc-cluster-asg_inline_Policy\",\"ANPA2IBR2EZTFOOYS63R2\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/poc-cluster-asg_inline_Policy\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/poc-eks-elb-sl-role-creation20210523164253545300000001\",\"ANPA2IBR2EZTINMLRXM3H\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/poc-eks-elb-sl-role-creation20210523164253545300000001\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"document\":{\"Statement\":[{\"Sid\":\"\",\"Action\":[\"ec2:DescribeInternetGateways\",\"ec2:DescribeAccountAttributes\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Description\":null,\"PolicyId\":\"ANPA2IBR2EZTINMLRXM3H\",\"UpdateDate\":\"2021-05-23T16:42:54Z\",\"Arn\":\"arn:aws:iam::704479110758:policy/poc-eks-elb-sl-role-creation20210523164253545300000001\",\"DefaultVersionId\":\"v1\",\"PolicyName\":\"poc-eks-elb-sl-role-creation20210523164253545300000001\",\"AttachmentCount\":1,\"CreateDate\":\"2021-05-23T16:42:54Z\",\"IsAttachable\":true,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::704479110758:policy/poc-eks-elb-sl-role-creation20210523164253545300000001\",\"ANPA2IBR2EZTINMLRXM3H\"],\"name\":\"poc-eks-elb-sl-role-creation20210523164253545300000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/poc-ext_dns_Policy\",\"ANPA2IBR2EZTJFOGGZMFM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/poc-ext_dns_Policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"UpdateDate\":\"2021-07-11T07:55:20Z\",\"AttachmentCount\":1,\"Path\":\"/\",\"Arn\":\"arn:aws:iam::704479110758:policy/poc-ext_dns_Policy\",\"Description\":null,\"IsAttachable\":true,\"PolicyName\":\"poc-ext_dns_Policy\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"route53:GetHostedZone\",\"route53:ListHostedZonesByName\",\"route53:ListHostedZones\",\"route53:ListResourceRecordSets\",\"route53:GetHealthCheck\",\"ec2:DescribeVpcs\",\"ec2:DescribeRegions\",\"servicediscovery:List*\",\"servicediscovery:Get*\",\"servicediscovery:Discover*\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Resource\":[\"arn:aws:route53:::hostedzone/Z055054938P6V4M513ZQ5\",\"arn:aws:route53:::hostedzone/Z0204016RQJ07XD9TD9P\"],\"Action\":[\"route53:ChangeResourceRecordSets\",\"route53:DeleteHealthCheck\",\"route53:CreateHealthCheck\",\"route53:UpdateHealthCheck\"],\"Effect\":\"Allow\"},{\"Action\":[\"servicediscovery:*\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:servicediscovery:eu-west-1:704479110758:namespace/ns-5enxybbl4mgoenq3\"]},{\"Action\":[\"servicediscovery:RegisterInstance\",\"servicediscovery:DeregisterInstance\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:servicediscovery:eu-west-1:704479110758:service/*\"]}],\"Version\":\"2012-10-17\"},\"CreateDate\":\"2021-07-11T07:55:20Z\",\"DefaultVersionId\":\"v1\",\"roles\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTJFOGGZMFM\"},\"id\":[\"arn:aws:iam::704479110758:policy/poc-ext_dns_Policy\",\"ANPA2IBR2EZTJFOGGZMFM\"],\"name\":\"poc-ext_dns_Policy\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/prisma_cloud_1-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"ANPA2IBR2EZTPM4INGCGY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/prisma_cloud_1-1121575680308690944-PrismaCloudRole-1121575680308690944\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"prisma_cloud_1-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PolicyName\":\"prisma_cloud_1-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"Arn\":\"arn:aws:iam::704479110758:policy/prisma_cloud_1-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"Path\":\"/\",\"document\":{\"Statement\":[{\"Action\":[\"logs:GetLogEvents\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"PrismaCloudFlowlogs1\"},{\"Resource\":\"*\",\"Sid\":\"PrismaCloudAuditEventsCloudTrail1\",\"Action\":[\"cloudtrail:LookupEvents\"],\"Effect\":\"Allow\"},{\"Action\":[\"s3:GetObject\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::elasticbeanstalk-*/*\",\"Sid\":\"PrismaCloudElasticBeanstalk5\"},{\"Action\":[\"guardduty:GetDetector\",\"guardduty:GetFindings\",\"guardduty:ListDetectors\",\"guardduty:ListFindings\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"PrismaCloudGuardduty1\"},{\"Action\":[\"cloudtrail:DescribeTrails\",\"cloudtrail:GetEventSelectors\",\"cloudtrail:GetTrailStatus\",\"ec2:DescribeRegions\",\"events:DescribeApiDestination\",\"events:DescribeConnection\",\"events:DescribeRule\",\"events:ListTargetsByRule\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"PrismaCloudEBRuleStatusPermissions2\"},{\"Sid\":\"PrismaCloudInspector1\",\"Action\":[\"inspector:DescribeAssessmentTemplates\",\"inspector:DescribeFindings\",\"inspector:DescribeRulesPackages\",\"inspector:ListAssessmentRunAgents\",\"inspector:ListAssessmentRuns\",\"inspector:ListAssessmentTemplates\",\"inspector:ListFindings\",\"inspector:ListRulesPackages\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"events:DeleteRule\",\"events:DisableRule\",\"events:EnableRule\",\"events:PutRule\",\"events:RemoveTargets\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:events:*:704479110758:rule/prisma-cloud-eb-a-1121575680308690944-*\"],\"Sid\":\"PrismaCloudEBRuleManagementPermissions1\"},{\"Action\":[\"cloudformation:DescribeStackResources\",\"cloudformation:GetTemplate\",\"cloudformation:ListStacks\",\"ecr:BatchCheckLayerAvailability\",\"ecr:BatchGetImage\",\"ecr:BatchGetRepositoryScanningConfiguration\",\"ecr:DescribeImageReplicationStatus\",\"ecr:DescribeImageScanFindings\",\"ecr:DescribePullThroughCacheRules\",\"ecr:DescribeRegistry\",\"ecr:GetAuthorizationToken\",\"ecr:GetDownloadUrlForLayer\",\"ecr:GetLifecyclePolicyPreview\",\"ecr:GetRegistryPolicy\",\"ecr:ListImages\",\"lambda:GetEventSourceMapping\",\"lambda:GetFunction\",\"lambda:GetLayerVersion\",\"s3:ListBucket\",\"sns:GetSubscriptionAttributes\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"PrismaCloudBridgecrew1\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"Description\":null,\"PolicyId\":\"ANPA2IBR2EZTPM4INGCGY\",\"Tags\":null,\"CreateDate\":\"2024-04-19T21:56:14Z\",\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2024-04-19T21:56:14Z\",\"roles\":null},\"id\":[\"arn:aws:iam::704479110758:policy/prisma_cloud_1-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"ANPA2IBR2EZTPM4INGCGY\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"PrismaCloudFlowlogs1\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"PrismaCloudAuditEventsCloudTrail1\"},{\"version\":\"2012-10-17\",\"id\":\"PrismaCloudElasticBeanstalk5\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:s3:::elasticbeanstalk-*/*\"]},{\"id\":\"PrismaCloudGuardduty1\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"PrismaCloudEBRuleStatusPermissions2\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"PrismaCloudInspector1\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"PrismaCloudEBRuleManagementPermissions1\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"PrismaCloudBridgecrew1\",\"effect\":\"Allow\",\"resource\":[\"*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"PrismaCloudConfig4\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/prisma_cloud_2-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"ANPA2IBR2EZTN6OULWDTK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/prisma_cloud_2-1121575680308690944-PrismaCloudRole-1121575680308690944\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"Path\":\"/\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"sagemaker:ListUserProfiles\",\"secretsmanager:DescribeSecret\",\"secretsmanager:GetResourcePolicy\",\"secretsmanager:ListSecrets\",\"securityhub:DescribeHub\",\"securityhub:DescribeStandards\",\"securityhub:GetEnabledStandards\",\"serverlessrepo:GetApplicationPolicy\",\"serverlessrepo:ListApplications\",\"servicecatalog:ListApplications\",\"servicecatalog:ListAttributeGroups\",\"servicecatalog:ListPortfolios\",\"servicediscovery:ListNamespaces\",\"ses:GetIdentityDkimAttributes\",\"ses:GetIdentityPolicies\",\"ses:GetIdentityVerificationAttributes\",\"ses:ListIdentities\",\"ses:ListIdentityPolicies\",\"shield:DescribeDRTAccess\",\"shield:GetSubscriptionState\",\"shield:ListProtectionGroups\",\"shield:ListProtections\",\"shield:ListResourcesInProtectionGroup\",\"shield:ListTagsForResource\",\"sns:GetTopicAttributes\",\"sns:ListPlatformApplications\",\"sns:ListSubscriptions\",\"sns:ListTagsForResource\",\"sns:ListTopics\",\"sqs:GetQueueAttributes\",\"sqs:ListQueueTags\",\"sqs:ListQueues\",\"ssm:DescribeAssociation\",\"ssm:DescribeDocument\",\"ssm:DescribeDocumentPermission\",\"ssm:DescribeInstanceInformation\",\"ssm:DescribeParameters\",\"ssm:GetDocument\",\"ssm:GetInventory\",\"ssm:GetInventorySchema\",\"ssm:GetParameters\",\"ssm:ListAssociations\",\"ssm:ListDocuments\",\"ssm:ListInventoryEntries\",\"ssm:ListResourceComplianceSummaries\",\"ssm:ListTagsForResource\",\"sso:DescribePermissionSet\",\"sso:ListAccountAssignments\",\"sso:ListAccountsForProvisionedPermissionSet\",\"sso:ListInstances\",\"sso:ListPermissionSets\",\"states:DescribeStateMachine\",\"states:ListStateMachines\",\"states:ListTagsForResource\",\"storagegateway:DescribeCachediSCSIVolumes\",\"storagegateway:DescribeGatewayInformation\",\"storagegateway:DescribeNFSFileShares\",\"storagegateway:DescribeSMBFileShares\",\"storagegateway:DescribeSMBSettings\",\"storagegateway:DescribeTapes\",\"storagegateway:ListFileShares\",\"storagegateway:ListGateways\",\"storagegateway:ListTapes\",\"storagegateway:ListVolumes\",\"support:DescribeCases\",\"swf:ListDomains\",\"transcribe:ListLanguageModels\",\"transcribe:ListTagsForResource\",\"transfer:DescribeAccess\",\"transfer:DescribeSecurityPolicy\",\"transfer:DescribeServer\",\"transfer:DescribeUser\",\"transfer:ListAccesses\",\"transfer:ListServers\",\"transfer:ListUsers\",\"translate:GetTerminology\",\"translate:ListTerminologies\",\"waf-regional:GetIPSet\",\"waf-regional:GetLoggingConfiguration\",\"waf-regional:GetWebACL\",\"waf-regional:ListIPSets\",\"waf-regional:ListResourcesForWebACL\",\"waf-regional:ListTagsForResource\",\"waf-regional:ListWebACLs\",\"waf:GetIPSet\",\"waf:GetLoggingConfiguration\",\"waf:GetWebACL\",\"waf:ListIPSets\",\"waf:ListTagsForResource\",\"waf:ListWebACLs\",\"wafv2:GetIPSet\",\"wafv2:GetLoggingConfiguration\",\"wafv2:GetRuleGroup\",\"wafv2:GetWebACL\",\"wafv2:ListIPSets\",\"wafv2:ListResourcesForWebACL\",\"wafv2:ListRuleGroups\",\"wafv2:ListTagsForResource\",\"wafv2:ListWebACLs\",\"wellarchitected:GetWorkload\",\"wellarchitected:ListWorkloads\",\"workspaces:DescribeIpGroups\",\"workspaces:DescribeTags\",\"workspaces:DescribeWorkspaceBundles\",\"workspaces:DescribeWorkspaceDirectories\",\"workspaces:DescribeWorkspaces\",\"xray:GetEncryptionConfig\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"PrismaCloudConfig4\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"CreateDate\":\"2024-04-19T21:56:14Z\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTN6OULWDTK\",\"PolicyName\":\"prisma_cloud_2-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"Arn\":\"arn:aws:iam::704479110758:policy/prisma_cloud_2-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"AttachmentCount\":1,\"Description\":null,\"IsAttachable\":true,\"UpdateDate\":\"2024-04-19T21:56:14Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/prisma_cloud_2-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"ANPA2IBR2EZTN6OULWDTK\"],\"name\":\"prisma_cloud_2-1121575680308690944-PrismaCloudRole-1121575680308690944\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"PermissionsBoundaryUsageCount\":0,\"AttachmentCount\":1,\"CreateDate\":\"2024-04-19T21:56:14Z\",\"IsAttachable\":true,\"Tags\":null,\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/prisma_cloud_3-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"Description\":null,\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTGCKRXPHCD\",\"UpdateDate\":\"2024-04-19T21:56:14Z\",\"document\":{\"Statement\":[{\"Action\":[\"access-analyzer:GetAnalyzer\",\"access-analyzer:ListAnalyzers\",\"account:GetAlternateContact\",\"account:GetContactInformation\",\"acm-pca:GetPolicy\",\"acm-pca:ListCertificateAuthorities\",\"acm-pca:ListTags\",\"acm:DescribeCertificate\",\"acm:ListCertificates\",\"acm:ListTagsForCertificate\",\"airflow:GetEnvironment\",\"airflow:ListEnvironments\",\"amplify:ListApps\",\"apigateway:GET\",\"appflow:DescribeFlow\",\"appflow:ListFlows\",\"application-autoscaling:DescribeScalingPolicies\",\"appmesh:DescribeMesh\",\"appmesh:DescribeVirtualGateway\",\"appmesh:ListMeshes\",\"appmesh:ListTagsForResource\",\"appmesh:ListVirtualGateways\",\"apprunner:DescribeAutoScalingConfiguration\",\"apprunner:DescribeCustomDomains\",\"apprunner:DescribeService\",\"apprunner:ListAutoScalingConfigurations\",\"apprunner:ListServices\",\"apprunner:ListTagsForResource\",\"appstream:DescribeFleets\",\"appstream:DescribeImages\",\"appstream:DescribeStacks\",\"appstream:DescribeUsageReportSubscriptions\",\"appstream:ListTagsForResource\",\"appsync:GetGraphqlApi\",\"appsync:ListGraphqlApis\",\"aps:DescribeLoggingConfiguration\",\"aps:ListWorkspaces\",\"athena:GetWorkGroup\",\"athena:ListWorkGroups\",\"auditmanager:GetAssessment\",\"auditmanager:GetControl\",\"auditmanager:ListAssessments\",\"auditmanager:ListControls\",\"autoscaling:DescribeAutoScalingGroups\",\"autoscaling:DescribeLaunchConfigurations\",\"backup:GetBackupPlan\",\"backup:GetBackupVaultAccessPolicy\",\"backup:ListBackupPlans\",\"backup:ListBackupVaults\",\"backup:ListProtectedResources\",\"backup:ListTags\",\"batch:DescribeComputeEnvironments\",\"batch:DescribeJobDefinitions\",\"budgets:ViewBudget\",\"ce:GetCostAndUsage\",\"chime:GetVoiceConnectorLoggingConfiguration\",\"chime:ListVoiceConnectors\",\"cloud9:DescribeEnvironmentMemberships\",\"cloud9:DescribeEnvironments\",\"cloud9:ListEnvironments\",\"cloud9:ListTagsForResource\",\"cloudformation:DescribeStackResources\",\"cloudformation:DescribeStacks\",\"cloudformation:GetStackPolicy\",\"cloudformation:GetTemplate\",\"cloudformation:ListStackResources\",\"cloudformation:ListStacks\",\"cloudfront:GetDistribution\",\"cloudfront:GetDistributionConfig\",\"cloudfront:ListDistributions\",\"cloudfront:ListDistributionsByWebACLId\",\"cloudfront:ListOriginAccessControls\",\"cloudfront:ListTagsForResource\",\"cloudhsm:DescribeClusters\",\"cloudsearch:DescribeDomains\",\"cloudsearch:ListTags\",\"cloudtrail:DescribeTrails\",\"cloudtrail:GetEventSelectors\",\"cloudtrail:GetTrailStatus\",\"cloudtrail:ListTags\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:DescribeInsightRules\",\"cloudwatch:ListTagsForResource\",\"codeartifact:DescribeDomain\",\"codeartifact:DescribeRepository\",\"codeartifact:GetDomainPermissionsPolicy\",\"codeartifact:GetRepositoryPermissionsPolicy\",\"codeartifact:ListDomains\",\"codeartifact:ListRepositories\",\"codeartifact:ListTagsForResource\",\"codebuild:BatchGetProjects\",\"codebuild:ListProjects\",\"codebuild:ListSourceCredentials\",\"codecommit:GetApprovalRuleTemplate\",\"codecommit:GetRepository\",\"codecommit:ListApprovalRuleTemplates\",\"codecommit:ListRepositories\",\"codepipeline:GetPipeline\",\"codepipeline:ListPipelines\",\"codepipeline:ListTagsForResource\",\"codepipeline:ListWebhooks\",\"cognito-identity:DescribeIdentityPool\",\"cognito-identity:ListIdentityPools\",\"cognito-identity:ListTagsForResource\",\"cognito-idp:DescribeUserPool\",\"cognito-idp:ListResourcesForWebACL\",\"cognito-idp:ListTagsForResource\",\"cognito-idp:ListUserPools\",\"cognito-sync:ListIdentityPoolUsage\",\"comprehend:ListDocumentClassifierSummaries\",\"comprehend:ListDocumentClassifiers\",\"comprehend:ListEntitiesDetectionJobs\",\"comprehendmedical:ListEntitiesDetectionV2Jobs\",\"config:DescribeConfigRules\",\"config:DescribeConfigurationAggregators\",\"config:DescribeConfigurationRecorderStatus\",\"config:DescribeConfigurationRecorders\",\"config:DescribeDeliveryChannels\",\"config:GetComplianceDetailsByConfigRule\",\"config:ListTagsForResource\",\"connect:ListInstanceAttributes\",\"connect:ListInstanceStorageConfigs\",\"connect:ListInstances\",\"databrew:DescribeJob\",\"databrew:ListJobs\",\"datapipeline:DescribePipelines\",\"datapipeline:GetPipelineDefinition\",\"datapipeline:ListPipelines\",\"datasync:DescribeAgent\",\"datasync:DescribeLocationEfs\",\"datasync:DescribeLocationFsxLustre\",\"datasync:DescribeLocationFsxOntap\",\"datasync:DescribeLocationFsxOpenZfs\",\"datasync:DescribeLocationFsxWindows\",\"datasync:DescribeLocationHdfs\",\"datasync:DescribeLocationNfs\",\"datasync:DescribeLocationObjectStorage\",\"datasync:DescribeLocationS3\",\"datasync:DescribeLocationSmb\",\"datasync:DescribeTask\",\"datasync:DescribeTaskExecution\",\"datasync:ListAgents\",\"datasync:ListLocations\",\"datasync:ListTagsForResource\",\"datasync:ListTaskExecutions\",\"datasync:ListTasks\",\"dax:DescribeClusters\",\"dax:DescribeParameterGroups\",\"dax:DescribeParameters\",\"dax:ListTags\",\"devicefarm:ListProjects\",\"devops-guru:DescribeServiceIntegration\",\"directconnect:DescribeConnections\",\"directconnect:DescribeDirectConnectGateways\",\"directconnect:DescribeVirtualInterfaces\",\"dms:DescribeCertificates\",\"dms:DescribeEndpoints\",\"dms:DescribeReplicationInstances\",\"dms:ListTagsForResource\",\"drs:DescribeJobs\",\"drs:DescribeSourceServers\",\"ds:DescribeDirectories\",\"ds:ListTagsForResource\",\"dynamodb:DescribeContinuousBackups\",\"dynamodb:DescribeTable\",\"dynamodb:ListTables\",\"dynamodb:ListTagsOfResource\",\"ec2:DescribeAccountAttributes\",\"ec2:DescribeAddresses\",\"ec2:DescribeClientVpnAuthorizationRules\",\"ec2:DescribeClientVpnEndpoints\",\"ec2:DescribeCustomerGateways\",\"ec2:DescribeDhcpOptions\",\"ec2:DescribeFlowLogs\",\"ec2:DescribeImages\",\"ec2:DescribeInstanceAttribute\",\"ec2:DescribeInstanceStatus\",\"ec2:DescribeInstances\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeKeyPairs\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"PrismaCloudConfig1\"}],\"Version\":\"2012-10-17\"},\"PolicyName\":\"prisma_cloud_3-1121575680308690944-PrismaCloudRole-1121575680308690944\"},\"id\":[\"arn:aws:iam::704479110758:policy/prisma_cloud_3-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"ANPA2IBR2EZTGCKRXPHCD\"],\"name\":\"prisma_cloud_3-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"category\":\"identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"PrismaCloudConfig1\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/prisma_cloud_3-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"ANPA2IBR2EZTGCKRXPHCD\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/prisma_cloud_3-1121575680308690944-PrismaCloudRole-1121575680308690944\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/prisma_cloud_4-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"ANPA2IBR2EZTLV6APT7FP\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/prisma_cloud_4-1121575680308690944-PrismaCloudRole-1121575680308690944\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:policy/prisma_cloud_4-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"document\":{\"Statement\":[{\"Sid\":\"PrismaCloudConfig2\",\"Action\":[\"ec2:DescribeManagedPrefixLists\",\"ec2:DescribeNatGateways\",\"ec2:DescribeNetworkAcls\",\"ec2:DescribeNetworkInterfaceAttribute\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeRegions\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSnapshotAttribute\",\"ec2:DescribeSnapshots\",\"ec2:DescribeSubnets\",\"ec2:DescribeTags\",\"ec2:DescribeTrafficMirrorSessions\",\"ec2:DescribeTransitGatewayAttachments\",\"ec2:DescribeTransitGatewayRouteTables\",\"ec2:DescribeTransitGatewayVpcAttachments\",\"ec2:DescribeTransitGateways\",\"ec2:DescribeVolumes\",\"ec2:DescribeVpcEndpointConnectionNotifications\",\"ec2:DescribeVpcEndpointServiceConfigurations\",\"ec2:DescribeVpcEndpointServicePermissions\",\"ec2:DescribeVpcEndpointServices\",\"ec2:DescribeVpcEndpoints\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpnConnections\",\"ec2:DescribeVpnGateways\",\"ec2:GetEbsEncryptionByDefault\",\"ec2:GetLaunchTemplateData\",\"ec2:GetManagedPrefixListEntries\",\"ec2:SearchTransitGatewayRoutes\",\"ecr-public:DescribeRepositories\",\"ecr-public:GetRepositoryCatalogData\",\"ecr-public:GetRepositoryPolicy\",\"ecr-public:ListTagsForResource\",\"ecr:DescribeImages\",\"ecr:DescribePullThroughCacheRules\",\"ecr:DescribeRegistry\",\"ecr:DescribeRepositories\",\"ecr:GetLifecyclePolicy\",\"ecr:GetRegistryPolicy\",\"ecr:GetRegistryScanningConfiguration\",\"ecr:GetRepositoryPolicy\",\"ecr:ListTagsForResource\",\"ecs:DescribeClusters\",\"ecs:DescribeContainerInstances\",\"ecs:DescribeServices\",\"ecs:DescribeTaskDefinition\",\"ecs:DescribeTasks\",\"ecs:ListClusters\",\"ecs:ListContainerInstances\",\"ecs:ListServices\",\"ecs:ListTagsForResource\",\"ecs:ListTaskDefinitions\",\"ecs:ListTasks\",\"eks:DescribeCluster\",\"eks:DescribeFargateProfile\",\"eks:DescribeNodegroup\",\"eks:ListClusters\",\"eks:ListFargateProfiles\",\"eks:ListNodegroups\",\"eks:ListTagsForResource\",\"elasticache:DescribeCacheClusters\",\"elasticache:DescribeCacheEngineVersions\",\"elasticache:DescribeCacheSubnetGroups\",\"elasticache:DescribeReplicationGroups\",\"elasticache:DescribeReservedCacheNodes\",\"elasticache:DescribeSnapshots\",\"elasticache:DescribeUsers\",\"elasticache:ListTagsForResource\",\"elasticbeanstalk:DescribeApplications\",\"elasticbeanstalk:DescribeConfigurationSettings\",\"elasticbeanstalk:DescribeEnvironmentResources\",\"elasticbeanstalk:DescribeEnvironments\",\"elasticbeanstalk:ListTagsForResource\",\"elasticfilesystem:DescribeAccessPoints\",\"elasticfilesystem:DescribeFileSystemPolicy\",\"elasticfilesystem:DescribeFileSystems\",\"elasticfilesystem:DescribeMountTargetSecurityGroups\",\"elasticfilesystem:DescribeMountTargets\",\"elasticfilesystem:DescribeTags\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeLoadBalancerPolicies\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeSSLPolicies\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticmapreduce:DescribeCluster\",\"elasticmapreduce:DescribeSecurityConfiguration\",\"elasticmapreduce:GetBlockPublicAccessConfiguration\",\"elasticmapreduce:ListClusters\",\"elasticmapreduce:ListInstances\",\"elasticmapreduce:ListSecurityConfigurations\",\"elastictranscoder:ListPipelines\",\"es:DescribeElasticsearchDomains\",\"es:ListDomainNames\",\"es:ListTags\",\"events:ListEventBuses\",\"events:ListRules\",\"events:ListTagsForResource\",\"events:ListTargetsByRule\",\"firehose:DescribeDeliveryStream\",\"firehose:ListDeliveryStreams\",\"firehose:ListTagsForDeliveryStream\",\"fms:GetAdminAccount\",\"fms:GetPolicy\",\"fms:ListComplianceStatus\",\"fms:ListPolicies\",\"forecast:DescribeAutoPredictor\",\"forecast:DescribeDataset\",\"forecast:DescribePredictor\",\"forecast:ListDatasets\",\"forecast:ListPredictors\",\"forecast:ListTagsForResource\",\"fsx:DescribeBackups\",\"fsx:DescribeFileSystems\",\"glacier:GetVaultAccessPolicy\",\"glacier:GetVaultLock\",\"glacier:ListTagsForVault\",\"glacier:ListVaults\",\"globalaccelerator:DescribeAcceleratorAttributes\",\"globalaccelerator:ListAccelerators\",\"globalaccelerator:ListTagsForResource\",\"glue:GetConnection\",\"glue:GetConnections\",\"glue:GetCrawler\",\"glue:GetDataCatalogEncryptionSettings\",\"glue:GetDatabases\",\"glue:GetJobs\",\"glue:GetSchema\",\"glue:GetSecurityConfigurations\",\"glue:ListCrawlers\",\"glue:ListSchemas\",\"grafana:DescribeWorkspace\",\"grafana:DescribeWorkspaceAuthentication\",\"grafana:ListWorkspaces\",\"greengrass:ListCoreDefinitions\",\"greengrass:ListGroups\",\"guardduty:DescribeOrganizationConfiguration\",\"guardduty:GetDetector\",\"guardduty:GetFindings\",\"guardduty:GetMasterAccount\",\"guardduty:ListDetectors\",\"guardduty:ListFindings\",\"iam:GenerateCredentialReport\",\"iam:GenerateServiceLastAccessedDetails\",\"iam:GetAccountAuthorizationDetails\",\"iam:GetAccountPasswordPolicy\",\"iam:GetAccountSummary\",\"iam:GetCredentialReport\",\"iam:GetGroupPolicy\",\"iam:GetOpenIDConnectProvider\",\"iam:GetPolicyVersion\",\"iam:GetRole\",\"iam:GetRolePolicy\",\"iam:GetSAMLProvider\",\"iam:GetServiceLastAccessedDetails\",\"iam:GetUserPolicy\",\"iam:ListAccessKeys\",\"iam:ListAttachedGroupPolicies\",\"iam:ListAttachedRolePolicies\",\"iam:ListAttachedUserPolicies\",\"iam:ListEntitiesForPolicy\",\"iam:ListGroupPolicies\",\"iam:ListGroups\",\"iam:ListGroupsForUser\",\"iam:ListInstanceProfilesForRole\",\"iam:ListMFADeviceTags\",\"iam:ListMFADevices\",\"iam:ListOpenIDConnectProviders\",\"iam:ListPolicies\",\"iam:ListPolicyTags\",\"iam:ListPolicyVersions\",\"iam:ListRolePolicies\",\"iam:ListRoleTags\",\"iam:ListRoles\",\"iam:ListSAMLProviderTags\",\"iam:ListSAMLProviders\",\"iam:ListSSHPublicKeys\",\"iam:ListServerCertificateTags\",\"iam:ListServerCertificates\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"Tags\":null,\"Description\":null,\"IsAttachable\":true,\"PolicyId\":\"ANPA2IBR2EZTLV6APT7FP\",\"PolicyName\":\"prisma_cloud_4-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"UpdateDate\":\"2024-04-19T21:56:14Z\",\"CreateDate\":\"2024-04-19T21:56:14Z\",\"DefaultVersionId\":\"v1\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"roles\":null},\"id\":[\"arn:aws:iam::704479110758:policy/prisma_cloud_4-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"ANPA2IBR2EZTLV6APT7FP\"],\"name\":\"prisma_cloud_4-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"PrismaCloudConfig2\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/prisma_cloud_5-1121575680308690944-PrismaCloudRole-1121575680308690944\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"Arn\":\"arn:aws:iam::704479110758:policy/prisma_cloud_5-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"PrismaCloudConfig3\",\"Action\":[\"iam:ListUserPolicies\",\"iam:ListUserTags\",\"iam:ListUsers\",\"iam:ListVirtualMFADevices\",\"identitystore:ListGroupMemberships\",\"identitystore:ListGroups\",\"identitystore:ListUsers\",\"imagebuilder:GetComponent\",\"imagebuilder:GetImagePipeline\",\"imagebuilder:GetImageRecipe\",\"imagebuilder:GetInfrastructureConfiguration\",\"imagebuilder:ListComponents\",\"imagebuilder:ListImagePipelines\",\"imagebuilder:ListImageRecipes\",\"imagebuilder:ListInfrastructureConfigurations\",\"inspector2:ListAccountPermissions\",\"inspector2:ListCoverage\",\"inspector2:ListFilters\",\"inspector2:ListFindings\",\"inspector:DescribeAssessmentTemplates\",\"inspector:DescribeFindings\",\"inspector:DescribeRulesPackages\",\"inspector:ListAssessmentRunAgents\",\"inspector:ListAssessmentRuns\",\"inspector:ListAssessmentTemplates\",\"inspector:ListFindings\",\"inspector:ListRulesPackages\",\"iot:DescribeAccountAuditConfiguration\",\"iot:DescribeDomainConfiguration\",\"iot:ListDomainConfigurations\",\"iot:ListTagsForResource\",\"iotanalytics:ListChannels\",\"iotanalytics:ListDatastores\",\"iotanalytics:ListTagsForResource\",\"iotevents:ListInputs\",\"iotfleetwise:ListSignalCatalogs\",\"kafka:ListClusters\",\"kendra:DescribeIndex\",\"kendra:ListTagsForResource\",\"kinesis:DescribeStream\",\"kinesis:ListStreams\",\"kinesis:ListTagsForStream\",\"kinesisanalytics:DescribeApplication\",\"kinesisanalytics:ListApplications\",\"kinesisanalytics:ListTagsForResource\",\"kinesisvideo:DescribeNotificationConfiguration\",\"kinesisvideo:ListStreams\",\"kinesisvideo:ListTagsForStream\",\"kms:DescribeKey\",\"kms:GetKeyPolicy\",\"kms:GetKeyRotationStatus\",\"kms:ListAliases\",\"kms:ListKeyPolicies\",\"kms:ListKeys\",\"kms:ListResourceTags\",\"lakeformation:GetDataLakeSettings\",\"lambda:GetFunctionUrlConfig\",\"lambda:GetLayerVersionPolicy\",\"lambda:GetPolicy\",\"lambda:ListCodeSigningConfigs\",\"lambda:ListFunctions\",\"lambda:ListLayerVersions\",\"lambda:ListLayers\",\"lambda:ListTags\",\"lex:DescribeBot\",\"lex:DescribeBotVersion\",\"lex:GetBot\",\"lex:GetBotVersions\",\"lex:GetBots\",\"lex:ListBotVersions\",\"lex:ListBots\",\"lex:ListTagsForResource\",\"lightsail:GetInstances\",\"logs:DescribeLogGroups\",\"logs:DescribeLogStreams\",\"logs:DescribeMetricFilters\",\"logs:DescribeSubscriptionFilters\",\"logs:GetLogEvents\",\"logs:ListTagsLogGroup\",\"lookoutequipment:ListDatasets\",\"lookoutmetrics:ListAnomalyDetectors\",\"lookoutvision:ListProjects\",\"macie2:GetClassificationExportConfiguration\",\"macie2:GetFindingsPublicationConfiguration\",\"macie2:GetMacieSession\",\"macie2:GetRevealConfiguration\",\"macie2:ListOrganizationAdminAccounts\",\"managedblockchain:ListNetworks\",\"mediastore:GetContainerPolicy\",\"mediastore:GetCorsPolicy\",\"mediastore:ListContainers\",\"mediastore:ListTagsForResource\",\"memorydb:DescribeClusters\",\"memorydb:DescribeParameterGroups\",\"memorydb:DescribeParameters\",\"memorydb:ListTags\",\"mgn:DescribeLaunchConfigurationTemplates\",\"mobiletargeting:GetApps\",\"mobiletargeting:GetEmailChannel\",\"mobiletargeting:GetSmsChannel\",\"mq:DescribeBroker\",\"mq:ListBrokers\",\"network-firewall:DescribeFirewall\",\"network-firewall:DescribeFirewallPolicy\",\"network-firewall:DescribeResourcePolicy\",\"network-firewall:ListFirewallPolicies\",\"network-firewall:ListFirewalls\",\"opsworks:DescribeUserProfiles\",\"organizations:DescribeAccount\",\"organizations:DescribeOrganization\",\"polly:DescribeVoices\",\"qldb:DescribeLedger\",\"qldb:ListLedgers\",\"qldb:ListTagsForResource\",\"quicksight:DescribeAccountSettings\",\"quicksight:ListDataSets\",\"quicksight:ListDataSources\",\"quicksight:ListTagsForResource\",\"ram:GetResourceShares\",\"ram:ListPrincipals\",\"ram:ListResources\",\"rds:DescribeDBClusterParameterGroups\",\"rds:DescribeDBClusterParameters\",\"rds:DescribeDBClusterSnapshotAttributes\",\"rds:DescribeDBClusterSnapshots\",\"rds:DescribeDBClusters\",\"rds:DescribeDBInstances\",\"rds:DescribeDBParameterGroups\",\"rds:DescribeDBParameters\",\"rds:DescribeDBSnapshotAttributes\",\"rds:DescribeDBSnapshots\",\"rds:DescribeEventSubscriptions\",\"rds:DescribeOptionGroups\",\"rds:ListTagsForResource\",\"redshift:DescribeClusterParameters\",\"redshift:DescribeClusters\",\"redshift:DescribeLoggingStatus\",\"resiliencehub:ListApps\",\"route53:GetDNSSEC\",\"route53:GetHealthCheck\",\"route53:ListHealthChecks\",\"route53:ListHostedZones\",\"route53:ListQueryLoggingConfigs\",\"route53:ListResourceRecordSets\",\"route53:ListTagsForResource\",\"route53domains:GetDomainDetail\",\"route53domains:ListDomains\",\"route53domains:ListTagsForDomain\",\"route53resolver:ListResolverQueryLogConfigAssociations\",\"route53resolver:ListResolverQueryLogConfigs\",\"route53resolver:ListTagsForResource\",\"s3:DescribeJob\",\"s3:GetAccessPoint\",\"s3:GetAccessPointPolicy\",\"s3:GetAccessPointPolicyStatus\",\"s3:GetAccountPublicAccessBlock\",\"s3:GetBucketAcl\",\"s3:GetBucketCORS\",\"s3:GetBucketLocation\",\"s3:GetBucketLogging\",\"s3:GetBucketOwnershipControls\",\"s3:GetBucketPolicy\",\"s3:GetBucketPolicyStatus\",\"s3:GetBucketPublicAccessBlock\",\"s3:GetBucketTagging\",\"s3:GetBucketVersioning\",\"s3:GetBucketWebsite\",\"s3:GetEncryptionConfiguration\",\"s3:GetJobTagging\",\"s3:GetLifecycleConfiguration\",\"s3:GetReplicationConfiguration\",\"s3:ListAccessPoints\",\"s3:ListAllMyBuckets\",\"s3:ListJobs\",\"sagemaker:DescribeCodeRepository\",\"sagemaker:DescribeDomain\",\"sagemaker:DescribeEndpoint\",\"sagemaker:DescribeEndpointConfig\",\"sagemaker:DescribeModel\",\"sagemaker:DescribeNotebookInstance\",\"sagemaker:DescribeProcessingJob\",\"sagemaker:DescribeTrainingJob\",\"sagemaker:DescribeUserProfile\",\"sagemaker:ListCodeRepositories\",\"sagemaker:ListDomains\",\"sagemaker:ListEndpointConfigs\",\"sagemaker:ListEndpoints\",\"sagemaker:ListModels\",\"sagemaker:ListNotebookInstances\",\"sagemaker:ListProcessingJobs\",\"sagemaker:ListTags\",\"sagemaker:ListTrainingJobs\"]}],\"Version\":\"2012-10-17\"},\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"CreateDate\":\"2024-04-19T21:56:14Z\",\"DefaultVersionId\":\"v1\",\"PolicyId\":\"ANPA2IBR2EZTL7LUFKPVO\",\"Tags\":null,\"UpdateDate\":\"2024-04-19T21:56:14Z\",\"roles\":null,\"AttachmentCount\":1,\"Path\":\"/\",\"IsAttachable\":true,\"PolicyName\":\"prisma_cloud_5-1121575680308690944-PrismaCloudRole-1121575680308690944\"},\"id\":[\"arn:aws:iam::704479110758:policy/prisma_cloud_5-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"ANPA2IBR2EZTL7LUFKPVO\"],\"name\":\"prisma_cloud_5-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"PrismaCloudConfig3\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/prisma_cloud_5-1121575680308690944-PrismaCloudRole-1121575680308690944\",\"ANPA2IBR2EZTL7LUFKPVO\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/qa-eks-elb-sl-role-creation20210519182911174800000001\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTP6CB7IMB2\",\"document\":{\"Statement\":[{\"Sid\":\"\",\"Action\":[\"ec2:DescribeInternetGateways\",\"ec2:DescribeAccountAttributes\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"CreateDate\":\"2021-05-19T18:29:11Z\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/qa-eks-elb-sl-role-creation20210519182911174800000001\",\"DefaultVersionId\":\"v1\",\"Tags\":null,\"UpdateDate\":\"2021-05-19T18:29:11Z\",\"IsAttachable\":true,\"PolicyName\":\"qa-eks-elb-sl-role-creation20210519182911174800000001\"},\"id\":[\"arn:aws:iam::704479110758:policy/qa-eks-elb-sl-role-creation20210519182911174800000001\",\"ANPA2IBR2EZTP6CB7IMB2\"],\"name\":\"qa-eks-elb-sl-role-creation20210519182911174800000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/qa-eks-elb-sl-role-creation20210519182911174800000001\",\"ANPA2IBR2EZTP6CB7IMB2\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"resource\":[\"arn:aws:es:*:704479110758:domain/*\"],\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"VisualEditor1\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/ReadOnlyElasticsearchAccessPolicy\",\"ANPA2IBR2EZTDDP45T6AV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/ReadOnlyElasticsearchAccessPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-09-17T13:12:42Z\",\"DefaultVersionId\":\"v1\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTDDP45T6AV\",\"AttachmentCount\":1,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/ReadOnlyElasticsearchAccessPolicy\",\"IsAttachable\":true,\"Path\":\"/\",\"PolicyName\":\"ReadOnlyElasticsearchAccessPolicy\",\"UpdateDate\":\"2020-09-17T13:12:42Z\",\"document\":{\"Statement\":[{\"Action\":[\"es:ESCrossClusterGet\",\"es:ESHttpHead\",\"es:DescribeElasticsearchDomain\",\"es:ESHttpGet\",\"es:GetCompatibleElasticsearchVersions\",\"es:ListTags\",\"es:GetUpgradeStatus\",\"es:DescribeElasticsearchDomainConfig\",\"es:DescribeElasticsearchDomains\",\"es:GetUpgradeHistory\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:es:*:704479110758:domain/*\",\"Sid\":\"VisualEditor0\"},{\"Sid\":\"VisualEditor1\",\"Action\":[\"es:DescribeReservedElasticsearchInstanceOfferings\",\"es:DescribeInboundCrossClusterSearchConnections\",\"es:DescribeReservedElasticsearchInstances\",\"es:ListDomainNames\",\"es:ListElasticsearchInstanceTypeDetails\",\"es:ListElasticsearchInstanceTypes\",\"es:DescribeOutboundCrossClusterSearchConnections\",\"es:DescribeElasticsearchInstanceTypeLimits\",\"es:ListElasticsearchVersions\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"roles\":null},\"id\":[\"arn:aws:iam::704479110758:policy/ReadOnlyElasticsearchAccessPolicy\",\"ANPA2IBR2EZTDDP45T6AV\"],\"name\":\"ReadOnlyElasticsearchAccessPolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/s3_access_policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"UpdateDate\":\"2024-10-30T12:23:30Z\",\"CreateDate\":\"2024-10-30T12:23:30Z\",\"PolicyId\":\"ANPA2IBR2EZTNDAIYTKDB\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"s3_access_policy\",\"AttachmentCount\":1,\"Path\":\"/\",\"Arn\":\"arn:aws:iam::704479110758:policy/s3_access_policy\",\"IsAttachable\":true,\"Tags\":null,\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObject\",\"s3:PutObject\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev\",\"arn:aws:s3:::aws-reinvent-demo-bedrock-logs-us-west-2.sit.estc.dev/*\"]}]},\"roles\":null,\"DefaultVersionId\":\"v1\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:policy/s3_access_policy\",\"ANPA2IBR2EZTNDAIYTKDB\"],\"name\":\"s3_access_policy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/s3_access_policy\",\"ANPA2IBR2EZTNDAIYTKDB\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"sqs:SendMessage\"],\"resource\":[\"arn:aws:sqs:us-west-2:704479110758:aws-reinvent-demo-bedrock-log-notifications\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/s3_to_sqs_policy\",\"ANPA2IBR2EZTGC3TJ6IBH\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/s3_to_sqs_policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"DefaultVersionId\":\"v1\",\"document\":{\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:sqs:us-west-2:704479110758:aws-reinvent-demo-bedrock-log-notifications\"}],\"Version\":\"2012-10-17\"},\"IsAttachable\":true,\"Tags\":null,\"UpdateDate\":\"2024-10-30T12:23:58Z\",\"CreateDate\":\"2024-10-30T12:23:58Z\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"s3_to_sqs_policy\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/s3_to_sqs_policy\",\"AttachmentCount\":1,\"Description\":null,\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTGC3TJ6IBH\"},\"id\":[\"arn:aws:iam::704479110758:policy/s3_to_sqs_policy\",\"ANPA2IBR2EZTGC3TJ6IBH\"],\"name\":\"s3_to_sqs_policy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"tags\":null,\"raw\":{\"PolicyName\":\"secrets_manager_read\",\"document\":{\"Statement\":[{\"Action\":[\"secretsmanager:GetRandomPassword\",\"secretsmanager:GetResourcePolicy\",\"secretsmanager:GetSecretValue\",\"secretsmanager:DescribeSecret\",\"secretsmanager:ListSecretVersionIds\",\"secretsmanager:ListSecrets\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor0\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"AttachmentCount\":1,\"Description\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/secrets_manager_read\",\"IsAttachable\":true,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTAEKLKOSWA\",\"Tags\":null,\"UpdateDate\":\"2021-06-08T16:34:02Z\",\"CreateDate\":\"2021-06-08T16:34:02Z\",\"DefaultVersionId\":\"v1\"},\"id\":[\"arn:aws:iam::704479110758:policy/secrets_manager_read\",\"ANPA2IBR2EZTAEKLKOSWA\"],\"name\":\"secrets_manager_read\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/secrets_manager_read\",\"ANPA2IBR2EZTAEKLKOSWA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/secrets_manager_read\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/SNS-full-access\",\"ANPA2IBR2EZTE7CEWRS6D\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/SNS-full-access\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":5,\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"Arn\":\"arn:aws:iam::704479110758:policy/SNS-full-access\",\"IsAttachable\":true,\"PolicyId\":\"ANPA2IBR2EZTE7CEWRS6D\",\"PolicyName\":\"SNS-full-access\",\"Tags\":null,\"DefaultVersionId\":\"v3\",\"roles\":null,\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor0\",\"Action\":[\"sns:*\",\"sqs:*\"]}],\"Version\":\"2012-10-17\"},\"Path\":\"/\",\"UpdateDate\":\"2020-08-16T11:44:39Z\",\"CreateDate\":\"2020-08-16T11:37:59Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/SNS-full-access\",\"ANPA2IBR2EZTE7CEWRS6D\"],\"name\":\"SNS-full-access\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:policy/StackSet-FinoutCostGuard-96925ea3-7d91-4973-af19-dd4601c4740e-FinoutMetricsReadOnlyPolicy-E9tkvgAZUP7l\",\"ANPA2IBR2EZTGY54Y4IMQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/StackSet-FinoutCostGuard-96925ea3-7d91-4973-af19-dd4601c4740e-FinoutMetricsReadOnlyPolicy-E9tkvgAZUP7l\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"PolicyId\":\"ANPA2IBR2EZTGY54Y4IMQ\",\"Tags\":null,\"CreateDate\":\"2024-08-29T17:14:54Z\",\"DefaultVersionId\":\"v1\",\"PolicyName\":\"StackSet-FinoutCostGuard-96925ea3-7d91-4973-af19-dd4601c4740e-FinoutMetricsReadOnlyPolicy-E9tkvgAZUP7l\",\"UpdateDate\":\"2024-08-29T17:14:54Z\",\"document\":{\"Statement\":[{\"Action\":[\"cloudwatch:ListMetrics\",\"cloudwatch:GetMetricData\",\"cloudwatch:GetMetricStatistics\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:DescribeVolumes\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"organizations:ListAccounts\",\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/StackSet-FinoutCostGuard-96925ea3-7d91-4973-af19-dd4601c4740e-FinoutMetricsReadOnlyPolicy-E9tkvgAZUP7l\",\"Description\":null,\"IsAttachable\":true,\"Path\":\"/\",\"AttachmentCount\":1,\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::704479110758:policy/StackSet-FinoutCostGuard-96925ea3-7d91-4973-af19-dd4601c4740e-FinoutMetricsReadOnlyPolicy-E9tkvgAZUP7l\",\"ANPA2IBR2EZTGY54Y4IMQ\"],\"name\":\"StackSet-FinoutCostGuard-96925ea3-7d91-4973-af19-dd4601c4740e-FinoutMetricsReadOnlyPolicy-E9tkvgAZUP7l\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"organizations:ListAccounts\"],\"resource\":[\"*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/temp_eks_iam_policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Resource\":\"*\",\"Action\":[\"iam:CreateInstanceProfile\",\"iam:DeleteInstanceProfile\",\"iam:GetInstanceProfile\",\"iam:RemoveRoleFromInstanceProfile\",\"iam:GetRole\",\"iam:CreateRole\",\"iam:DeleteRole\",\"iam:AttachRolePolicy\",\"iam:PutRolePolicy\",\"iam:ListInstanceProfiles\",\"iam:AddRoleToInstanceProfile\",\"iam:ListInstanceProfilesForRole\",\"iam:ListPolicies\",\"iam:PassRole\",\"iam:DetachRolePolicy\",\"iam:DeleteRolePolicy\",\"iam:GetRolePolicy\",\"iam:GetOpenIDConnectProvider\",\"iam:CreateOpenIDConnectProvider\",\"iam:DeleteOpenIDConnectProvider\",\"iam:TagOpenIDConnectProvider\",\"iam:ListAttachedRolePolicies\",\"iam:TagRole\",\"iam:GetPolicy\",\"iam:CreatePolicy\",\"iam:DeletePolicy\",\"iam:ListPolicyVersions\"],\"Effect\":\"Allow\"},{\"Resource\":[\"arn:aws:iam::*:role/*\"],\"Action\":[\"iam:GetRole\"],\"Effect\":\"Allow\"},{\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"eks.amazonaws.com\",\"eks-nodegroup.amazonaws.com\",\"eks-fargate.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"iam:CreateServiceLinkedRole\"]}]},\"CreateDate\":\"2022-07-31T08:47:57Z\",\"PolicyId\":\"ANPA2IBR2EZTFLUS4FOKA\",\"Description\":null,\"PolicyName\":\"temp_eks_iam_policy\",\"UpdateDate\":\"2022-07-31T09:43:15Z\",\"AttachmentCount\":1,\"DefaultVersionId\":\"v2\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/temp_eks_iam_policy\",\"IsAttachable\":true},\"id\":[\"arn:aws:iam::704479110758:policy/temp_eks_iam_policy\",\"ANPA2IBR2EZTFLUS4FOKA\"],\"name\":\"temp_eks_iam_policy\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"eks.amazonaws.com\",\"eks-nodegroup.amazonaws.com\",\"eks-fargate.amazonaws.com\"]}}}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/temp_eks_iam_policy\",\"ANPA2IBR2EZTFLUS4FOKA\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\"},{\"id\":\"VisualEditor1\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/terraform-deployment-policy\",\"ANPA2IBR2EZTOHAKVIWQT\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/terraform-deployment-policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"terraform-deployment-policy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-08-31T12:48:40Z\",\"DefaultVersionId\":\"v30\",\"Path\":\"/\",\"PolicyId\":\"ANPA2IBR2EZTOHAKVIWQT\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/terraform-deployment-policy\",\"AttachmentCount\":1,\"Description\":null,\"Tags\":null,\"UpdateDate\":\"2021-03-17T11:51:25Z\",\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:route53:::hostedzone/*\",\"arn:aws:route53:::change/*\"],\"Sid\":\"VisualEditor0\",\"Action\":[\"route53:GetChange\",\"route53:ListResourceRecordSets\",\"route53:ListTagsForResource\"]},{\"Action\":[\"logs:DeleteSubscriptionFilter\",\"logs:DescribeSubscriptionFilters\",\"logs:StartQuery\",\"s3:DeleteAccessPoint\",\"logs:DescribeMetricFilters\",\"iam:PutRolePolicy\",\"logs:ListLogDeliveries\",\"logs:TagLogGroup\",\"s3:DeleteJobTagging\",\"s3:PutLifecycleConfiguration\",\"cloudwatch:ListTagsForResource\",\"s3:PutObjectTagging\",\"logs:FilterLogEvents\",\"s3:DeleteObject\",\"logs:DescribeDestinations\",\"iam:GetRole\",\"s3:PutAccountPublicAccessBlock\",\"s3:GetBucketWebsite\",\"iam:GetPolicy\",\"s3:DeleteStorageLensConfigurationTagging\",\"iam:ListEntitiesForPolicy\",\"iam:DeleteRole\",\"s3:DeleteObjectVersionTagging\",\"s3:GetObjectLegalHold\",\"s3:GetBucketNotification\",\"s3:DeleteBucketPolicy\",\"s3:GetReplicationConfiguration\",\"s3:PutObject\",\"s3:PutBucketNotification\",\"s3:PutObjectVersionAcl\",\"events:ListTagsForResource\",\"logs:PutSubscriptionFilter\",\"s3:PutBucketObjectLockConfiguration\",\"s3:PutAccessPointPolicy\",\"iam:GetRolePolicy\",\"s3:GetStorageLensDashboard\",\"logs:ListTagsLogGroup\",\"s3:GetLifecycleConfiguration\",\"s3:GetBucketTagging\",\"s3:GetInventoryConfiguration\",\"iam:TagRole\",\"s3:ReplicateTags\",\"s3:ListBucket\",\"athena:*\",\"logs:DeleteLogStream\",\"logs:CreateExportTask\",\"iam:ListInstanceProfilesForRole\",\"logs:DeleteMetricFilter\",\"iam:PassRole\",\"s3:AbortMultipartUpload\",\"s3:PutBucketTagging\",\"iam:DeleteRolePolicy\",\"sts:DecodeAuthorizationMessage\",\"s3:UpdateJobPriority\",\"logs:DeleteLogDelivery\",\"logs:PutDestination\",\"s3:DeleteBucket\",\"s3:PutBucketVersioning\",\"elasticfilesystem:*\",\"logs:DisassociateKmsKey\",\"s3:ListBucketMultipartUploads\",\"logs:UntagLogGroup\",\"chatbot:*\",\"s3:PutMetricsConfiguration\",\"route53:ListHostedZones\",\"s3:PutStorageLensConfigurationTagging\",\"s3:PutObjectVersionTagging\",\"logs:TestMetricFilter\",\"s3:GetBucketVersioning\",\"s3:PutInventoryConfiguration\",\"iam:CreatePolicy\",\"s3:ObjectOwnerOverrideToBucketOwner\",\"s3:GetStorageLensConfiguration\",\"s3:DeleteStorageLensConfiguration\",\"s3:GetAccountPublicAccessBlock\",\"s3:PutBucketWebsite\",\"s3:ListAllMyBuckets\",\"s3:PutBucketRequestPayment\",\"servicediscovery:ListTagsForResource\",\"s3:PutObjectRetention\",\"s3:GetBucketCORS\",\"ecr:*\",\"s3:DeleteAccessPointPolicy\",\"logs:GetLogGroupFields\",\"s3:GetObjectVersion\",\"iam:UpdateAssumeRolePolicy\",\"iam:GetPolicyVersion\",\"logs:GetLogRecord\",\"s3:PutAnalyticsConfiguration\",\"s3:GetObjectVersionTagging\",\"s3:PutStorageLensConfiguration\",\"s3:CreateBucket\",\"iam:CreateRole\",\"iam:AttachRolePolicy\",\"s3:GetStorageLensConfigurationTagging\",\"s3:ReplicateObject\",\"s3:GetObjectAcl\",\"s3:GetBucketObjectLockConfiguration\",\"logs:CreateLogStream\",\"s3:DeleteBucketWebsite\",\"iam:DetachRolePolicy\",\"cloudwatch:UntagResource\",\"logs:CancelExportTask\",\"logs:DeleteRetentionPolicy\",\"logs:GetLogEvents\",\"s3:GetObjectVersionAcl\",\"s3:PutBucketAcl\",\"s3:HeadBucket\",\"s3:DeleteObjectTagging\",\"s3:GetBucketPolicyStatus\",\"s3:GetObjectRetention\",\"s3:GetJobTagging\",\"s3:ListJobs\",\"cloudformation:*\",\"logs:StopQuery\",\"s3:PutObjectLegalHold\",\"s3:PutBucketCORS\",\"logs:CreateLogGroup\",\"acm:ListTagsForCertificate\",\"s3:ListMultipartUploadParts\",\"logs:PutMetricFilter\",\"logs:CreateLogDelivery\",\"s3:GetObject\",\"logs:PutResourcePolicy\",\"logs:DescribeExportTasks\",\"logs:GetQueryResults\",\"acm:DescribeCertificate\",\"s3:DescribeJob\",\"s3:PutBucketLogging\",\"logs:UpdateLogDelivery\",\"s3:GetAnalyticsConfiguration\",\"s3:GetObjectVersionForReplication\",\"s3:CreateAccessPoint\",\"s3:GetAccessPoint\",\"s3:PutAccelerateConfiguration\",\"logs:DescribeLogStreams\",\"s3:DeleteObjectVersion\",\"s3:GetBucketLogging\",\"s3:ListBucketVersions\",\"s3:RestoreObject\",\"iam:DeletePolicy\",\"s3:GetAccelerateConfiguration\",\"logs:GetLogDelivery\",\"s3:GetBucketPolicy\",\"s3:PutEncryptionConfiguration\",\"s3:GetEncryptionConfiguration\",\"s3:GetObjectVersionTorrent\",\"logs:DeleteResourcePolicy\",\"s3:DeleteBucketOwnershipControls\",\"s3:GetBucketRequestPayment\",\"s3:GetAccessPointPolicyStatus\",\"s3:GetObjectTagging\",\"acm:ListCertificates\",\"logs:AssociateKmsKey\",\"s3:GetBucketOwnershipControls\",\"s3:GetMetricsConfiguration\",\"logs:DescribeResourcePolicies\",\"s3:PutObjectAcl\",\"logs:DescribeQueries\",\"s3:GetBucketPublicAccessBlock\",\"s3:PutBucketPublicAccessBlock\",\"logs:DescribeLogGroups\",\"logs:DeleteLogGroup\",\"s3:ListAccessPoints\",\"logs:PutDestinationPolicy\",\"s3:PutBucketOwnershipControls\",\"s3:PutJobTagging\",\"logs:DeleteDestination\",\"s3:UpdateJobStatus\",\"s3:GetBucketAcl\",\"logs:PutLogEvents\",\"s3:BypassGovernanceRetention\",\"s3:ListStorageLensConfigurations\",\"cloudwatch:TagResource\",\"events:TagResource\",\"s3:GetObjectTorrent\",\"iam:ListPolicyVersions\",\"lambda:*\",\"s3:PutBucketPolicy\",\"logs:PutRetentionPolicy\",\"s3:GetBucketLocation\",\"s3:GetAccessPointPolicy\",\"s3:ReplicateDelete\",\"iam:ListRolePolicies\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor1\"}],\"Version\":\"2012-10-17\"},\"IsAttachable\":true,\"PolicyName\":\"terraform-deployment-policy\"},\"id\":[\"arn:aws:iam::704479110758:policy/terraform-deployment-policy\",\"ANPA2IBR2EZTOHAKVIWQT\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"VisualEditor0\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/Terraform-eks\",\"ANPA2IBR2EZTMDSA736AM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/Terraform-eks\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PolicyId\":\"ANPA2IBR2EZTMDSA736AM\",\"Path\":\"/\",\"Description\":null,\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/Terraform-eks\",\"CreateDate\":\"2021-05-15T16:27:28Z\",\"roles\":null,\"AttachmentCount\":2,\"PolicyName\":\"Terraform-eks\",\"UpdateDate\":\"2022-02-01T14:15:46Z\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:CreateDhcpOptions\",\"ec2:AuthorizeSecurityGroupIngress\",\"iam:List*\",\"ec2:AttachInternetGateway\",\"iam:PutRolePolicy\",\"iam:AddRoleToInstanceProfile\",\"ec2:UpdateSecurityGroupRuleDescriptionsIngress\",\"ec2:DeleteRouteTable\",\"ec2:DeleteVpnGateway\",\"ec2:RevokeSecurityGroupEgress\",\"ec2:CreateRoute\",\"ec2:CreateInternetGateway\",\"ec2:DeleteInternetGateway\",\"iam:DeleteOpenIDConnectProvider\",\"autoscaling:DeleteTags\",\"ec2:Associate*\",\"iam:GetRole\",\"iam:GetPolicy\",\"ec2:CreateTags\",\"ec2:RunInstances\",\"iam:DeleteRole\",\"ec2:AssignPrivateIpAddresses\",\"iam:TagPolicy\",\"ec2:CreateVolume\",\"ec2:RevokeSecurityGroupIngress\",\"ec2:CreateNetworkInterface\",\"autoscaling:AttachInstances\",\"ec2:DeleteDhcpOptions\",\"ec2:DeleteNatGateway\",\"autoscaling:DeleteAutoScalingGroup\",\"ec2:CreateSubnet\",\"iam:GetOpenIDConnectProvider\",\"iam:GetRolePolicy\",\"autoscaling:DetachInstances\",\"ec2:ModifyVpcEndpoint\",\"logs:ListTagsLogGroup\",\"iam:CreateInstanceProfile\",\"iam:UntagRole\",\"ec2:CreateNatGateway\",\"iam:TagRole\",\"ec2:CreateVpc\",\"kms:ListResourceTags\",\"ec2:ModifySubnetAttribute\",\"iam:PassRole\",\"ec2:CreateDefaultSubnet\",\"iam:DeleteRolePolicy\",\"kms:CreateKey\",\"ec2:DeleteLaunchTemplateVersions\",\"kms:CreateGrant\",\"ec2:ReleaseAddress\",\"iam:DeleteInstanceProfile\",\"ec2:DeleteLaunchTemplate\",\"kms:GetKeyPolicy\",\"autoscaling:CreateLaunchConfiguration\",\"iam:CreatePolicy\",\"ec2:Describe*\",\"ec2:CreateLaunchTemplate\",\"iam:CreateServiceLinkedRole\",\"ec2:Disassociate*\",\"iam:UntagPolicy\",\"iam:UntagInstanceProfile\",\"iam:TagOpenIDConnectProvider\",\"iam:TagInstanceProfile\",\"iam:UpdateAssumeRolePolicy\",\"iam:GetPolicyVersion\",\"ec2:DeleteSubnet\",\"iam:RemoveRoleFromInstanceProfile\",\"iam:CreateRole\",\"iam:AttachRolePolicy\",\"ec2:DeleteVolume\",\"ec2:GetLaunchTemplateData\",\"iam:DetachRolePolicy\",\"kms:GetKeyRotationStatus\",\"autoscaling:UpdateAutoScalingGroup\",\"ec2:DetachVolume\",\"ec2:UpdateSecurityGroupRuleDescriptionsEgress\",\"autoscaling:SetDesiredCapacity\",\"ec2:DescribeLaunchTemplates\",\"ec2:CreateRouteTable\",\"ec2:DeleteNetworkInterface\",\"autoscaling:SuspendProcesses\",\"ec2:DetachInternetGateway\",\"logs:CreateLogGroup\",\"autoscaling:CreateOrUpdateTags\",\"iam:DeleteServiceLinkedRole\",\"ec2:DeleteVpc\",\"ec2:CreateEgressOnlyInternetGateway\",\"eks:*\",\"autoscaling:CreateAutoScalingGroup\",\"autoscaling:Describe*\",\"ec2:DeleteTags\",\"iam:DeletePolicy\",\"ec2:CreateSecurityGroup\",\"kms:ScheduleKeyDeletion\",\"kms:DescribeKey\",\"ec2:ModifyVpcAttribute\",\"iam:CreatePolicyVersion\",\"ec2:AuthorizeSecurityGroupEgress\",\"ec2:DeleteEgressOnlyInternetGateway\",\"ec2:DetachNetworkInterface\",\"logs:DescribeLogGroups\",\"iam:GetInstanceProfile\",\"logs:DeleteLogGroup\",\"ec2:DeleteRoute\",\"ec2:DescribeLaunchTemplateVersions\",\"ec2:AllocateAddress\",\"ec2:CreateLaunchTemplateVersion\",\"iam:CreateOpenIDConnectProvider\",\"autoscaling:DeleteLaunchConfiguration\",\"ec2:CreateVpcEndpoint\",\"ec2:DeleteSecurityGroup\",\"ec2:ModifyLaunchTemplate\",\"ec2:AttachNetworkInterface\",\"logs:PutRetentionPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor0\"}],\"Version\":\"2012-10-17\"},\"DefaultVersionId\":\"v5\"},\"id\":[\"arn:aws:iam::704479110758:policy/Terraform-eks\",\"ANPA2IBR2EZTMDSA736AM\"],\"name\":\"Terraform-eks\",\"category\":\"identity\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/tin-dd-policy-demo\",\"ANPA2IBR2EZTKPF2LZBB3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/tin-dd-policy-demo\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"apigateway:GET\",\"autoscaling:Describe*\",\"backup:List*\",\"budgets:ViewBudget\",\"cloudfront:GetDistributionConfig\",\"cloudfront:ListDistributions\",\"cloudtrail:DescribeTrails\",\"cloudtrail:GetTrailStatus\",\"cloudtrail:LookupEvents\",\"cloudwatch:Describe*\",\"cloudwatch:Get*\",\"cloudwatch:List*\",\"codedeploy:List*\",\"codedeploy:BatchGet*\",\"directconnect:Describe*\",\"dynamodb:List*\",\"dynamodb:Describe*\",\"ec2:Describe*\",\"ec2:GetTransitGatewayPrefixListReferences\",\"ec2:SearchTransitGatewayRoutes\",\"ecs:Describe*\",\"ecs:List*\",\"elasticache:Describe*\",\"elasticache:List*\",\"elasticfilesystem:DescribeFileSystems\",\"elasticfilesystem:DescribeTags\",\"elasticfilesystem:DescribeAccessPoints\",\"elasticloadbalancing:Describe*\",\"elasticmapreduce:List*\",\"elasticmapreduce:Describe*\",\"es:ListTags\",\"es:ListDomainNames\",\"es:DescribeElasticsearchDomains\",\"events:CreateEventBus\",\"fsx:DescribeFileSystems\",\"fsx:ListTagsForResource\",\"health:DescribeEvents\",\"health:DescribeEventDetails\",\"health:DescribeAffectedEntities\",\"kinesis:List*\",\"kinesis:Describe*\",\"lambda:GetPolicy\",\"lambda:List*\",\"logs:DeleteSubscriptionFilter\",\"logs:DescribeLogGroups\",\"logs:DescribeLogStreams\",\"logs:DescribeSubscriptionFilters\",\"logs:FilterLogEvents\",\"logs:PutSubscriptionFilter\",\"logs:TestMetricFilter\",\"organizations:Describe*\",\"organizations:List*\",\"rds:Describe*\",\"rds:List*\",\"redshift:DescribeClusters\",\"redshift:DescribeLoggingStatus\",\"route53:List*\",\"s3:GetBucketLogging\",\"s3:GetBucketLocation\",\"s3:GetBucketNotification\",\"s3:GetBucketTagging\",\"s3:ListAllMyBuckets\",\"s3:PutBucketNotification\",\"ses:Get*\",\"sns:List*\",\"sns:Publish\",\"sqs:ListQueues\",\"states:ListStateMachines\",\"states:DescribeStateMachine\",\"support:DescribeTrustedAdvisor*\",\"support:RefreshTrustedAdvisorCheck\",\"tag:GetResources\",\"tag:GetTagKeys\",\"tag:GetTagValues\",\"xray:BatchGetTraces\",\"xray:GetTraceSummaries\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"PolicyId\":\"ANPA2IBR2EZTKPF2LZBB3\",\"PolicyName\":\"tin-dd-policy-demo\",\"IsAttachable\":true,\"AttachmentCount\":1,\"CreateDate\":\"2024-01-26T23:23:29Z\",\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2024-01-26T23:23:29Z\",\"DefaultVersionId\":\"v1\",\"Path\":\"/\",\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/tin-dd-policy-demo\",\"Description\":null},\"id\":[\"arn:aws:iam::704479110758:policy/tin-dd-policy-demo\",\"ANPA2IBR2EZTKPF2LZBB3\"],\"name\":\"tin-dd-policy-demo\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSVPCFlowLogsPushToCloudWatch\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/vpc-flow-log-to-cloudwatch-20220131232001237000000001\",\"ANPA2IBR2EZTOX5ISGKY7\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/vpc-flow-log-to-cloudwatch-20220131232001237000000001\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"roles\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/vpc-flow-log-to-cloudwatch-20220131232001237000000001\",\"CreateDate\":\"2022-01-31T23:20:01Z\",\"DefaultVersionId\":\"v1\",\"Path\":\"/\",\"UpdateDate\":\"2022-01-31T23:20:01Z\",\"AttachmentCount\":1,\"Description\":null,\"IsAttachable\":true,\"PolicyId\":\"ANPA2IBR2EZTOX5ISGKY7\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"vpc-flow-log-to-cloudwatch-20220131232001237000000001\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"logs:PutLogEvents\",\"logs:DescribeLogStreams\",\"logs:DescribeLogGroups\",\"logs:CreateLogStream\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AWSVPCFlowLogsPushToCloudWatch\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::704479110758:policy/vpc-flow-log-to-cloudwatch-20220131232001237000000001\",\"ANPA2IBR2EZTOX5ISGKY7\"],\"name\":\"vpc-flow-log-to-cloudwatch-20220131232001237000000001\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"ForAnyValue:IpAddress\":{\"aws:SourceIp\":[\"35.156.133.78\",\"3.65.119.169\",\"3.64.84.139\"]}}}],\"related.entity\":[\"arn:aws:iam::704479110758:policy/weld-policy\",\"ANPA2IBR2EZTKLZK2NK26\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:policy/weld-policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPA2IBR2EZTKLZK2NK26\",\"PolicyName\":\"weld-policy\",\"Tags\":null,\"Arn\":\"arn:aws:iam::704479110758:policy/weld-policy\",\"DefaultVersionId\":\"v1\",\"AttachmentCount\":1,\"roles\":null,\"Description\":null,\"Path\":\"/\",\"document\":{\"Statement\":[{\"Resource\":[\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c\",\"arn:aws:s3:::tin-aws-cloudtrail-logs-704479110758-e23da26c/*\"],\"Action\":[\"s3:GetObjectAcl\",\"s3:GetObject\",\"s3:ListBucket\",\"s3:GetObjectVersion\"],\"Condition\":{\"ForAnyValue:IpAddress\":{\"aws:SourceIp\":[\"35.156.133.78\",\"3.65.119.169\",\"3.64.84.139\"]}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"CreateDate\":\"2023-10-10T13:14:02Z\",\"UpdateDate\":\"2023-10-10T13:14:02Z\"},\"id\":[\"arn:aws:iam::704479110758:policy/weld-policy\",\"ANPA2IBR2EZTKLZK2NK26\"],\"name\":\"weld-policy\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"id\":\"ElastiCacheManagementActions\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"CreateDeleteVPCEndpoints\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"StringLike\":{\"ec2:VpceServiceName\":\"com.amazonaws.elasticache.serverless.*\"}}},{\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"CreateVpcEndpoint\",\"aws:RequestTag/AmazonElastiCacheManaged\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"TagVPCEndpointsOnCreation\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"ModifyVpcEndpoints\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"StringEquals\":{\"ec2:ResourceTag/AmazonElastiCacheManaged\":\"true\"}}},{\"version\":\"2012-10-17\",\"id\":\"AllowAccessToElastiCacheTaggedVpcEndpoints\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy\",\"ANPAIML5LIBUZBVCSF7PI\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"name\":\"ElastiCacheServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"UpdateDate\":\"2023-11-28T03:05:37Z\",\"roles\":null,\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"ElastiCacheServiceRolePolicy\",\"CreateDate\":\"2017-12-07T17:50:04Z\",\"Path\":\"/aws-service-role/\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy\",\"DefaultVersionId\":\"v4\",\"Description\":null,\"AttachmentCount\":1,\"PolicyId\":\"ANPAIML5LIBUZBVCSF7PI\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:CreateNetworkInterface\",\"ec2:CreateSecurityGroup\",\"ec2:DeleteNetworkInterface\",\"ec2:DeleteSecurityGroup\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpcEndpoints\",\"ec2:ModifyNetworkInterfaceAttribute\",\"ec2:RevokeSecurityGroupIngress\",\"cloudwatch:PutMetricData\",\"outposts:GetOutpost\",\"outposts:GetOutpostInstanceTypes\",\"outposts:ListOutposts\",\"outposts:ListSites\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ElastiCacheManagementActions\"},{\"Sid\":\"CreateDeleteVPCEndpoints\",\"Action\":[\"ec2:CreateVpcEndpoint\",\"ec2:DeleteVpcEndpoints\"],\"Condition\":{\"StringLike\":{\"ec2:VpceServiceName\":\"com.amazonaws.elasticache.serverless.*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\"},{\"Action\":[\"ec2:CreateTags\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/AmazonElastiCacheManaged\":\"true\",\"ec2:CreateAction\":\"CreateVpcEndpoint\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\",\"Sid\":\"TagVPCEndpointsOnCreation\"},{\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\",\"Sid\":\"ModifyVpcEndpoints\",\"Action\":[\"ec2:ModifyVpcEndpoint\"],\"Condition\":{\"StringEquals\":{\"ec2:ResourceTag/AmazonElastiCacheManaged\":\"true\"}},\"Effect\":\"Allow\"},{\"Action\":[\"ec2:CreateVpcEndpoint\",\"ec2:ModifyVpcEndpoint\"],\"Effect\":\"Allow\",\"NotResource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\",\"Sid\":\"AllowAccessToElastiCacheTaggedVpcEndpoints\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy\",\"ANPAIML5LIBUZBVCSF7PI\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"CloudWatchEventsInvocationAccess\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess\",\"ANPAJJXD6JKJLK2WDLZNO\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"PolicyId\":\"ANPAJJXD6JKJLK2WDLZNO\",\"PolicyName\":\"CloudWatchEventsInvocationAccess\",\"UpdateDate\":\"2016-01-14T18:36:33Z\",\"AttachmentCount\":1,\"CreateDate\":\"2016-01-14T18:36:33Z\",\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess\",\"Description\":null,\"IsAttachable\":true,\"Path\":\"/service-role/\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"kinesis:PutRecord\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudWatchEventsInvocationAccess\"}],\"Version\":\"2012-10-17\"},\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess\",\"ANPAJJXD6JKJLK2WDLZNO\"],\"name\":\"CloudWatchEventsInvocationAccess\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"raw\":{\"DefaultVersionId\":\"v2\",\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Action\":[\"route53:GetHostedZone\",\"route53:ListHostedZonesByName\",\"route53:CreateHostedZone\",\"route53:DeleteHostedZone\",\"route53:ChangeResourceRecordSets\",\"route53:CreateHealthCheck\",\"route53:GetHealthCheck\",\"route53:DeleteHealthCheck\",\"route53:UpdateHealthCheck\",\"ec2:DescribeVpcs\",\"ec2:DescribeRegions\",\"ec2:DescribeInstances\",\"servicediscovery:*\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"UpdateDate\":\"2020-07-29T19:15:35Z\",\"PolicyId\":\"ANPAIZPIMAQZJS3WUXUJM\",\"CreateDate\":\"2018-11-28T23:57:31Z\",\"Path\":\"/\",\"PolicyName\":\"AWSCloudMapFullAccess\",\"Arn\":\"arn:aws:iam::aws:policy/AWSCloudMapFullAccess\",\"IsAttachable\":true,\"Tags\":null,\"roles\":null,\"Description\":null},\"id\":[\"arn:aws:iam::aws:policy/AWSCloudMapFullAccess\",\"ANPAIZPIMAQZJS3WUXUJM\"],\"name\":\"AWSCloudMapFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/AWSCloudMapFullAccess\",\"ANPAIZPIMAQZJS3WUXUJM\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AWSCloudMapFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingECSServicePolicy\",\"ANPAJFXLLV7AKH5PSFOYG\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingECSServicePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v2\",\"Description\":null,\"Tags\":null,\"UpdateDate\":\"2024-10-24T20:05:50Z\",\"document\":{\"Statement\":[{\"Action\":[\"ecs:DescribeServices\",\"ecs:UpdateService\",\"cloudwatch:PutMetricAlarm\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:GetMetricData\",\"cloudwatch:DeleteAlarms\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}],\"Version\":\"2012-10-17\"},\"roles\":null,\"CreateDate\":\"2017-10-25T23:53:08Z\",\"IsAttachable\":true,\"PolicyName\":\"AWSApplicationAutoscalingECSServicePolicy\",\"Path\":\"/aws-service-role/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAJFXLLV7AKH5PSFOYG\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingECSServicePolicy\",\"AttachmentCount\":1},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingECSServicePolicy\",\"ANPAJFXLLV7AKH5PSFOYG\"],\"name\":\"AWSApplicationAutoscalingECSServicePolicy\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"apigateway:GET\"],\"resource\":[\"arn:aws:apigateway:*::/domainnames\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonRoute53FullAccess\",\"ANPAJWVDLG5RPST6PHQ3A\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonRoute53FullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Action\":[\"route53:*\",\"route53domains:*\",\"cloudfront:ListDistributions\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticbeanstalk:DescribeEnvironments\",\"s3:ListBucket\",\"s3:GetBucketLocation\",\"s3:GetBucketWebsite\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpcEndpoints\",\"ec2:DescribeRegions\",\"sns:ListTopics\",\"sns:ListSubscriptionsByTopic\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:GetMetricStatistics\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Resource\":\"arn:aws:apigateway:*::/domainnames\",\"Action\":\"apigateway:GET\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/AmazonRoute53FullAccess\",\"Path\":\"/\",\"PolicyId\":\"ANPAJWVDLG5RPST6PHQ3A\",\"PolicyName\":\"AmazonRoute53FullAccess\",\"Tags\":null,\"DefaultVersionId\":\"v4\",\"CreateDate\":\"2015-02-06T18:40:54Z\",\"Description\":null,\"IsAttachable\":true,\"UpdateDate\":\"2018-12-20T21:42:00Z\",\"AttachmentCount\":6,\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/AmazonRoute53FullAccess\",\"ANPAJWVDLG5RPST6PHQ3A\"],\"name\":\"AmazonRoute53FullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy\",\"ANPAILWCVTZD57EMYWMBO\"],\"name\":\"AWSEC2SpotFleetServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"roles\":null,\"CreateDate\":\"2017-10-23T19:13:06Z\",\"Path\":\"/aws-service-role/\",\"Tags\":null,\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAILWCVTZD57EMYWMBO\",\"UpdateDate\":\"2020-03-16T19:16:21Z\",\"IsAttachable\":true,\"AttachmentCount\":1,\"DefaultVersionId\":\"v4\",\"PolicyName\":\"AWSEC2SpotFleetServiceRolePolicy\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ec2:DescribeImages\",\"ec2:DescribeSubnets\",\"ec2:RequestSpotInstances\",\"ec2:DescribeInstanceStatus\",\"ec2:RunInstances\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"iam:PassRole\"],\"Condition\":{\"StringEquals\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\",\"ec2.amazonaws.com.cn\"]}},\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Resource\":[\"arn:aws:ec2:*:*:instance/*\",\"arn:aws:ec2:*:*:spot-instances-request/*\",\"arn:aws:ec2:*:*:spot-fleet-request/*\",\"arn:aws:ec2:*:*:volume/*\"],\"Action\":[\"ec2:CreateTags\"],\"Effect\":\"Allow\"},{\"Action\":[\"ec2:TerminateInstances\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/aws:ec2spot:fleet-request-id\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"elasticloadbalancing:RegisterInstancesWithLoadBalancer\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:loadbalancer/*\"]},{\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:*/*\"],\"Action\":[\"elasticloadbalancing:RegisterTargets\"],\"Effect\":\"Allow\"}]},\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy\"}},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\",\"ec2.amazonaws.com.cn\"]}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"condition\":{\"StringLike\":{\"ec2:ResourceTag/aws:ec2spot:fleet-request-id\":\"*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy\",\"ANPAILWCVTZD57EMYWMBO\"],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy\",\"ANPAIQH6ROMVVECFVRJPK\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2017-10-10T23:04:07Z\",\"Path\":\"/aws-service-role/\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AWSOrganizationsServiceTrustPolicy\",\"UpdateDate\":\"2017-11-01T06:01:18Z\",\"roles\":null,\"document\":{\"Statement\":[{\"Action\":[\"iam:DeleteRole\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::*:role/aws-service-role/organizations.amazonaws.com/*\"],\"Sid\":\"AllowDeletionOfServiceLinkedRoleForOrganizations\"},{\"Action\":[\"iam:CreateServiceLinkedRole\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowCreationOfServiceLinkedRoles\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"DefaultVersionId\":\"v2\",\"IsAttachable\":true,\"PolicyId\":\"ANPAIQH6ROMVVECFVRJPK\",\"Tags\":null,\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy\",\"ANPAIQH6ROMVVECFVRJPK\"],\"name\":\"AWSOrganizationsServiceTrustPolicy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AllowDeletionOfServiceLinkedRoleForOrganizations\",\"effect\":\"Allow\"},{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"AllowCreationOfServiceLinkedRoles\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"replication.ecr.amazonaws.com\"]}}}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess\",\"ANPAIESRL7KD7IIVF6V4W\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"PolicyId\":\"ANPAIESRL7KD7IIVF6V4W\",\"PolicyName\":\"AmazonEC2ContainerRegistryFullAccess\",\"document\":{\"Statement\":[{\"Action\":[\"ecr:*\",\"cloudtrail:LookupEvents\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"iam:CreateServiceLinkedRole\"],\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"replication.ecr.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"CreateDate\":\"2015-12-21T17:06:48Z\",\"DefaultVersionId\":\"v3\",\"IsAttachable\":true,\"Tags\":null,\"Arn\":\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess\",\"Description\":null,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"roles\":null,\"UpdateDate\":\"2020-12-05T00:04:19Z\"},\"id\":[\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess\",\"ANPAIESRL7KD7IIVF6V4W\"],\"name\":\"AmazonEC2ContainerRegistryFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole\",\"ANPAJFWJZI6JNND4TSELK\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole\":{\"type\":\"policy\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole\",\"ANPAJFWJZI6JNND4TSELK\"],\"name\":\"AWSLambdaSQSQueueExecutionRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"sqs:ReceiveMessage\",\"sqs:DeleteMessage\",\"sqs:GetQueueAttributes\",\"logs:CreateLogGroup\",\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole\",\"DefaultVersionId\":\"v1\",\"Description\":null,\"IsAttachable\":true,\"CreateDate\":\"2018-06-14T21:50:45Z\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAJFWJZI6JNND4TSELK\",\"AttachmentCount\":1,\"Path\":\"/service-role/\",\"PolicyName\":\"AWSLambdaSQSQueueExecutionRole\",\"UpdateDate\":\"2018-06-14T21:50:45Z\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole\",\"ANPAJVTME3YLVNL72YR2K\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole\",\"ANPAJVTME3YLVNL72YR2K\"],\"name\":\"AWSLambdaVPCAccessExecutionRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v3\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"Arn\":\"arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole\",\"IsAttachable\":true,\"PolicyId\":\"ANPAJVTME3YLVNL72YR2K\",\"PolicyName\":\"AWSLambdaVPCAccessExecutionRole\",\"AttachmentCount\":2,\"Path\":\"/service-role/\",\"Tags\":null,\"roles\":null,\"CreateDate\":\"2016-02-11T23:15:26Z\",\"document\":{\"Statement\":[{\"Action\":[\"logs:CreateLogGroup\",\"logs:CreateLogStream\",\"logs:PutLogEvents\",\"ec2:CreateNetworkInterface\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeSubnets\",\"ec2:DeleteNetworkInterface\",\"ec2:AssignPrivateIpAddresses\",\"ec2:UnassignPrivateIpAddresses\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AWSLambdaVPCAccessExecutionPermissions\"}],\"Version\":\"2012-10-17\"},\"UpdateDate\":\"2024-01-05T22:38:26Z\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSLambdaVPCAccessExecutionPermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"resource\":[\"arn:aws:cloudformation:*:*:stack/aws-cloud9-*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"condition\":{\"StringLike\":{\"aws:RequestTag/Name\":\"aws-cloud9-*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/aws:cloudformation:stack-name\":\"aws-cloud9-*\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"iam:PassedToService\":\"ec2.amazonaws.com\"}}}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy\",\"ANPAJFXGCBXQIZATFZ4YG\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2017-11-30T13:44:08Z\",\"PolicyName\":\"AWSCloud9ServiceRolePolicy\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy\",\"DefaultVersionId\":\"v8\",\"IsAttachable\":true,\"Path\":\"/aws-service-role/\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"UpdateDate\":\"2022-01-17T14:06:15Z\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:RunInstances\",\"ec2:CreateSecurityGroup\",\"ec2:DescribeVpcs\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeInstances\",\"ec2:DescribeInstanceStatus\",\"cloudformation:CreateStack\",\"cloudformation:DescribeStacks\",\"cloudformation:DescribeStackEvents\",\"cloudformation:DescribeStackResources\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:TerminateInstances\",\"ec2:DeleteSecurityGroup\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"cloudformation:DeleteStack\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:cloudformation:*:*:stack/aws-cloud9-*\"},{\"Action\":[\"ec2:CreateTags\"],\"Condition\":{\"StringLike\":{\"aws:RequestTag/Name\":\"aws-cloud9-*\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:instance/*\",\"arn:aws:ec2:*:*:security-group/*\"]},{\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/aws:cloudformation:stack-name\":\"aws-cloud9-*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ec2:StartInstances\",\"ec2:StopInstances\"]},{\"Action\":[\"ec2:StartInstances\",\"ec2:StopInstances\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:license-manager:*:*:license-configuration:*\"]},{\"Action\":[\"iam:ListInstanceProfiles\",\"iam:GetInstanceProfile\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::*:instance-profile/cloud9/*\"]},{\"Action\":[\"iam:PassRole\"],\"Condition\":{\"StringLike\":{\"iam:PassedToService\":\"ec2.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::*:role/service-role/AWSCloud9SSMAccessRole\"]}],\"Version\":\"2012-10-17\"},\"PolicyId\":\"ANPAJFXGCBXQIZATFZ4YG\",\"roles\":null,\"AttachmentCount\":1,\"Description\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy\",\"ANPAJFXGCBXQIZATFZ4YG\"],\"name\":\"AWSCloud9ServiceRolePolicy\",\"category\":\"identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"cloudwatch:DescribeAlarms\"],\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:PassedToService\":[\"ssm.amazonaws.com\"]}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"organizations:DescribeOrganization\"],\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"action\":[\"cloudformation:ListStackSets\"],\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"cloudformation:DeleteStackInstances\"]},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"events:ManagedBy\":\"ssm.amazonaws.com\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"events:DescribeRule\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"securityhub:DescribeHub\"],\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"action\":[\"resource-explorer-2:CreateManagedView\"],\"resource\":[\"arn:aws:resource-explorer-2:*:*:managed-view/AWSManagedViewForSSM*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy\",\"ANPAIXJ26NUGBA3TCV7EC\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy\",\"Path\":\"/aws-service-role/\",\"UpdateDate\":\"2024-11-15T14:08:27Z\",\"AttachmentCount\":1,\"CreateDate\":\"2017-11-13T19:20:08Z\",\"DefaultVersionId\":\"v15\",\"PolicyName\":\"AmazonSSMServiceRolePolicy\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAIXJ26NUGBA3TCV7EC\",\"Description\":null,\"IsAttachable\":true,\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"ssm:CancelCommand\",\"ssm:GetCommandInvocation\",\"ssm:ListCommandInvocations\",\"ssm:ListCommands\",\"ssm:SendCommand\",\"ssm:GetAutomationExecution\",\"ssm:GetParameters\",\"ssm:StartAutomationExecution\",\"ssm:StopAutomationExecution\",\"ssm:ListTagsForResource\",\"ssm:GetCalendarState\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"ssm:UpdateServiceSetting\",\"ssm:GetServiceSetting\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*\",\"arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*\"]},{\"Effect\":\"Allow\",\"Resource\":[\"*\"],\"Action\":[\"ec2:DescribeInstanceAttribute\",\"ec2:DescribeInstanceStatus\",\"ec2:DescribeInstances\"]},{\"Resource\":[\"arn:aws:lambda:*:*:function:SSM*\",\"arn:aws:lambda:*:*:function:*:SSM*\"],\"Action\":[\"lambda:InvokeFunction\"],\"Effect\":\"Allow\"},{\"Action\":[\"states:DescribeExecution\",\"states:StartExecution\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:states:*:*:stateMachine:SSM*\",\"arn:aws:states:*:*:execution:SSM*\"]},{\"Action\":[\"resource-groups:ListGroups\",\"resource-groups:ListGroupResources\",\"resource-groups:GetGroupQuery\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"cloudformation:DescribeStacks\",\"cloudformation:ListStackResources\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"tag:GetResources\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"config:SelectResourceConfig\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"compute-optimizer:GetEC2InstanceRecommendations\",\"compute-optimizer:GetEnrollmentStatus\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"support:DescribeTrustedAdvisorChecks\",\"support:DescribeTrustedAdvisorCheckSummaries\",\"support:DescribeTrustedAdvisorCheckResult\",\"support:DescribeCases\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"config:DescribeComplianceByConfigRule\",\"config:DescribeComplianceByResource\",\"config:DescribeRemediationConfigurations\",\"config:DescribeConfigurationRecorders\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":\"cloudwatch:DescribeAlarms\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":\"iam:PassRole\",\"Condition\":{\"StringEquals\":{\"iam:PassedToService\":[\"ssm.amazonaws.com\"]}}},{\"Action\":\"organizations:DescribeOrganization\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"cloudformation:ListStackSets\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"cloudformation:ListStackInstances\",\"cloudformation:DescribeStackSetOperation\",\"cloudformation:DeleteStackSet\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*\"},{\"Action\":\"cloudformation:DeleteStackInstances\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*\",\"arn:aws:cloudformation:*:*:stackset-target/AWS-QuickSetup-SSM*:*\",\"arn:aws:cloudformation:*:*:type/resource/*\"]},{\"Action\":[\"events:PutRule\",\"events:PutTargets\"],\"Condition\":{\"StringEquals\":{\"events:ManagedBy\":\"ssm.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"events:RemoveTargets\",\"events:DeleteRule\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:events:*:*:rule/SSMExplorerManagedRule\"]},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":\"events:DescribeRule\"},{\"Action\":\"securityhub:DescribeHub\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Resource\":\"arn:aws:resource-explorer-2:*:*:managed-view/AWSManagedViewForSSM*\",\"Action\":\"resource-explorer-2:CreateManagedView\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy\",\"ANPAIXJ26NUGBA3TCV7EC\"],\"name\":\"AmazonSSMServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSPriceListServiceFullAccess\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess\",\"ANPAIADJ4GBYNHKABML3Q\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess\",\"ANPAIADJ4GBYNHKABML3Q\"],\"name\":\"AWSPriceListServiceFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess\",\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2024-07-02T13:34:19Z\",\"CreateDate\":\"2017-11-22T00:36:27Z\",\"DefaultVersionId\":\"v2\",\"PolicyId\":\"ANPAIADJ4GBYNHKABML3Q\",\"PolicyName\":\"AWSPriceListServiceFullAccess\",\"IsAttachable\":true,\"Path\":\"/\",\"roles\":null,\"AttachmentCount\":1,\"Description\":null,\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"pricing:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AWSPriceListServiceFullAccess\"}],\"Version\":\"2012-10-17\"}}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*\"],\"condition\":{\"StringLike\":{\"iam:AWSServiceName\":\"ssm.amazonaws.com\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonSSMFullAccess\",\"ANPAJA7V6HI4ISQFMDYAG\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonSSMFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/AmazonSSMFullAccess\",\"ANPAJA7V6HI4ISQFMDYAG\"],\"name\":\"AmazonSSMFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2015-05-29T17:39:47Z\",\"IsAttachable\":true,\"AttachmentCount\":1,\"Path\":\"/\",\"Tags\":null,\"UpdateDate\":\"2019-11-20T20:08:56Z\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAJA7V6HI4ISQFMDYAG\",\"document\":{\"Statement\":[{\"Action\":[\"cloudwatch:PutMetricData\",\"ds:CreateComputer\",\"ds:DescribeDirectories\",\"ec2:DescribeInstanceStatus\",\"logs:*\",\"ssm:*\",\"ec2messages:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringLike\":{\"iam:AWSServiceName\":\"ssm.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*\"},{\"Action\":[\"iam:DeleteServiceLinkedRole\",\"iam:GetServiceLinkedRoleDeletionStatus\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*\"},{\"Action\":[\"ssmmessages:CreateControlChannel\",\"ssmmessages:CreateDataChannel\",\"ssmmessages:OpenControlChannel\",\"ssmmessages:OpenDataChannel\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/AmazonSSMFullAccess\",\"PolicyName\":\"AmazonSSMFullAccess\",\"roles\":null,\"DefaultVersionId\":\"v4\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"ec2:Describe*\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"elasticloadbalancing:Describe*\"],\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"autoscaling:Describe*\"],\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess\",\"ANPAIGDT4SV4GSETWTBZK\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"UpdateDate\":\"2024-02-14T18:43:53Z\",\"Arn\":\"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess\",\"Description\":null,\"Tags\":null,\"DefaultVersionId\":\"v1\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAIGDT4SV4GSETWTBZK\",\"PolicyName\":\"AmazonEC2ReadOnlyAccess\",\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Action\":\"ec2:Describe*\",\"Effect\":\"Allow\"},{\"Resource\":\"*\",\"Action\":\"elasticloadbalancing:Describe*\",\"Effect\":\"Allow\"},{\"Resource\":\"*\",\"Action\":[\"cloudwatch:ListMetrics\",\"cloudwatch:GetMetricStatistics\",\"cloudwatch:Describe*\"],\"Effect\":\"Allow\"},{\"Resource\":\"*\",\"Action\":\"autoscaling:Describe*\",\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":2,\"CreateDate\":\"2015-02-06T18:40:17Z\",\"IsAttachable\":true,\"Path\":\"/\",\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess\",\"ANPAIGDT4SV4GSETWTBZK\"],\"name\":\"AmazonEC2ReadOnlyAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy\",\"ANPAJFEWZPHXKLCVHEUIC\"],\"name\":\"AmazonElasticsearchServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v7\",\"PolicyName\":\"AmazonElasticsearchServiceRolePolicy\",\"UpdateDate\":\"2023-10-23T06:58:31Z\",\"Tags\":null,\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy\",\"AttachmentCount\":1,\"CreateDate\":\"2017-07-07T00:15:31Z\",\"Description\":null,\"IsAttachable\":true,\"PolicyId\":\"ANPAJFEWZPHXKLCVHEUIC\",\"roles\":null,\"Path\":\"/aws-service-role/\",\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ec2:CreateNetworkInterface\",\"ec2:DeleteNetworkInterface\",\"ec2:DescribeNetworkInterfaces\",\"ec2:ModifyNetworkInterfaceAttribute\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeVpcs\",\"elasticloadbalancing:AddListenerCertificates\",\"elasticloadbalancing:RemoveListenerCertificates\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Stmt1480452973134\"},{\"Resource\":\"*\",\"Sid\":\"Stmt1480452973135\",\"Action\":[\"acm:DescribeCertificate\"],\"Effect\":\"Allow\"},{\"Action\":\"cloudwatch:PutMetricData\",\"Condition\":{\"StringEquals\":{\"cloudwatch:namespace\":\"AWS/ES\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Stmt1480452973136\"},{\"Sid\":\"Stmt1480452973198\",\"Action\":[\"ec2:CreateVpcEndpoint\",\"ec2:ModifyVpcEndpoint\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:vpc/*\",\"arn:aws:ec2:*:*:security-group/*\",\"arn:aws:ec2:*:*:subnet/*\",\"arn:aws:ec2:*:*:route-table/*\"]},{\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\",\"Sid\":\"Stmt1480452973199\",\"Action\":\"ec2:CreateVpcEndpoint\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/OpenSearchManaged\":\"true\"}},\"Effect\":\"Allow\"},{\"Action\":[\"ec2:ModifyVpcEndpoint\",\"ec2:DeleteVpcEndpoints\"],\"Condition\":{\"StringEquals\":{\"aws:ResourceTag/OpenSearchManaged\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\",\"Sid\":\"Stmt1480452973200\"},{\"Action\":[\"ec2:DescribeVpcEndpoints\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Stmt1480452973201\"},{\"Action\":[\"ec2:AssignIpv6Addresses\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:network-interface/*\",\"Sid\":\"Stmt1480452973149\"},{\"Action\":[\"ec2:UnAssignIpv6Addresses\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:network-interface/*\",\"Sid\":\"Stmt1480452973150\"},{\"Action\":[\"ec2:CreateTags\"],\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"CreateVpcEndpoint\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\",\"Sid\":\"Stmt1480452973202\"}]}}},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973134\"},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973135\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"action\":[\"cloudwatch:PutMetricData\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"cloudwatch:namespace\":\"AWS/ES\"}},\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973136\"},{\"id\":\"Stmt1480452973198\",\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"condition\":{\"StringEquals\":{\"aws:RequestTag/OpenSearchManaged\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973199\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateVpcEndpoint\"],\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"StringEquals\":{\"aws:ResourceTag/OpenSearchManaged\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973200\"},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973201\"},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973149\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:network-interface/*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:network-interface/*\"],\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973150\"},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973202\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"CreateVpcEndpoint\"}}}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy\",\"ANPAJFEWZPHXKLCVHEUIC\"],\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AmazonECSServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"CreateDate\":\"2017-10-14T01:18:58Z\",\"PolicyId\":\"ANPAIVUWKCAI7URU4WUEI\",\"roles\":null,\"Description\":null,\"IsAttachable\":true,\"PolicyName\":\"AmazonECSServiceRolePolicy\",\"UpdateDate\":\"2023-12-04T19:32:25Z\",\"DefaultVersionId\":\"v11\",\"Path\":\"/aws-service-role/\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:AttachNetworkInterface\",\"ec2:CreateNetworkInterface\",\"ec2:CreateNetworkInterfacePermission\",\"ec2:DeleteNetworkInterface\",\"ec2:DeleteNetworkInterfacePermission\",\"ec2:Describe*\",\"ec2:DetachNetworkInterface\",\"elasticloadbalancing:DeregisterInstancesFromLoadBalancer\",\"elasticloadbalancing:DeregisterTargets\",\"elasticloadbalancing:Describe*\",\"elasticloadbalancing:RegisterInstancesWithLoadBalancer\",\"elasticloadbalancing:RegisterTargets\",\"route53:ChangeResourceRecordSets\",\"route53:CreateHealthCheck\",\"route53:DeleteHealthCheck\",\"route53:Get*\",\"route53:List*\",\"route53:UpdateHealthCheck\",\"servicediscovery:DeregisterInstance\",\"servicediscovery:Get*\",\"servicediscovery:List*\",\"servicediscovery:RegisterInstance\",\"servicediscovery:UpdateInstanceCustomHealthStatus\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ECSTaskManagement\"},{\"Action\":[\"autoscaling:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AutoScaling\"},{\"Action\":[\"autoscaling:DeletePolicy\",\"autoscaling:PutScalingPolicy\",\"autoscaling:SetInstanceProtection\",\"autoscaling:UpdateAutoScalingGroup\",\"autoscaling:PutLifecycleHook\",\"autoscaling:DeleteLifecycleHook\",\"autoscaling:CompleteLifecycleAction\",\"autoscaling:RecordLifecycleActionHeartbeat\"],\"Condition\":{\"Null\":{\"autoscaling:ResourceTag/AmazonECSManaged\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AutoScalingManagement\"},{\"Resource\":\"*\",\"Sid\":\"AutoScalingPlanManagement\",\"Action\":[\"autoscaling-plans:CreateScalingPlan\",\"autoscaling-plans:DeleteScalingPlan\",\"autoscaling-plans:DescribeScalingPlans\",\"autoscaling-plans:DescribeScalingPlanResources\"],\"Effect\":\"Allow\"},{\"Action\":[\"events:DescribeRule\",\"events:ListTargetsByRule\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:events:*:*:rule/ecs-managed-*\",\"Sid\":\"EventBridge\"},{\"Condition\":{\"StringEquals\":{\"events:ManagedBy\":\"ecs.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EventBridgeRuleManagement\",\"Action\":[\"events:PutRule\",\"events:PutTargets\"]},{\"Sid\":\"CWAlarmManagement\",\"Action\":[\"cloudwatch:DeleteAlarms\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:PutMetricAlarm\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:cloudwatch:*:*:alarm:*\"},{\"Resource\":\"arn:aws:ec2:*:*:network-interface/*\",\"Sid\":\"ECSTagging\",\"Action\":[\"ec2:CreateTags\"],\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/ecs/*\",\"Sid\":\"CWLogGroupManagement\",\"Action\":[\"logs:CreateLogGroup\",\"logs:DescribeLogGroups\",\"logs:PutRetentionPolicy\"],\"Effect\":\"Allow\"},{\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/ecs/*:log-stream:*\",\"Sid\":\"CWLogStreamManagement\",\"Action\":[\"logs:CreateLogStream\",\"logs:DescribeLogStreams\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\"},{\"Action\":[\"ssm:DescribeSessions\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ExecuteCommandSessionManagement\"},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ecs:*:*:task/*\",\"arn:aws:ssm:*:*:document/AmazonECS-ExecuteInteractiveCommand\"],\"Sid\":\"ExecuteCommand\",\"Action\":[\"ssm:StartSession\"]},{\"Action\":[\"servicediscovery:CreateHttpNamespace\",\"servicediscovery:CreateService\"],\"Condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"AmazonECSManaged\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudMapResourceCreation\"},{\"Condition\":{\"StringLike\":{\"aws:RequestTag/AmazonECSManaged\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudMapResourceTagging\",\"Action\":\"servicediscovery:TagResource\"},{\"Action\":[\"servicediscovery:DeleteService\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/AmazonECSManaged\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudMapResourceDeletion\"},{\"Action\":[\"servicediscovery:DiscoverInstances\",\"servicediscovery:DiscoverInstancesRevision\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudMapResourceDiscovery\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy\",\"ANPAIVUWKCAI7URU4WUEI\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"ECSTaskManagement\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"AutoScaling\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"Null\":{\"autoscaling:ResourceTag/AmazonECSManaged\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"AutoScalingManagement\"},{\"version\":\"2012-10-17\",\"id\":\"AutoScalingPlanManagement\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"EventBridge\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:events:*:*:rule/ecs-managed-*\"]},{\"version\":\"2012-10-17\",\"id\":\"EventBridgeRuleManagement\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"events:ManagedBy\":\"ecs.amazonaws.com\"}}},{\"version\":\"2012-10-17\",\"id\":\"CWAlarmManagement\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:cloudwatch:*:*:alarm:*\"]},{\"version\":\"2012-10-17\",\"id\":\"ECSTagging\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:network-interface/*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/ecs/*\"],\"version\":\"2012-10-17\",\"id\":\"CWLogGroupManagement\"},{\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/ecs/*:log-stream:*\"],\"version\":\"2012-10-17\",\"id\":\"CWLogStreamManagement\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"ExecuteCommandSessionManagement\"},{\"version\":\"2012-10-17\",\"id\":\"ExecuteCommand\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"CloudMapResourceCreation\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"AmazonECSManaged\"]}}},{\"action\":[\"servicediscovery:TagResource\"],\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"aws:RequestTag/AmazonECSManaged\":\"*\"}},\"version\":\"2012-10-17\",\"id\":\"CloudMapResourceTagging\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"CloudMapResourceDeletion\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"Null\":{\"aws:ResourceTag/AmazonECSManaged\":\"false\"}}},{\"version\":\"2012-10-17\",\"id\":\"CloudMapResourceDiscovery\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy\",\"ANPAIVUWKCAI7URU4WUEI\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\",\"ANPAJG4T4G4PV56DE72PY\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"IsAttachable\":true,\"Path\":\"/service-role/\",\"PolicyId\":\"ANPAJG4T4G4PV56DE72PY\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ecr:GetAuthorizationToken\",\"ecr:BatchCheckLayerAvailability\",\"ecr:GetDownloadUrlForLayer\",\"ecr:BatchGetImage\",\"logs:CreateLogStream\",\"logs:PutLogEvents\"]}]},\"CreateDate\":\"2017-11-16T18:48:22Z\",\"PolicyName\":\"AmazonECSTaskExecutionRolePolicy\",\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\",\"DefaultVersionId\":\"v1\",\"PermissionsBoundaryUsageCount\":0,\"AttachmentCount\":4,\"Description\":null,\"Tags\":null,\"UpdateDate\":\"2017-11-16T18:48:22Z\"},\"id\":[\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\",\"ANPAJG4T4G4PV56DE72PY\"],\"name\":\"AmazonECSTaskExecutionRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy\",\"ANPAIC5D2V7MRWBMHGD7G\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"name\":\"AutoScalingServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"CreateDate\":\"2018-01-08T23:10:55Z\",\"DefaultVersionId\":\"v9\",\"UpdateDate\":\"2024-11-15T17:10:25Z\",\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy\",\"IsAttachable\":true,\"Path\":\"/aws-service-role/\",\"PolicyName\":\"AutoScalingServiceRolePolicy\",\"PolicyId\":\"ANPAIC5D2V7MRWBMHGD7G\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"ec2:AttachClassicLinkVpc\",\"ec2:CancelSpotInstanceRequests\",\"ec2:CreateFleet\",\"ec2:CreateTags\",\"ec2:DeleteTags\",\"ec2:Describe*\",\"ec2:DetachClassicLinkVpc\",\"ec2:GetInstanceTypesFromInstanceRequirements\",\"ec2:GetSecurityGroupsForVpc\",\"ec2:ModifyInstanceAttribute\",\"ec2:RequestSpotInstances\",\"ec2:RunInstances\",\"ec2:StartInstances\",\"ec2:StopInstances\",\"ec2:TerminateInstances\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2InstanceManagement\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2InstanceProfileManagement\",\"Action\":[\"iam:PassRole\"],\"Condition\":{\"StringLike\":{\"iam:PassedToService\":\"ec2.amazonaws.com*\"}}},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2SpotManagement\",\"Action\":[\"iam:CreateServiceLinkedRole\"],\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"spot.amazonaws.com\"}}},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ELBManagement\",\"Action\":[\"elasticloadbalancing:Register*\",\"elasticloadbalancing:Deregister*\",\"elasticloadbalancing:Describe*\"]},{\"Action\":[\"cloudwatch:DeleteAlarms\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:GetMetricData\",\"cloudwatch:PutMetricAlarm\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CWManagement\"},{\"Action\":[\"sns:Publish\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"SNSManagement\"},{\"Action\":[\"events:PutRule\",\"events:PutTargets\",\"events:RemoveTargets\",\"events:DeleteRule\",\"events:DescribeRule\"],\"Condition\":{\"StringEquals\":{\"events:ManagedBy\":\"autoscaling.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EventBridgeRuleManagement\"},{\"Action\":[\"ssm:GetParameters\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"SystemsManagerParameterManagement\"},{\"Action\":[\"vpc-lattice:DeregisterTargets\",\"vpc-lattice:GetTargetGroup\",\"vpc-lattice:ListTargets\",\"vpc-lattice:ListTargetGroups\",\"vpc-lattice:RegisterTargets\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VpcLatticeManagement\"},{\"Action\":[\"resource-groups:ListGroupResources\"],\"Effect\":\"Allow\",\"Resource\":\"arn:*:resource-groups:*:*:group/*\",\"Sid\":\"ResourceGroupsManagement\"}],\"Version\":\"2012-10-17\"},\"Description\":null,\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy\",\"ANPAIC5D2V7MRWBMHGD7G\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"EC2InstanceManagement\"},{\"id\":\"EC2InstanceProfileManagement\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"iam:PassedToService\":\"ec2.amazonaws.com*\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"EC2SpotManagement\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"spot.amazonaws.com\"}}},{\"version\":\"2012-10-17\",\"id\":\"ELBManagement\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"CWManagement\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"SNSManagement\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"events:ManagedBy\":\"autoscaling.amazonaws.com\"}},\"version\":\"2012-10-17\",\"id\":\"EventBridgeRuleManagement\"},{\"version\":\"2012-10-17\",\"id\":\"SystemsManagerParameterManagement\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"VpcLatticeManagement\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"ResourceGroupsManagement\",\"effect\":\"Allow\",\"resource\":[\"arn:*:resource-groups:*:*:group/*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"CreateDate\":\"2017-06-29T18:19:29Z\",\"PolicyName\":\"AmazonEC2SpotFleetTaggingRole\",\"Path\":\"/service-role/\",\"PolicyId\":\"ANPAJ5U6UMLCEYLX5OLC4\",\"UpdateDate\":\"2020-04-23T19:30:49Z\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ec2:DescribeImages\",\"ec2:DescribeSubnets\",\"ec2:RequestSpotInstances\",\"ec2:TerminateInstances\",\"ec2:DescribeInstanceStatus\",\"ec2:CreateTags\",\"ec2:RunInstances\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":\"iam:PassRole\",\"Condition\":{\"StringEquals\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\",\"ec2.amazonaws.com.cn\"]}},\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:loadbalancer/*\"],\"Action\":[\"elasticloadbalancing:RegisterInstancesWithLoadBalancer\"],\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:*/*\"],\"Action\":[\"elasticloadbalancing:RegisterTargets\"]}]},\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole\",\"IsAttachable\":true,\"Tags\":null,\"DefaultVersionId\":\"v5\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole\",\"ANPAJ5U6UMLCEYLX5OLC4\"],\"name\":\"AmazonEC2SpotFleetTaggingRole\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"],\"condition\":{\"StringEquals\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\",\"ec2.amazonaws.com.cn\"]}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole\",\"ANPAJ5U6UMLCEYLX5OLC4\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole\":{\"type\":\"policy\",\"category\":\"identity\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"CrossRegionCommunication\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"Ec2\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"id\":\"CloudWatchLogs\",\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"CloudWatchStreams\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"Kinesis\",\"effect\":\"Allow\"},{\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"cloudwatch:namespace\":[\"AWS/DocDB\",\"AWS/Neptune\",\"AWS/RDS\",\"AWS/Usage\"]}},\"version\":\"2012-10-17\",\"id\":\"CloudWatch\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"SecretsManagerPassword\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"SecretsManagerSecret\",\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"secretsmanager:ResourceTag/aws:secretsmanager:owningService\":\"rds\"}}},{\"effect\":\"Allow\",\"action\":[\"secretsmanager:TagResource\"],\"resource\":[\"arn:aws:secretsmanager:*:*:secret:rds!*\"],\"condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"aws:rds:primaryDBInstanceArn\",\"aws:rds:primaryDBClusterArn\"]},\"StringLike\":{\"secretsmanager:ResourceTag/aws:secretsmanager:owningService\":\"rds\"}},\"version\":\"2012-10-17\",\"id\":\"SecretsManagerTags\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy\",\"ANPAIPEU5ZOBJWKWHUIBA\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PolicyId\":\"ANPAIPEU5ZOBJWKWHUIBA\",\"roles\":null,\"AttachmentCount\":1,\"DefaultVersionId\":\"v14\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AmazonRDSServiceRolePolicy\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy\",\"CreateDate\":\"2018-01-08T18:17:46Z\",\"IsAttachable\":true,\"Tags\":null,\"UpdateDate\":\"2024-07-01T22:42:05Z\",\"Description\":null,\"Path\":\"/aws-service-role/\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"rds:CrossRegionCommunication\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CrossRegionCommunication\"},{\"Sid\":\"Ec2\",\"Action\":[\"ec2:AllocateAddress\",\"ec2:AssociateAddress\",\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:CreateCoipPoolPermission\",\"ec2:CreateLocalGatewayRouteTablePermission\",\"ec2:CreateNetworkInterface\",\"ec2:CreateSecurityGroup\",\"ec2:DeleteCoipPoolPermission\",\"ec2:DeleteLocalGatewayRouteTablePermission\",\"ec2:DeleteNetworkInterface\",\"ec2:DeleteSecurityGroup\",\"ec2:DescribeAddresses\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeCoipPools\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeLocalGatewayRouteTablePermissions\",\"ec2:DescribeLocalGatewayRouteTables\",\"ec2:DescribeLocalGatewayRouteTableVpcAssociations\",\"ec2:DescribeLocalGateways\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeVpcAttribute\",\"ec2:DescribeVpcs\",\"ec2:DisassociateAddress\",\"ec2:ModifyNetworkInterfaceAttribute\",\"ec2:ModifyVpcEndpoint\",\"ec2:ReleaseAddress\",\"ec2:RevokeSecurityGroupIngress\",\"ec2:CreateVpcEndpoint\",\"ec2:DescribeVpcEndpoints\",\"ec2:DeleteVpcEndpoints\",\"ec2:AssignPrivateIpAddresses\",\"ec2:UnassignPrivateIpAddresses\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"logs:CreateLogGroup\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:*:*:log-group:/aws/rds/*\",\"arn:aws:logs:*:*:log-group:/aws/docdb/*\",\"arn:aws:logs:*:*:log-group:/aws/neptune/*\"],\"Sid\":\"CloudWatchLogs\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\",\"logs:DescribeLogStreams\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*\",\"arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*\",\"arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*\"],\"Sid\":\"CloudWatchStreams\"},{\"Action\":[\"kinesis:CreateStream\",\"kinesis:PutRecord\",\"kinesis:PutRecords\",\"kinesis:DescribeStream\",\"kinesis:SplitShard\",\"kinesis:MergeShards\",\"kinesis:DeleteStream\",\"kinesis:UpdateShardCount\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:kinesis:*:*:stream/aws-rds-das-*\"],\"Sid\":\"Kinesis\"},{\"Action\":[\"cloudwatch:PutMetricData\"],\"Condition\":{\"StringEquals\":{\"cloudwatch:namespace\":[\"AWS/DocDB\",\"AWS/Neptune\",\"AWS/RDS\",\"AWS/Usage\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudWatch\"},{\"Action\":[\"secretsmanager:GetRandomPassword\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"SecretsManagerPassword\"},{\"Sid\":\"SecretsManagerSecret\",\"Action\":[\"secretsmanager:DeleteSecret\",\"secretsmanager:DescribeSecret\",\"secretsmanager:PutSecretValue\",\"secretsmanager:RotateSecret\",\"secretsmanager:UpdateSecret\",\"secretsmanager:UpdateSecretVersionStage\",\"secretsmanager:ListSecretVersionIds\"],\"Condition\":{\"StringLike\":{\"secretsmanager:ResourceTag/aws:secretsmanager:owningService\":\"rds\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:secretsmanager:*:*:secret:rds!*\"]},{\"Action\":\"secretsmanager:TagResource\",\"Condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"aws:rds:primaryDBInstanceArn\",\"aws:rds:primaryDBClusterArn\"]},\"StringLike\":{\"secretsmanager:ResourceTag/aws:secretsmanager:owningService\":\"rds\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:secretsmanager:*:*:secret:rds!*\",\"Sid\":\"SecretsManagerTags\"}]}},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy\",\"ANPAIPEU5ZOBJWKWHUIBA\"],\"name\":\"AmazonRDSServiceRolePolicy\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy\",\"ANPAIMHWGGSRHLOQUICJQ\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"tags\":null,\"raw\":{\"CreateDate\":\"2017-09-19T22:19:04Z\",\"Description\":null,\"Path\":\"/aws-service-role/\",\"PermissionsBoundaryUsageCount\":0,\"DefaultVersionId\":\"v8\",\"PolicyId\":\"ANPAIMHWGGSRHLOQUICJQ\",\"UpdateDate\":\"2024-10-24T22:50:24Z\",\"roles\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy\",\"AttachmentCount\":1,\"IsAttachable\":true,\"PolicyName\":\"AWSElasticLoadBalancingServiceRolePolicy\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:DescribeAddresses\",\"ec2:DescribeCoipPools\",\"ec2:DescribeInstances\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeVpcs\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeAccountAttributes\",\"ec2:DescribeClassicLinkInstances\",\"ec2:DescribeVpcClassicLink\",\"ec2:CreateSecurityGroup\",\"ec2:CreateNetworkInterface\",\"ec2:DeleteNetworkInterface\",\"ec2:GetCoipPoolUsage\",\"ec2:GetSecurityGroupsForVpc\",\"ec2:ModifyNetworkInterfaceAttribute\",\"ec2:AllocateAddress\",\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:AssociateAddress\",\"ec2:DisassociateAddress\",\"ec2:AttachNetworkInterface\",\"ec2:DetachNetworkInterface\",\"ec2:AssignPrivateIpAddresses\",\"ec2:AssignIpv6Addresses\",\"ec2:ReleaseAddress\",\"ec2:UnassignIpv6Addresses\",\"ec2:DescribeVpcPeeringConnections\",\"logs:CreateLogDelivery\",\"logs:GetLogDelivery\",\"logs:UpdateLogDelivery\",\"logs:DeleteLogDelivery\",\"logs:ListLogDeliveries\",\"outposts:GetOutpostInstanceTypes\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy\",\"ANPAIMHWGGSRHLOQUICJQ\"],\"name\":\"AWSElasticLoadBalancingServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"CloudWatchEventsBuiltInTargetExecutionAccess\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess\",\"ANPAIC5AQ5DATYSNF4AUM\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"CloudWatchEventsBuiltInTargetExecutionAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"PolicyId\":\"ANPAIC5AQ5DATYSNF4AUM\",\"UpdateDate\":\"2016-01-14T18:35:49Z\",\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudWatchEventsBuiltInTargetExecutionAccess\",\"Action\":[\"ec2:Describe*\",\"ec2:RebootInstances\",\"ec2:StopInstances\",\"ec2:TerminateInstances\",\"ec2:CreateSnapshot\"]}],\"Version\":\"2012-10-17\"},\"Path\":\"/service-role/\",\"PolicyName\":\"CloudWatchEventsBuiltInTargetExecutionAccess\",\"Description\":null,\"IsAttachable\":true,\"CreateDate\":\"2016-01-14T18:35:49Z\",\"DefaultVersionId\":\"v1\"},\"id\":[\"arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess\",\"ANPAIC5AQ5DATYSNF4AUM\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"ec2:*\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"elasticloadbalancing:*\"],\"resource\":[\"*\"]},{\"action\":[\"cloudwatch:*\"],\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"autoscaling:*\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"autoscaling.amazonaws.com\",\"ec2scheduled.amazonaws.com\",\"elasticloadbalancing.amazonaws.com\",\"spot.amazonaws.com\",\"spotfleet.amazonaws.com\",\"transitgateway.amazonaws.com\"]}}}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonEC2FullAccess\",\"ANPAI3VAJF5ZCRZ7MCQE6\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonEC2FullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2015-02-06T18:40:15Z\",\"roles\":null,\"AttachmentCount\":6,\"DefaultVersionId\":\"v5\",\"IsAttachable\":true,\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Action\":\"ec2:*\",\"Effect\":\"Allow\"},{\"Action\":\"elasticloadbalancing:*\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":\"cloudwatch:*\"},{\"Action\":\"autoscaling:*\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"autoscaling.amazonaws.com\",\"ec2scheduled.amazonaws.com\",\"elasticloadbalancing.amazonaws.com\",\"spot.amazonaws.com\",\"spotfleet.amazonaws.com\",\"transitgateway.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/AmazonEC2FullAccess\",\"PolicyId\":\"ANPAI3VAJF5ZCRZ7MCQE6\",\"Tags\":null,\"UpdateDate\":\"2018-11-27T02:16:56Z\",\"Description\":null,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AmazonEC2FullAccess\"},\"id\":[\"arn:aws:iam::aws:policy/AmazonEC2FullAccess\",\"ANPAI3VAJF5ZCRZ7MCQE6\"],\"name\":\"AmazonEC2FullAccess\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"id\":\"GuardDutyGetDescribeListPolicy\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"malware-protection.guardduty.amazonaws.com\"}},\"version\":\"2012-10-17\",\"id\":\"GuardDutyCreateSLRPolicy\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyManaged\"},\"StringLike\":{\"ec2:VpceServiceName\":[\"com.amazonaws.*.guardduty-data\",\"com.amazonaws.*.guardduty-data-fips\"]}},\"version\":\"2012-10-17\",\"id\":\"GuardDutyCreateVpcEndpointPolicy\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateVpcEndpoint\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyManaged\":false}},\"version\":\"2012-10-17\",\"id\":\"GuardDutyModifyDeleteVpcEndpointPolicy\"},{\"version\":\"2012-10-17\",\"id\":\"GuardDutyCreateModifyVpcEndpointNetworkPolicy\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"action\":[\"ec2:CreateTags\"],\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyManaged\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateVpcEndpoint\"}},\"version\":\"2012-10-17\",\"id\":\"GuardDutyCreateTagsDuringVpcEndpointCreationPolicy\"},{\"version\":\"2012-10-17\",\"id\":\"GuardDutySecurityGroupManagementPolicy\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:security-group/*\"],\"condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyManaged\":false}}},{\"resource\":[\"arn:aws:ec2:*:*:security-group/*\"],\"condition\":{\"StringLike\":{\"aws:RequestTag/GuardDutyManaged\":\"*\"}},\"version\":\"2012-10-17\",\"id\":\"GuardDutyCreateSecurityGroupPolicy\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateSecurityGroup\"]},{\"id\":\"GuardDutyCreateSecurityGroupForVpcPolicy\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateSecurityGroup\"],\"resource\":[\"arn:aws:ec2:*:*:vpc/*\"],\"version\":\"2012-10-17\"},{\"action\":[\"ec2:CreateTags\"],\"resource\":[\"arn:aws:ec2:*:*:security-group/*\"],\"condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyManaged\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateSecurityGroup\"}},\"version\":\"2012-10-17\",\"id\":\"GuardDutyCreateTagsDuringSecurityGroupCreationPolicy\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"GuardDutyCreateEksAddonPolicy\",\"effect\":\"Allow\",\"action\":[\"eks:CreateAddon\"],\"resource\":[\"arn:aws:eks:*:*:cluster/*\"],\"condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyManaged\"}}},{\"version\":\"2012-10-17\",\"id\":\"GuardDutyEksAddonManagementPolicy\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:eks:*:*:addon/*/aws-guardduty-agent/*\"]},{\"effect\":\"Allow\",\"action\":[\"eks:TagResource\"],\"resource\":[\"arn:aws:eks:*:*:cluster/*\"],\"condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyManaged\"}},\"version\":\"2012-10-17\",\"id\":\"GuardDutyEksClusterTagResourcePolicy\"},{\"version\":\"2012-10-17\",\"id\":\"GuardDutyEcsPutAccountSettingsDefaultPolicy\",\"effect\":\"Allow\",\"action\":[\"ecs:PutAccountSettingDefault\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"ecs:account-setting\":[\"guardDutyActivate\"]}}},{\"version\":\"2012-10-17\",\"id\":\"SsmCreateDescribeUpdateDeleteStartAssociationPermission\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ssm:*:*:association/*\"],\"condition\":{\"StringEquals\":{\"aws:ResourceTag/GuardDutyManaged\":\"true\"}}},{\"version\":\"2012-10-17\",\"id\":\"SsmAddTagsToResourcePermission\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ssm:*:*:association/*\"],\"condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"GuardDutyManaged\"]},\"StringEquals\":{\"aws:ResourceTag/GuardDutyManaged\":\"true\"}}},{\"id\":\"SsmCreateUpdateAssociationInstanceDocumentPermission\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ssm:*:*:document/AmazonGuardDuty-ConfigureRuntimeMonitoringSsmPlugin\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"SsmSendCommandPermission\",\"effect\":\"Allow\",\"action\":[\"ssm:SendCommand\"]},{\"version\":\"2012-10-17\",\"id\":\"SsmGetCommandStatus\",\"effect\":\"Allow\",\"action\":[\"ssm:GetCommandInvocation\"],\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy\",\"ANPAIHZREZOWNSSA6FWQO\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PolicyId\":\"ANPAIHZREZOWNSSA6FWQO\",\"UpdateDate\":\"2024-08-12T20:01:11Z\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy\",\"IsAttachable\":true,\"Path\":\"/aws-service-role/\",\"Tags\":null,\"AttachmentCount\":1,\"CreateDate\":\"2017-11-28T20:12:59Z\",\"DefaultVersionId\":\"v10\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"GuardDutyGetDescribeListPolicy\",\"Action\":[\"ec2:DescribeInstances\",\"ec2:DescribeImages\",\"ec2:DescribeVpcEndpoints\",\"ec2:DescribeSubnets\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeTransitGatewayAttachments\",\"organizations:ListAccounts\",\"organizations:DescribeAccount\",\"organizations:DescribeOrganization\",\"s3:GetBucketPublicAccessBlock\",\"s3:GetEncryptionConfiguration\",\"s3:GetBucketTagging\",\"s3:GetAccountPublicAccessBlock\",\"s3:ListAllMyBuckets\",\"s3:GetBucketAcl\",\"s3:GetBucketPolicy\",\"s3:GetBucketPolicyStatus\",\"lambda:GetFunctionConfiguration\",\"lambda:ListTags\",\"eks:ListClusters\",\"eks:DescribeCluster\",\"ec2:DescribeVpcEndpointServices\",\"ec2:DescribeVpcs\",\"ec2:DescribeSecurityGroups\",\"ecs:ListClusters\",\"ecs:DescribeClusters\"]},{\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"malware-protection.guardduty.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"GuardDutyCreateSLRPolicy\",\"Action\":\"iam:CreateServiceLinkedRole\"},{\"Sid\":\"GuardDutyCreateVpcEndpointPolicy\",\"Action\":\"ec2:CreateVpcEndpoint\",\"Condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyManaged\"},\"StringLike\":{\"ec2:VpceServiceName\":[\"com.amazonaws.*.guardduty-data\",\"com.amazonaws.*.guardduty-data-fips\"]}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\"},{\"Action\":[\"ec2:ModifyVpcEndpoint\",\"ec2:DeleteVpcEndpoints\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyManaged\":false}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\",\"Sid\":\"GuardDutyModifyDeleteVpcEndpointPolicy\"},{\"Sid\":\"GuardDutyCreateModifyVpcEndpointNetworkPolicy\",\"Action\":[\"ec2:CreateVpcEndpoint\",\"ec2:ModifyVpcEndpoint\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:vpc/*\",\"arn:aws:ec2:*:*:security-group/*\",\"arn:aws:ec2:*:*:subnet/*\"]},{\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\",\"Sid\":\"GuardDutyCreateTagsDuringVpcEndpointCreationPolicy\",\"Action\":\"ec2:CreateTags\",\"Condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyManaged\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateVpcEndpoint\"}},\"Effect\":\"Allow\"},{\"Action\":[\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:AuthorizeSecurityGroupEgress\",\"ec2:RevokeSecurityGroupIngress\",\"ec2:RevokeSecurityGroupEgress\",\"ec2:DeleteSecurityGroup\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyManaged\":false}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\",\"Sid\":\"GuardDutySecurityGroupManagementPolicy\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\",\"Sid\":\"GuardDutyCreateSecurityGroupPolicy\",\"Action\":\"ec2:CreateSecurityGroup\",\"Condition\":{\"StringLike\":{\"aws:RequestTag/GuardDutyManaged\":\"*\"}}},{\"Action\":\"ec2:CreateSecurityGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:vpc/*\",\"Sid\":\"GuardDutyCreateSecurityGroupForVpcPolicy\"},{\"Sid\":\"GuardDutyCreateTagsDuringSecurityGroupCreationPolicy\",\"Action\":\"ec2:CreateTags\",\"Condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyManaged\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateSecurityGroup\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":\"eks:CreateAddon\",\"Condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyManaged\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:eks:*:*:cluster/*\",\"Sid\":\"GuardDutyCreateEksAddonPolicy\"},{\"Action\":[\"eks:DeleteAddon\",\"eks:UpdateAddon\",\"eks:DescribeAddon\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:eks:*:*:addon/*/aws-guardduty-agent/*\",\"Sid\":\"GuardDutyEksAddonManagementPolicy\"},{\"Action\":\"eks:TagResource\",\"Condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyManaged\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:eks:*:*:cluster/*\",\"Sid\":\"GuardDutyEksClusterTagResourcePolicy\"},{\"Action\":\"ecs:PutAccountSettingDefault\",\"Condition\":{\"StringEquals\":{\"ecs:account-setting\":[\"guardDutyActivate\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"GuardDutyEcsPutAccountSettingsDefaultPolicy\"},{\"Condition\":{\"StringEquals\":{\"aws:ResourceTag/GuardDutyManaged\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:*:*:association/*\",\"Sid\":\"SsmCreateDescribeUpdateDeleteStartAssociationPermission\",\"Action\":[\"ssm:DescribeAssociation\",\"ssm:DeleteAssociation\",\"ssm:UpdateAssociation\",\"ssm:CreateAssociation\",\"ssm:StartAssociationsOnce\"]},{\"Sid\":\"SsmAddTagsToResourcePermission\",\"Action\":[\"ssm:AddTagsToResource\"],\"Condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"GuardDutyManaged\"]},\"StringEquals\":{\"aws:ResourceTag/GuardDutyManaged\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:*:*:association/*\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:*:*:document/AmazonGuardDuty-ConfigureRuntimeMonitoringSsmPlugin\",\"Sid\":\"SsmCreateUpdateAssociationInstanceDocumentPermission\",\"Action\":[\"ssm:CreateAssociation\",\"ssm:UpdateAssociation\"]},{\"Action\":\"ssm:SendCommand\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:instance/*\",\"arn:aws:ssm:*:*:document/AmazonGuardDuty-ConfigureRuntimeMonitoringSsmPlugin\"],\"Sid\":\"SsmSendCommandPermission\"},{\"Action\":\"ssm:GetCommandInvocation\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"SsmGetCommandStatus\"}],\"Version\":\"2012-10-17\"},\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AmazonGuardDutyServiceRolePolicy\",\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy\",\"ANPAIHZREZOWNSSA6FWQO\"],\"name\":\"AmazonGuardDutyServiceRolePolicy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess\",\"ANPAJN23PDQP7SZQAE3QE\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"Path\":\"/\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudWatchReadOnlyAccessPermissions\",\"Action\":[\"application-autoscaling:DescribeScalingPolicies\",\"application-signals:BatchGet*\",\"application-signals:Get*\",\"application-signals:List*\",\"autoscaling:Describe*\",\"cloudwatch:BatchGet*\",\"cloudwatch:Describe*\",\"cloudwatch:GenerateQuery\",\"cloudwatch:Get*\",\"cloudwatch:List*\",\"logs:Get*\",\"logs:List*\",\"logs:StartQuery\",\"logs:StopQuery\",\"logs:Describe*\",\"logs:TestMetricFilter\",\"logs:FilterLogEvents\",\"logs:StartLiveTail\",\"logs:StopLiveTail\",\"oam:ListSinks\",\"sns:Get*\",\"sns:List*\",\"rum:BatchGet*\",\"rum:Get*\",\"rum:List*\",\"synthetics:Describe*\",\"synthetics:Get*\",\"synthetics:List*\",\"xray:BatchGet*\",\"xray:Get*\"]},{\"Action\":[\"oam:ListAttachedLinks\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:oam:*:*:sink/*\",\"Sid\":\"OAMReadPermissions\"},{\"Action\":\"iam:GetRole\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals\",\"Sid\":\"CloudWatchReadOnlyGetRolePermissions\"}]},\"CreateDate\":\"2015-02-06T18:40:01Z\",\"DefaultVersionId\":\"v9\",\"Arn\":\"arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess\",\"AttachmentCount\":1,\"UpdateDate\":\"2024-05-17T22:17:51Z\",\"roles\":null,\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"PolicyId\":\"ANPAJN23PDQP7SZQAE3QE\",\"PolicyName\":\"CloudWatchReadOnlyAccess\"},\"id\":[\"arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess\",\"ANPAJN23PDQP7SZQAE3QE\"],\"name\":\"CloudWatchReadOnlyAccess\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"CloudWatchReadOnlyAccessPermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"OAMReadPermissions\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:oam:*:*:sink/*\"]},{\"version\":\"2012-10-17\",\"id\":\"CloudWatchReadOnlyGetRolePermissions\",\"effect\":\"Allow\",\"action\":[\"iam:GetRole\"],\"resource\":[\"arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonRDSFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/AmazonRDSFullAccess\",\"ANPAI3R4QMOG6Q5A4VWVG\"],\"name\":\"AmazonRDSFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/AmazonRDSFullAccess\",\"CreateDate\":\"2015-02-06T18:40:52Z\",\"DefaultVersionId\":\"v14\",\"IsAttachable\":true,\"Description\":null,\"Path\":\"/\",\"PolicyId\":\"ANPAI3R4QMOG6Q5A4VWVG\",\"roles\":null,\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"UpdateDate\":\"2023-08-17T23:00:17Z\",\"AttachmentCount\":1,\"PolicyName\":\"AmazonRDSFullAccess\",\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Action\":[\"rds:*\",\"application-autoscaling:DeleteScalingPolicy\",\"application-autoscaling:DeregisterScalableTarget\",\"application-autoscaling:DescribeScalableTargets\",\"application-autoscaling:DescribeScalingActivities\",\"application-autoscaling:DescribeScalingPolicies\",\"application-autoscaling:PutScalingPolicy\",\"application-autoscaling:RegisterScalableTarget\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:GetMetricStatistics\",\"cloudwatch:PutMetricAlarm\",\"cloudwatch:DeleteAlarms\",\"cloudwatch:ListMetrics\",\"cloudwatch:GetMetricData\",\"ec2:DescribeAccountAttributes\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeCoipPools\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeLocalGatewayRouteTablePermissions\",\"ec2:DescribeLocalGatewayRouteTables\",\"ec2:DescribeLocalGatewayRouteTableVpcAssociations\",\"ec2:DescribeLocalGateways\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeVpcAttribute\",\"ec2:DescribeVpcs\",\"ec2:GetCoipPoolUsage\",\"sns:ListSubscriptions\",\"sns:ListTopics\",\"sns:Publish\",\"logs:DescribeLogStreams\",\"logs:GetLogEvents\",\"outposts:GetOutpostInstanceTypes\",\"devops-guru:GetResourceCollection\"],\"Effect\":\"Allow\"},{\"Resource\":[\"arn:aws:pi:*:*:metrics/rds/*\",\"arn:aws:pi:*:*:perf-reports/rds/*\"],\"Action\":\"pi:*\",\"Effect\":\"Allow\"},{\"Resource\":\"*\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringLike\":{\"iam:AWSServiceName\":[\"rds.amazonaws.com\",\"rds.application-autoscaling.amazonaws.com\"]}},\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"devops-guru:SearchInsights\",\"devops-guru:ListAnomaliesForInsight\"],\"Condition\":{\"ForAllValues:StringEquals\":{\"devops-guru:ServiceNames\":[\"RDS\"]},\"Null\":{\"devops-guru:ServiceNames\":\"false\"}}}],\"Version\":\"2012-10-17\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"pi:*\"]},{\"condition\":{\"StringLike\":{\"iam:AWSServiceName\":[\"rds.amazonaws.com\",\"rds.application-autoscaling.amazonaws.com\"]}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"ForAllValues:StringEquals\":{\"devops-guru:ServiceNames\":[\"RDS\"]},\"Null\":{\"devops-guru:ServiceNames\":\"false\"}}}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonRDSFullAccess\",\"ANPAI3R4QMOG6Q5A4VWVG\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"TrustedAdvisorServiceRolePermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy\",\"ANPAJH4QJ2WMHBOB47BUE\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"DefaultVersionId\":\"v14\",\"IsAttachable\":true,\"PolicyName\":\"AWSTrustedAdvisorServiceRolePolicy\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy\",\"AttachmentCount\":1,\"document\":{\"Statement\":[{\"Action\":[\"access-analyzer:ListAnalyzers\",\"autoscaling:DescribeAccountLimits\",\"autoscaling:DescribeAutoScalingGroups\",\"autoscaling:DescribeLaunchConfigurations\",\"ce:GetReservationPurchaseRecommendation\",\"ce:GetSavingsPlansPurchaseRecommendation\",\"cloudformation:DescribeAccountLimits\",\"cloudformation:DescribeStacks\",\"cloudformation:ListStacks\",\"cloudfront:ListDistributions\",\"cloudtrail:DescribeTrails\",\"cloudtrail:GetTrailStatus\",\"cloudtrail:GetTrail\",\"cloudtrail:ListTrails\",\"cloudtrail:GetEventSelectors\",\"cloudwatch:GetMetricStatistics\",\"cloudwatch:ListMetrics\",\"dax:DescribeClusters\",\"dynamodb:DescribeLimits\",\"dynamodb:DescribeTable\",\"dynamodb:ListTables\",\"ec2:DescribeAddresses\",\"ec2:DescribeReservedInstances\",\"ec2:DescribeInstances\",\"ec2:DescribeVpcs\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeImages\",\"ec2:DescribeNatGateways\",\"ec2:DescribeVolumes\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeRegions\",\"ec2:DescribeReservedInstancesOfferings\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSnapshots\",\"ec2:DescribeVpcEndpoints\",\"ec2:DescribeVpnConnections\",\"ec2:DescribeVpnGateways\",\"ec2:DescribeLaunchTemplateVersions\",\"ec2:GetManagedPrefixListEntries\",\"ecs:DescribeTaskDefinition\",\"ecs:ListTaskDefinitions\",\"elasticloadbalancing:DescribeAccountLimits\",\"elasticloadbalancing:DescribeInstanceHealth\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeLoadBalancerPolicies\",\"elasticloadbalancing:DescribeLoadBalancerPolicyTypes\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetHealth\",\"iam:GenerateCredentialReport\",\"iam:GetAccountPasswordPolicy\",\"iam:GetAccountSummary\",\"iam:GetCredentialReport\",\"iam:GetServerCertificate\",\"iam:ListServerCertificates\",\"iam:ListSAMLProviders\",\"kinesis:DescribeLimits\",\"kafka:DescribeClusterV2\",\"kafka:ListClustersV2\",\"kafka:ListNodes\",\"network-firewall:ListFirewalls\",\"network-firewall:DescribeFirewall\",\"outposts:ListAssets\",\"outposts:GetOutpost\",\"outposts:ListOutposts\",\"rds:DescribeAccountAttributes\",\"rds:DescribeDBClusters\",\"rds:DescribeDBEngineVersions\",\"rds:DescribeDBInstances\",\"rds:DescribeDBParameterGroups\",\"rds:DescribeDBParameters\",\"rds:DescribeDBSecurityGroups\",\"rds:DescribeDBSnapshots\",\"rds:DescribeDBSubnetGroups\",\"rds:DescribeEngineDefaultParameters\",\"rds:DescribeEvents\",\"rds:DescribeOptionGroupOptions\",\"rds:DescribeOptionGroups\",\"rds:DescribeOrderableDBInstanceOptions\",\"rds:DescribeReservedDBInstances\",\"rds:DescribeReservedDBInstancesOfferings\",\"rds:ListTagsForResource\",\"redshift:DescribeClusters\",\"redshift:DescribeReservedNodeOfferings\",\"redshift:DescribeReservedNodes\",\"route53:GetAccountLimit\",\"route53:GetHealthCheck\",\"route53:GetHostedZone\",\"route53:ListHealthChecks\",\"route53:ListHostedZones\",\"route53:ListHostedZonesByName\",\"route53:ListResourceRecordSets\",\"route53resolver:ListResolverEndpoints\",\"route53resolver:ListResolverEndpointIpAddresses\",\"s3:GetAccountPublicAccessBlock\",\"s3:GetBucketAcl\",\"s3:GetBucketPolicy\",\"s3:GetBucketPolicyStatus\",\"s3:GetBucketLocation\",\"s3:GetBucketLogging\",\"s3:GetBucketVersioning\",\"s3:GetBucketPublicAccessBlock\",\"s3:GetLifecycleConfiguration\",\"s3:ListBucket\",\"s3:ListAllMyBuckets\",\"ses:GetSendQuota\",\"sqs:GetQueueAttributes\",\"sqs:ListQueues\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"TrustedAdvisorServiceRolePermissions\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Path\":\"/aws-service-role/\",\"PolicyId\":\"ANPAJH4QJ2WMHBOB47BUE\",\"CreateDate\":\"2018-02-22T21:24:25Z\",\"Tags\":null,\"UpdateDate\":\"2024-10-30T16:52:06Z\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy\",\"ANPAJH4QJ2WMHBOB47BUE\"],\"name\":\"AWSTrustedAdvisorServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Deny\",\"condition\":{\"StringNotEquals\":{\"ec2:InstanceMarketType\":\"spot\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\",\"ec2.amazonaws.com.cn\"]}}},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"RunInstances\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy\",\"ANPAIZJJBQNXQYVKTEXGM\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"CreateDate\":\"2017-09-18T18:51:54Z\",\"DefaultVersionId\":\"v4\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAIZJJBQNXQYVKTEXGM\",\"UpdateDate\":\"2018-12-12T00:13:51Z\",\"roles\":null,\"AttachmentCount\":1,\"IsAttachable\":true,\"Path\":\"/aws-service-role/\",\"PolicyName\":\"AWSEC2SpotServiceRolePolicy\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"ec2:DescribeInstances\",\"ec2:StartInstances\",\"ec2:StopInstances\",\"ec2:RunInstances\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"ec2:RunInstances\"],\"Condition\":{\"StringNotEquals\":{\"ec2:InstanceMarketType\":\"spot\"}},\"Effect\":\"Deny\",\"Resource\":[\"arn:aws:ec2:*:*:instance/*\"]},{\"Action\":[\"iam:PassRole\"],\"Condition\":{\"StringEquals\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\",\"ec2.amazonaws.com.cn\"]}},\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"ec2:CreateTags\"],\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"RunInstances\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy\",\"Description\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy\",\"ANPAIZJJBQNXQYVKTEXGM\"],\"name\":\"AWSEC2SpotServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"resource\":[\"arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"acm.amazonaws.com\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess\",\"ANPAJYCHABBP6VQIVBCBQ\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"raw\":{\"Path\":\"/\",\"PolicyId\":\"ANPAJYCHABBP6VQIVBCBQ\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AWSCertificateManagerFullAccess\",\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess\",\"CreateDate\":\"2016-01-21T17:02:36Z\",\"DefaultVersionId\":\"v2\",\"Description\":null,\"Tags\":null,\"UpdateDate\":\"2020-08-17T22:18:28Z\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"acm:*\"]},{\"Resource\":\"arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"acm.amazonaws.com\"}},\"Effect\":\"Allow\"},{\"Action\":[\"iam:DeleteServiceLinkedRole\",\"iam:GetServiceLinkedRoleDeletionStatus\",\"iam:GetRole\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"IsAttachable\":true},\"id\":[\"arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess\",\"ANPAJYCHABBP6VQIVBCBQ\"],\"name\":\"AWSCertificateManagerFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess\",\"ANPAIILJPXXA6F7GYLYBS\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"CloudWatchEventsReadOnlyAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess\",\"roles\":null,\"DefaultVersionId\":\"v3\",\"AttachmentCount\":1,\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"CloudWatchEventsReadOnlyAccess\",\"Tags\":null,\"UpdateDate\":\"2022-12-01T16:29:31Z\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"events:DescribeRule\",\"events:DescribeEventBus\",\"events:DescribeEventSource\",\"events:ListEventBuses\",\"events:ListEventSources\",\"events:ListRuleNamesByTarget\",\"events:ListRules\",\"events:ListTargetsByRule\",\"events:TestEventPattern\",\"events:DescribeArchive\",\"events:ListArchives\",\"events:DescribeReplay\",\"events:ListReplays\",\"events:DescribeConnection\",\"events:ListConnections\",\"events:DescribeApiDestination\",\"events:ListApiDestinations\",\"events:DescribeEndpoint\",\"events:ListEndpoints\",\"schemas:DescribeCodeBinding\",\"schemas:DescribeDiscoverer\",\"schemas:DescribeRegistry\",\"schemas:DescribeSchema\",\"schemas:ExportSchema\",\"schemas:GetCodeBindingSource\",\"schemas:GetDiscoveredSchema\",\"schemas:GetResourcePolicy\",\"schemas:ListDiscoverers\",\"schemas:ListRegistries\",\"schemas:ListSchemas\",\"schemas:ListSchemaVersions\",\"schemas:ListTagsForResource\",\"schemas:SearchSchemas\",\"scheduler:GetSchedule\",\"scheduler:GetScheduleGroup\",\"scheduler:ListSchedules\",\"scheduler:ListScheduleGroups\",\"scheduler:ListTagsForResource\",\"pipes:DescribePipe\",\"pipes:ListPipes\",\"pipes:ListTagsForResource\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}]},\"CreateDate\":\"2016-01-14T18:27:18Z\",\"IsAttachable\":true,\"Path\":\"/\",\"PolicyId\":\"ANPAIILJPXXA6F7GYLYBS\"},\"id\":[\"arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess\",\"ANPAIILJPXXA6F7GYLYBS\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"SecurityHubServiceRolePermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*\"],\"version\":\"2012-10-17\",\"id\":\"SecurityHubServiceRoleConfigPermissions\"},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"organizations:ServicePrincipal\":[\"securityhub.amazonaws.com\"]}},\"version\":\"2012-10-17\",\"id\":\"SecurityHubServiceRoleOrganizationsPermissions\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy\",\"ANPAJQPCESDDYDLLSOGYO\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy\",\"AttachmentCount\":1,\"PolicyId\":\"ANPAJQPCESDDYDLLSOGYO\",\"Tags\":null,\"roles\":null,\"CreateDate\":\"2018-11-27T23:47:51Z\",\"DefaultVersionId\":\"v14\",\"Path\":\"/aws-service-role/\",\"UpdateDate\":\"2023-11-27T03:46:47Z\",\"Description\":null,\"IsAttachable\":true,\"document\":{\"Statement\":[{\"Action\":[\"cloudtrail:DescribeTrails\",\"cloudtrail:GetTrailStatus\",\"cloudtrail:GetEventSelectors\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:DescribeAlarmsForMetric\",\"logs:DescribeMetricFilters\",\"sns:ListSubscriptionsByTopic\",\"config:DescribeConfigurationRecorders\",\"config:DescribeConfigurationRecorderStatus\",\"config:DescribeConfigRules\",\"config:DescribeConfigRuleEvaluationStatus\",\"config:BatchGetResourceConfig\",\"config:SelectResourceConfig\",\"iam:GenerateCredentialReport\",\"organizations:ListAccounts\",\"config:PutEvaluations\",\"tag:GetResources\",\"iam:GetCredentialReport\",\"organizations:DescribeAccount\",\"organizations:DescribeOrganization\",\"organizations:ListChildren\",\"organizations:ListAWSServiceAccessForOrganization\",\"organizations:DescribeOrganizationalUnit\",\"securityhub:BatchDisableStandards\",\"securityhub:BatchEnableStandards\",\"securityhub:BatchUpdateStandardsControlAssociations\",\"securityhub:BatchGetSecurityControls\",\"securityhub:BatchGetStandardsControlAssociations\",\"securityhub:CreateMembers\",\"securityhub:DeleteMembers\",\"securityhub:DescribeHub\",\"securityhub:DescribeOrganizationConfiguration\",\"securityhub:DescribeStandards\",\"securityhub:DescribeStandardsControls\",\"securityhub:DisassociateFromAdministratorAccount\",\"securityhub:DisassociateMembers\",\"securityhub:DisableSecurityHub\",\"securityhub:EnableSecurityHub\",\"securityhub:GetEnabledStandards\",\"securityhub:ListStandardsControlAssociations\",\"securityhub:ListSecurityControlDefinitions\",\"securityhub:UpdateOrganizationConfiguration\",\"securityhub:UpdateSecurityControl\",\"securityhub:UpdateSecurityHubConfiguration\",\"securityhub:UpdateStandardsControl\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"SecurityHubServiceRolePermissions\"},{\"Action\":[\"config:PutConfigRule\",\"config:DeleteConfigRule\",\"config:GetComplianceDetailsByConfigRule\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*\",\"Sid\":\"SecurityHubServiceRoleConfigPermissions\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"SecurityHubServiceRoleOrganizationsPermissions\",\"Action\":[\"organizations:ListDelegatedAdministrators\"],\"Condition\":{\"StringEquals\":{\"organizations:ServicePrincipal\":[\"securityhub.amazonaws.com\"]}}}],\"Version\":\"2012-10-17\"},\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AWSSecurityHubServiceRolePolicy\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy\",\"ANPAJQPCESDDYDLLSOGYO\"],\"name\":\"AWSSecurityHubServiceRolePolicy\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/IAMFullAccess\",\"ANPAI7XKCFMBPM3QQRRVQ\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/IAMFullAccess\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/IAMFullAccess\",\"Description\":null,\"IsAttachable\":true,\"UpdateDate\":\"2019-06-21T19:40:00Z\",\"CreateDate\":\"2015-02-06T18:40:38Z\",\"PolicyName\":\"IAMFullAccess\",\"document\":{\"Statement\":[{\"Action\":[\"iam:*\",\"organizations:DescribeAccount\",\"organizations:DescribeOrganization\",\"organizations:DescribeOrganizationalUnit\",\"organizations:DescribePolicy\",\"organizations:ListChildren\",\"organizations:ListParents\",\"organizations:ListPoliciesForTarget\",\"organizations:ListRoots\",\"organizations:ListPolicies\",\"organizations:ListTargetsForPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"DefaultVersionId\":\"v2\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"AttachmentCount\":7,\"PolicyId\":\"ANPAI7XKCFMBPM3QQRRVQ\"},\"id\":[\"arn:aws:iam::aws:policy/IAMFullAccess\",\"ANPAI7XKCFMBPM3QQRRVQ\"],\"name\":\"IAMFullAccess\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AdministratorAccess\",\"ANPAIWMBCKSKIEE64ZLYK\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"entity.metadata\":{\"arn:aws:iam::aws:policy/AdministratorAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AdministratorAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":15,\"Description\":null,\"PolicyName\":\"AdministratorAccess\",\"roles\":null,\"CreateDate\":\"2015-02-06T18:39:46Z\",\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAIWMBCKSKIEE64ZLYK\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/AdministratorAccess\",\"Path\":\"/\",\"UpdateDate\":\"2015-02-06T18:39:46Z\"},\"id\":[\"arn:aws:iam::aws:policy/AdministratorAccess\",\"ANPAIWMBCKSKIEE64ZLYK\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AWSSupportAPIGatewayAccess\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSSupportDeleteRoleAccess\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"AWSSupportActions\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy\",\"ANPAJ7W6266ELXF5MISDS\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"document\":{\"Statement\":[{\"Action\":[\"apigateway:GET\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:apigateway:*::/account\",\"arn:aws:apigateway:*::/apis\",\"arn:aws:apigateway:*::/apis/*\",\"arn:aws:apigateway:*::/apis/*/authorizers\",\"arn:aws:apigateway:*::/apis/*/authorizers/*\",\"arn:aws:apigateway:*::/apis/*/deployments\",\"arn:aws:apigateway:*::/apis/*/deployments/*\",\"arn:aws:apigateway:*::/apis/*/integrations\",\"arn:aws:apigateway:*::/apis/*/integrations/*\",\"arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses\",\"arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*\",\"arn:aws:apigateway:*::/apis/*/models\",\"arn:aws:apigateway:*::/apis/*/models/*\",\"arn:aws:apigateway:*::/apis/*/routes\",\"arn:aws:apigateway:*::/apis/*/routes/*\",\"arn:aws:apigateway:*::/apis/*/routes/*/routeresponses\",\"arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*\",\"arn:aws:apigateway:*::/apis/*/stages\",\"arn:aws:apigateway:*::/apis/*/stages/*\",\"arn:aws:apigateway:*::/clientcertificates\",\"arn:aws:apigateway:*::/clientcertificates/*\",\"arn:aws:apigateway:*::/domainnames\",\"arn:aws:apigateway:*::/domainnames/*\",\"arn:aws:apigateway:*::/domainnames/*/apimappings\",\"arn:aws:apigateway:*::/domainnames/*/apimappings/*\",\"arn:aws:apigateway:*::/domainnames/*/basepathmappings\",\"arn:aws:apigateway:*::/domainnames/*/basepathmappings/*\",\"arn:aws:apigateway:*::/restapis\",\"arn:aws:apigateway:*::/restapis/*\",\"arn:aws:apigateway:*::/restapis/*/authorizers\",\"arn:aws:apigateway:*::/restapis/*/authorizers/*\",\"arn:aws:apigateway:*::/restapis/*/deployments\",\"arn:aws:apigateway:*::/restapis/*/deployments/*\",\"arn:aws:apigateway:*::/restapis/*/models\",\"arn:aws:apigateway:*::/restapis/*/models/*\",\"arn:aws:apigateway:*::/restapis/*/models/*/default_template\",\"arn:aws:apigateway:*::/restapis/*/resources\",\"arn:aws:apigateway:*::/restapis/*/resources/*\",\"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*\",\"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*\",\"arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*\",\"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*\",\"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration\",\"arn:aws:apigateway:*::/restapis/*/stages\",\"arn:aws:apigateway:*::/restapis/*/stages/*\",\"arn:aws:apigateway:*::/usageplans\",\"arn:aws:apigateway:*::/usageplans/*\",\"arn:aws:apigateway:*::/vpclinks\",\"arn:aws:apigateway:*::/vpclinks/*\"],\"Sid\":\"AWSSupportAPIGatewayAccess\"},{\"Action\":[\"iam:DeleteRole\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport\"],\"Sid\":\"AWSSupportDeleteRoleAccess\"},{\"Action\":[\"access-analyzer:getAccessPreview\",\"access-analyzer:getAnalyzedResource\",\"access-analyzer:getAnalyzer\",\"access-analyzer:getArchiveRule\",\"access-analyzer:getFinding\",\"access-analyzer:getGeneratedPolicy\",\"access-analyzer:listAccessPreviewFindings\",\"access-analyzer:listAccessPreviews\",\"access-analyzer:listAnalyzedResources\",\"access-analyzer:listAnalyzers\",\"access-analyzer:listArchiveRules\",\"access-analyzer:listFindings\",\"access-analyzer:listPolicyGenerations\",\"account:getRegionOptStatus\",\"account:listRegions\",\"acm-pca:describeCertificateAuthority\",\"acm-pca:describeCertificateAuthorityAuditReport\",\"acm-pca:getCertificate\",\"acm-pca:getCertificateAuthorityCertificate\",\"acm-pca:getCertificateAuthorityCsr\",\"acm-pca:listCertificateAuthorities\",\"acm-pca:listTags\",\"acm:describeCertificate\",\"acm:getAccountConfiguration\",\"acm:getCertificate\",\"acm:listCertificates\",\"acm:listTagsForCertificate\",\"airflow:getEnvironment\",\"airflow:listEnvironments\",\"airflow:listTagsForResource\",\"amplify:getApp\",\"amplify:getBackendEnvironment\",\"amplify:getBranch\",\"amplify:getDomainAssociation\",\"amplify:getJob\",\"amplify:getWebhook\",\"amplify:listApps\",\"amplify:listBackendEnvironments\",\"amplify:listBranches\",\"amplify:listDomainAssociations\",\"amplify:listWebhooks\",\"amplifyuibuilder:exportComponents\",\"amplifyuibuilder:exportThemes\",\"aoss:batchGetCollection\",\"aoss:batchGetEffectiveLifecyclePolicy\",\"aoss:batchGetLifecyclePolicy\",\"aoss:batchGetVpcEndpoint\",\"aoss:getAccessPolicy\",\"aoss:getAccountSettings\",\"aoss:getPoliciesStats\",\"aoss:getSecurityConfig\",\"aoss:getSecurityPolicy\",\"aoss:listAccessPolicies\",\"aoss:listCollections\",\"aoss:listLifecyclePolicies\",\"aoss:listSecurityConfigs\",\"aoss:listSecurityPolicies\",\"aoss:listTagsForResource\",\"aoss:listVpcEndpoints\",\"appconfig:getApplication\",\"appconfig:getConfigurationProfile\",\"appconfig:getDeployment\",\"appconfig:getDeploymentStrategy\",\"appconfig:getEnvironment\",\"appconfig:getExtension\",\"appconfig:getExtensionAssociation\",\"appconfig:listApplications\",\"appconfig:listConfigurationProfiles\",\"appconfig:listDeployments\",\"appconfig:listDeploymentStrategies\",\"appconfig:listEnvironments\",\"appconfig:listExtensionAssociations\",\"appconfig:listHostedConfigurationVersions\",\"appconfig:listExtensions\",\"appflow:describeConnectorEntity\",\"appflow:describeConnectorProfiles\",\"appflow:describeConnectors\",\"appflow:describeFlow\",\"appflow:describeFlowExecutionRecords\",\"appflow:listConnectorEntities\",\"appflow:listFlows\",\"application-autoscaling:describeScalableTargets\",\"application-autoscaling:describeScalingActivities\",\"application-autoscaling:describeScalingPolicies\",\"application-autoscaling:describeScheduledActions\",\"applicationinsights:describeApplication\",\"applicationinsights:describeComponent\",\"applicationinsights:describeComponentConfiguration\",\"applicationinsights:describeComponentConfigurationRecommendation\",\"applicationinsights:describeLogPattern\",\"applicationinsights:describeObservation\",\"applicationinsights:describeProblem\",\"applicationinsights:describeProblemObservations\",\"applicationinsights:listApplications\",\"applicationinsights:listComponents\",\"applicationinsights:listConfigurationHistory\",\"applicationinsights:listLogPatterns\",\"applicationinsights:listLogPatternSets\",\"applicationinsights:listProblems\",\"appmesh:describeGatewayRoute\",\"appmesh:describeMesh\",\"appmesh:describeRoute\",\"appmesh:describeVirtualGateway\",\"appmesh:describeVirtualNode\",\"appmesh:describeVirtualRouter\",\"appmesh:describeVirtualService\",\"appmesh:listGatewayRoutes\",\"appmesh:listMeshes\",\"appmesh:listRoutes\",\"appmesh:listTagsForResource\",\"appmesh:listVirtualGateways\",\"appmesh:listVirtualNodes\",\"appmesh:listVirtualRouters\",\"appmesh:listVirtualServices\",\"apprunner:describeAutoScalingConfiguration\",\"apprunner:describeCustomDomains\",\"apprunner:describeOperation\",\"apprunner:describeService\",\"apprunner:listAutoScalingConfigurations\",\"apprunner:listConnections\",\"apprunner:listOperations\",\"apprunner:listServices\",\"application-signals:getServiceLevelObjective\",\"application-signals:getService\",\"application-signals:listServiceDependencies\",\"application-signals:listServiceDependents\",\"application-signals:listServiceLevelObjectives\",\"application-signals:listServiceOperations\",\"application-signals:listServices\",\"apprunner:listTagsForResource\",\"appstream:describeAppBlockBuilderAppBlockAssociations\",\"appstream:describeAppBlockBuilders\",\"appstream:describeAppBlocks\",\"appstream:describeApplicationFleetAssociations\",\"appstream:describeApplications\",\"appstream:describeDirectoryConfigs\",\"appstream:describeEntitlements\",\"appstream:describeFleets\",\"appstream:describeImageBuilders\",\"appstream:describeImagePermissions\",\"appstream:describeImages\",\"appstream:describeSessions\",\"appstream:describeStacks\",\"appstream:describeUsageReportSubscriptions\",\"appstream:describeUsers\",\"appstream:describeUserStackAssociations\",\"appstream:listAssociatedFleets\",\"appstream:listAssociatedStacks\",\"appstream:listEntitledApplications\",\"appstream:listTagsForResource\",\"appsync:getApiAssociation\",\"appsync:getApiCache\",\"appsync:getDomainName\",\"appsync:getFunction\",\"appsync:getGraphqlApi\",\"appsync:getIntrospectionSchema\",\"appsync:getResolver\",\"appsync:getSchemaCreationStatus\",\"appsync:getSourceApiAssociation\",\"appsync:getType\",\"appsync:listDataSources\",\"appsync:listDomainNames\",\"appsync:listFunctions\",\"appsync:listGraphqlApis\",\"appsync:listResolvers\",\"appsync:listResolversByFunction\",\"appsync:listSourceApiAssociations\",\"appsync:listTypes\",\"appsync:listTypesByAssociation\",\"aps:describeAlertManagerDefinition\",\"aps:describeRuleGroupsNamespace\",\"aps:describeScraper\",\"aps:describeWorkspace\",\"aps:listRuleGroupsNamespaces\",\"aps:listScrapers\",\"aps:listWorkspaces\",\"athena:batchGetNamedQuery\",\"athena:batchGetQueryExecution\",\"athena:getCalculationExecution\",\"athena:getCalculationExecutionStatus\",\"athena:getDataCatalog\",\"athena:getNamedQuery\",\"athena:getNotebookMetadata\",\"athena:getQueryExecution\",\"athena:getQueryRuntimeStatistics\",\"athena:getSession\",\"athena:getSessionStatus\",\"athena:getWorkGroup\",\"athena:listApplicationDPUSizes\",\"athena:listCalculationExecutions\",\"athena:listDataCatalogs\",\"athena:listEngineVersions\",\"athena:listExecutors\",\"athena:listNamedQueries\",\"athena:listNotebookMetadata\",\"athena:listNotebookSessions\",\"athena:listQueryExecutions\",\"athena:listSessions\",\"athena:listTagsForResource\",\"athena:listWorkGroups\",\"athena:getCapacityAssignmentConfiguration\",\"athena:getCapacityReservation\",\"athena:listCapacityReservations\",\"auditmanager:getAccountStatus\",\"auditmanager:getDelegations\",\"auditmanager:listAssessmentFrameworks\",\"auditmanager:listAssessmentReports\",\"auditmanager:listAssessments\",\"auditmanager:listControls\",\"auditmanager:listKeywordsForDataSource\",\"auditmanager:listNotifications\",\"autoscaling-plans:describeScalingPlanResources\",\"autoscaling-plans:describeScalingPlans\",\"autoscaling-plans:getScalingPlanResourceForecastData\",\"autoscaling:describeAccountLimits\",\"autoscaling:describeAdjustmentTypes\",\"autoscaling:describeAutoScalingGroups\",\"autoscaling:describeAutoScalingInstances\",\"autoscaling:describeAutoScalingNotificationTypes\",\"autoscaling:describeInstanceRefreshes\",\"autoscaling:describeLaunchConfigurations\",\"autoscaling:describeLifecycleHooks\",\"autoscaling:describeLifecycleHookTypes\",\"autoscaling:describeLoadBalancers\",\"autoscaling:describeLoadBalancerTargetGroups\",\"autoscaling:describeMetricCollectionTypes\",\"autoscaling:describeNotificationConfigurations\",\"autoscaling:describePolicies\",\"autoscaling:describeScalingActivities\",\"autoscaling:describeScalingProcessTypes\",\"autoscaling:describeScheduledActions\",\"autoscaling:describeTrafficSources\",\"autoscaling:describeTags\",\"autoscaling:describeTerminationPolicyTypes\",\"autoscaling:describeWarmPool\",\"backup:describeBackupJob\",\"backup:describeBackupVault\",\"backup:describeCopyJob\",\"backup:describeFramework\",\"backup:describeGlobalSettings\",\"backup:describeProtectedResource\",\"backup:describeRecoveryPoint\",\"backup:describeRegionSettings\",\"backup:describeReportJob\",\"backup:describeReportPlan\",\"backup:describeRestoreJob\",\"backup:getBackupPlan\",\"backup:getBackupPlanFromJSON\",\"backup:getBackupPlanFromTemplate\",\"backup:getBackupSelection\",\"backup:getBackupVaultAccessPolicy\",\"backup:getBackupVaultNotifications\",\"backup:getLegalHold\",\"backup:getRecoveryPointRestoreMetadata\",\"backup:getRestoreJobMetadata\",\"backup:getRestoreTestingInferredMetadata\",\"backup:getRestoreTestingPlan\",\"backup:getRestoreTestingSelection\",\"backup:getSupportedResourceTypes\",\"backup:listBackupJobs\",\"backup:listBackupPlans\",\"backup:listBackupPlanTemplates\",\"backup:listBackupPlanVersions\",\"backup:listBackupSelections\",\"backup:listBackupVaults\",\"backup:listCopyJobs\",\"backup:listFrameworks\",\"backup:listLegalHolds\",\"backup:listProtectedResources\",\"backup:listRecoveryPointsByBackupVault\",\"backup:listRecoveryPointsByLegalHold\",\"backup:listRecoveryPointsByResource\",\"backup:listReportJobs\",\"backup:listReportPlans\",\"backup:listRestoreJobs\",\"backup:listRestoreJobsByProtectedResource\",\"backup:listRestoreTestingPlans\",\"backup:listRestoreTestingSelections\",\"backup:listTags\",\"backup-gateway:getGateway\",\"backup-gateway:getHypervisor\",\"backup-gateway:getHypervisorPropertyMappings\",\"backup-gateway:getVirtualMachine\",\"backup-gateway:listGateways\",\"backup-gateway:listHypervisors\",\"backup-gateway:listVirtualMachines\",\"batch:describeComputeEnvironments\",\"batch:describeJobDefinitions\",\"batch:describeJobQueues\",\"batch:describeJobs\",\"batch:listJobs\",\"bedrock:getAgent\",\"bedrock:getAgentActionGroup\",\"bedrock:getAgentAlias\",\"bedrock:getAgentKnowledgeBase\",\"bedrock:getAgentVersion\",\"bedrock:getCustomModel\",\"bedrock:getDataSource\",\"bedrock:getIngestionJob\",\"bedrock:getKnowledgeBase\",\"bedrock:getModelCustomizationJob\",\"bedrock:getModelInvocationLoggingConfiguration\",\"bedrock:listAgentActionGroups\",\"bedrock:listAgentAliases\",\"bedrock:listAgentKnowledgeBases\",\"bedrock:listAgents\",\"bedrock:listAgentVersions\",\"bedrock:listCustomModels\",\"bedrock:listDataSources\",\"bedrock:listIngestionJobs\",\"bedrock:listKnowledgeBases\",\"bedrock:listModelCustomizationJobs\",\"bedrock:listProvisionedModelThroughputs\",\"braket:getDevice\",\"braket:getQuantumTask\",\"braket:searchDevices\",\"braket:searchQuantumTasks\",\"budgets:viewBudget\",\"ce:getCostAndUsage\",\"ce:getCostAndUsageWithResources\",\"ce:getCostForecast\",\"ce:getDimensionValues\",\"ce:getReservationCoverage\",\"ce:getReservationPurchaseRecommendation\",\"ce:getReservationUtilization\",\"ce:getRightsizingRecommendation\",\"ce:getSavingsPlansCoverage\",\"ce:getSavingsPlansPurchaseRecommendation\",\"ce:getSavingsPlansUtilization\",\"ce:getSavingsPlansUtilizationDetails\",\"ce:getTags\",\"chime:describeAppInstance\",\"chime:getAttendee\",\"chime:getGlobalSettings\",\"chime:getMediaCapturePipeline\",\"chime:getMediaPipeline\",\"chime:getMeeting\",\"chime:getProxySession\",\"chime:getSipMediaApplication\",\"chime:getSipRule\",\"chime:getVoiceConnector\",\"chime:getVoiceConnectorGroup\",\"chime:getVoiceConnectorLoggingConfiguration\",\"chime:listAppInstances\",\"chime:listAttendees\",\"chime:listChannelBans\",\"chime:listChannels\",\"chime:listChannelsModeratedByAppInstanceUser\",\"chime:listMediaCapturePipelines\",\"chime:listMediaPipelines\",\"chime:listMeetings\",\"chime:listSipMediaApplications\",\"chime:listSipRules\",\"chime:listVoiceConnectorGroups\",\"chime:listVoiceConnectors\",\"cleanrooms:batchGetCollaborationAnalysisTemplate\",\"cleanrooms:batchGetSchema\",\"cleanrooms:getAnalysisTemplate\",\"cleanrooms:getCollaboration\",\"cleanrooms:getCollaborationAnalysisTemplate\",\"cleanrooms:getConfiguredTable\",\"cleanrooms:getConfiguredTableAssociation\",\"cleanrooms:getMembership\",\"cleanrooms:getSchema\",\"cleanrooms:listAnalysisTemplates\",\"cleanrooms:listCollaborationAnalysisTemplates\",\"cleanrooms:listCollaborations\",\"cleanrooms:listConfiguredTableAssociations\",\"cleanrooms:listConfiguredTables\",\"cleanrooms:listMembers\",\"cleanrooms:listMemberships\",\"cleanrooms:listSchemas\",\"cloud9:describeEnvironmentMemberships\",\"cloud9:describeEnvironments\",\"cloud9:listEnvironments\",\"clouddirectory:getDirectory\",\"clouddirectory:listDirectories\",\"cloudformation:batchDescribeTypeConfigurations\",\"cloudformation:describeAccountLimits\",\"cloudformation:describeChangeSet\",\"cloudformation:describeChangeSetHooks\",\"cloudformation:describePublisher\",\"cloudformation:describeStackEvents\",\"cloudformation:describeStackInstance\",\"cloudformation:describeStackResource\",\"cloudformation:describeStackResources\",\"cloudformation:describeStacks\",\"cloudformation:describeStackSet\",\"cloudformation:describeStackSetOperation\",\"cloudformation:describeType\",\"cloudformation:describeTypeRegistration\",\"cloudformation:estimateTemplateCost\",\"cloudformation:getStackPolicy\",\"cloudformation:getTemplate\",\"cloudformation:getTemplateSummary\",\"cloudformation:listChangeSets\",\"cloudformation:listExports\",\"cloudformation:listImports\",\"cloudformation:listStackInstances\",\"cloudformation:listStackResources\",\"cloudformation:listStacks\",\"cloudformation:listStackSetOperationResults\",\"cloudformation:listStackSetOperations\",\"cloudformation:listStackSets\",\"cloudformation:listTypeRegistrations\",\"cloudformation:listTypes\",\"cloudformation:listTypeVersions\",\"cloudfront:describeFunction\",\"cloudfront:getCachePolicy\",\"cloudfront:getCachePolicyConfig\",\"cloudfront:getCloudFrontOriginAccessIdentity\",\"cloudfront:getCloudFrontOriginAccessIdentityConfig\",\"cloudfront:getContinuousDeploymentPolicy\",\"cloudfront:getContinuousDeploymentPolicyConfig\",\"cloudfront:getDistribution\",\"cloudfront:getDistributionConfig\",\"cloudfront:getInvalidation\",\"cloudfront:getKeyGroup\",\"cloudfront:getKeyGroupConfig\",\"cloudfront:getMonitoringSubscription\",\"cloudfront:getOriginAccessControl\",\"cloudfront:getOriginAccessControlConfig\",\"cloudfront:getOriginRequestPolicy\",\"cloudfront:getOriginRequestPolicyConfig\",\"cloudfront:getPublicKey\",\"cloudfront:getPublicKeyConfig\",\"cloudfront:getRealtimeLogConfig\",\"cloudfront:getResponseHeadersPolicy\",\"cloudfront:getResponseHeadersPolicyConfig\",\"cloudfront:getStreamingDistribution\",\"cloudfront:getStreamingDistributionConfig\",\"cloudfront:listCachePolicies\",\"cloudfront:listCloudFrontOriginAccessIdentities\",\"cloudfront:listContinuousDeploymentPolicies\",\"cloudfront:listDistributions\",\"cloudfront:listDistributionsByCachePolicyId\",\"cloudfront:listDistributionsByKeyGroup\",\"cloudfront:listDistributionsByOriginRequestPolicyId\",\"cloudfront:listDistributionsByRealtimeLogConfig\",\"cloudfront:listDistributionsByResponseHeadersPolicyId\",\"cloudfront:listDistributionsByWebACLId\",\"cloudfront:listFunctions\",\"cloudfront:listInvalidations\",\"cloudfront:listKeyGroups\",\"cloudfront:listOriginAccessControls\",\"cloudfront:listOriginRequestPolicies\",\"cloudfront:listPublicKeys\",\"cloudfront:listRealtimeLogConfigs\",\"cloudfront:listResponseHeadersPolicies\",\"cloudfront:listStreamingDistributions\",\"cloudhsm:describeBackups\",\"cloudhsm:describeClusters\",\"cloudsearch:describeAnalysisSchemes\",\"cloudsearch:describeAvailabilityOptions\",\"cloudsearch:describeDomains\",\"cloudsearch:describeExpressions\",\"cloudsearch:describeIndexFields\",\"cloudsearch:describeScalingParameters\",\"cloudsearch:describeServiceAccessPolicies\",\"cloudsearch:describeSuggesters\",\"cloudsearch:listDomainNames\",\"cloudtrail:describeTrails\",\"cloudtrail:getEventSelectors\",\"cloudtrail:getInsightSelectors\",\"cloudtrail:getTrail\",\"cloudtrail:getTrailStatus\",\"cloudtrail:listPublicKeys\",\"cloudtrail:listTags\",\"cloudtrail:listTrails\",\"cloudtrail:lookupEvents\",\"cloudwatch:describeAlarmHistory\",\"cloudwatch:describeAlarms\",\"cloudwatch:describeAlarmsForMetric\",\"cloudwatch:describeAnomalyDetectors\",\"cloudwatch:describeInsightRules\",\"cloudwatch:getDashboard\",\"cloudWatch:getMetricWidgetImage\",\"cloudwatch:getInsightRuleReport\",\"cloudwatch:getMetricData\",\"cloudwatch:getMetricStatistics\",\"cloudwatch:getMetricStream\",\"cloudwatch:listDashboards\",\"cloudwatch:listManagedInsightRules\",\"cloudwatch:listMetrics\",\"cloudwatch:listMetricStreams\",\"codeartifact:describeDomain\",\"codeartifact:describePackageVersion\",\"codeartifact:describeRepository\",\"codeartifact:getDomainPermissionsPolicy\",\"codeartifact:getRepositoryEndpoint\",\"codeartifact:getRepositoryPermissionsPolicy\",\"codeartifact:listDomains\",\"codeartifact:listPackages\",\"codeartifact:listPackageVersionAssets\",\"codeartifact:listPackageVersions\",\"codeartifact:listRepositories\",\"codeartifact:listRepositoriesInDomain\",\"codebuild:batchGetBuildBatches\",\"codebuild:batchGetBuilds\",\"codebuild:batchGetFleets\",\"codebuild:batchGetProjects\",\"codebuild:listBuildBatches\",\"codebuild:listBuildBatchesForProject\",\"codebuild:listBuilds\",\"codebuild:listBuildsForProject\",\"codebuild:listCuratedEnvironmentImages\",\"codebuild:listFleets\",\"codebuild:listProjects\",\"codebuild:listSourceCredentials\",\"codecommit:batchGetRepositories\",\"codecommit:getBranch\",\"codecommit:getRepository\",\"codecommit:getRepositoryTriggers\",\"codecommit:listBranches\",\"codecommit:listRepositories\",\"codeconnections:getConnection\",\"codeconnections:getHost\",\"codeconnections:getRepositoryLink\",\"codeconnections:getRepositorySyncStatus\",\"codeconnections:getResourceSyncStatus\",\"codeconnections:getSyncBlockerSummary\",\"codeconnections:getSyncConfiguration\",\"codeconnections:listConnections\",\"codeconnections:listHosts\",\"codeconnections:listRepositoryLinks\",\"codeconnections:listRepositorySyncDefinitions\",\"codeconnections:listSyncConfigurations\",\"codedeploy:batchGetApplicationRevisions\",\"codedeploy:batchGetApplications\",\"codedeploy:batchGetDeploymentGroups\",\"codedeploy:batchGetDeploymentInstances\",\"codedeploy:batchGetDeployments\",\"codedeploy:batchGetDeploymentTargets\",\"codedeploy:batchGetOnPremisesInstances\",\"codedeploy:getApplication\",\"codedeploy:getApplicationRevision\",\"codedeploy:getDeployment\",\"codedeploy:getDeploymentConfig\",\"codedeploy:getDeploymentGroup\",\"codedeploy:getDeploymentInstance\",\"codedeploy:getDeploymentTarget\",\"codedeploy:getOnPremisesInstance\",\"codedeploy:listApplicationRevisions\",\"codedeploy:listApplications\",\"codedeploy:listDeploymentConfigs\",\"codedeploy:listDeploymentGroups\",\"codedeploy:listDeploymentInstances\",\"codedeploy:listDeployments\",\"codedeploy:listDeploymentTargets\",\"codedeploy:listGitHubAccountTokenNames\",\"codedeploy:listOnPremisesInstances\",\"codepipeline:getJobDetails\",\"codepipeline:getPipeline\",\"codepipeline:getPipelineExecution\",\"codepipeline:getPipelineState\",\"codepipeline:listActionExecutions\",\"codepipeline:listActionTypes\",\"codepipeline:listPipelineExecutions\",\"codepipeline:listPipelines\",\"codepipeline:listWebhooks\",\"codestar:describeProject\",\"codestar:listProjects\",\"codestar:listResources\",\"codestar:listTeamMembers\",\"codestar:listUserProfiles\",\"codestar-connections:getConnection\",\"codestar-connections:getHost\",\"codestar-connections:listConnections\",\"codestar-connections:listHosts\",\"cognito-identity:describeIdentityPool\",\"cognito-identity:getIdentityPoolRoles\",\"cognito-identity:listIdentities\",\"cognito-identity:listIdentityPools\",\"cognito-idp:describeIdentityProvider\",\"cognito-idp:describeResourceServer\",\"cognito-idp:describeRiskConfiguration\",\"cognito-idp:describeUserImportJob\",\"cognito-idp:describeUserPool\",\"cognito-idp:describeUserPoolClient\",\"cognito-idp:describeUserPoolDomain\",\"cognito-idp:getGroup\",\"cognito-idp:getUICustomization\",\"cognito-idp:getUserPoolMfaConfig\",\"cognito-idp:listGroups\",\"cognito-idp:listIdentityProviders\",\"cognito-idp:listResourceServers\",\"cognito-idp:listUserImportJobs\",\"cognito-idp:listUserPoolClients\",\"cognito-idp:listUserPools\",\"cognito-sync:describeDataset\",\"cognito-sync:describeIdentityPoolUsage\",\"cognito-sync:describeIdentityUsage\",\"cognito-sync:getCognitoEvents\",\"cognito-sync:getIdentityPoolConfiguration\",\"cognito-sync:listDatasets\",\"cognito-sync:listIdentityPoolUsage\",\"comprehend:describeDocumentClassificationJob\",\"comprehend:describeDocumentClassifier\",\"comprehend:describeDominantLanguageDetectionJob\",\"comprehend:describeEndpoint\",\"comprehend:describeEntitiesDetectionJob\",\"comprehend:describeEntityRecognizer\",\"comprehend:describeEventsDetectionJob\",\"comprehend:describeFlywheel\",\"comprehend:describeFlywheelIteration\",\"comprehend:describeKeyPhrasesDetectionJob\",\"comprehend:describePiiEntitiesDetectionJob\",\"comprehend:describeSentimentDetectionJob\",\"comprehend:describeTargetedSentimentDetectionJob\",\"comprehend:describeTopicsDetectionJob\",\"comprehend:listDocumentClassificationJobs\",\"comprehend:listDocumentClassifiers\",\"comprehend:listDominantLanguageDetectionJobs\",\"comprehend:listEndpoints\",\"comprehend:listEntitiesDetectionJobs\",\"comprehend:listEntityRecognizers\",\"comprehend:listEventsDetectionJobs\",\"comprehend:listFlywheelIterationHistory\",\"comprehend:listFlywheels\",\"comprehend:listKeyPhrasesDetectionJobs\",\"comprehend:listPiiEntitiesDetectionJobs\",\"comprehend:listSentimentDetectionJobs\",\"comprehend:listTargetedSentimentDetectionJobs\",\"comprehend:listTopicsDetectionJobs\",\"compute-optimizer:getAutoScalingGroupRecommendations\",\"compute-optimizer:getEBSVolumeRecommendations\",\"compute-optimizer:getEC2InstanceRecommendations\",\"compute-optimizer:getEC2RecommendationProjectedMetrics\",\"compute-optimizer:getECSServiceRecommendations\",\"compute-optimizer:getECSServiceRecommendationProjectedMetrics\",\"compute-optimizer:getEnrollmentStatus\",\"compute-optimizer:getRecommendationSummaries\",\"config:batchGetAggregateResourceConfig\",\"config:batchGetResourceConfig\",\"config:describeAggregateComplianceByConfigRules\",\"config:describeAggregationAuthorizations\",\"config:describeComplianceByConfigRule\",\"config:describeComplianceByResource\",\"config:describeConfigRuleEvaluationStatus\",\"config:describeConfigRules\",\"config:describeConfigurationAggregators\",\"config:describeConfigurationAggregatorSourcesStatus\",\"config:describeConfigurationRecorders\",\"config:describeConfigurationRecorderStatus\",\"config:describeConformancePackCompliance\",\"config:describeConformancePacks\",\"config:describeConformancePackStatus\",\"config:describeDeliveryChannels\",\"config:describeDeliveryChannelStatus\",\"config:describeOrganizationConfigRules\",\"config:describeOrganizationConfigRuleStatuses\",\"config:describeOrganizationConformancePacks\",\"config:describeOrganizationConformancePackStatuses\",\"config:describePendingAggregationRequests\",\"config:describeRemediationConfigurations\",\"config:describeRemediationExceptions\",\"config:describeRemediationExecutionStatus\",\"config:describeRetentionConfigurations\",\"config:getAggregateComplianceDetailsByConfigRule\",\"config:getAggregateConfigRuleComplianceSummary\",\"config:getAggregateDiscoveredResourceCounts\",\"config:getAggregateResourceConfig\",\"config:getComplianceDetailsByConfigRule\",\"config:getComplianceDetailsByResource\",\"config:getComplianceSummaryByConfigRule\",\"config:getComplianceSummaryByResourceType\",\"config:getConformancePackComplianceDetails\",\"config:getConformancePackComplianceSummary\",\"config:getDiscoveredResourceCounts\",\"config:getOrganizationConfigRuleDetailedStatus\",\"config:getOrganizationConformancePackDetailedStatus\",\"config:getResourceConfigHistory\",\"config:listAggregateDiscoveredResources\",\"config:listDiscoveredResources\",\"config:listTagsForResource\",\"connect:describeContact\",\"connect:describePhoneNumber\",\"connect:describeQuickConnect\",\"connect:describeUser\",\"connect:getCurrentMetricData\",\"connect:getMetricData\",\"connect:listContactEvaluations\",\"connect:listEvaluationForms\",\"connect:listEvaluationFormVersions\",\"connect:listPhoneNumbersV2\",\"connect:listQuickConnects\",\"connect:listRoutingProfiles\",\"connect:listSecurityProfiles\",\"connect:listUsers\",\"connect:listViews\",\"connect:listViewVersions\",\"controltower:describeAccountFactoryConfig\",\"controltower:describeCoreService\",\"controltower:describeGuardrail\",\"controltower:describeGuardrailForTarget\",\"controltower:describeManagedAccount\",\"controltower:describeSingleSignOn\",\"controltower:getAvailableUpdates\",\"controltower:getHomeRegion\",\"controltower:getLandingZone\",\"controltower:getLandingZoneStatus\",\"controltower:listDirectoryGroups\",\"controltower:listEnabledControls\",\"controltower:listGuardrailsForTarget\",\"controltower:listGuardrailViolations\",\"controltower:listLandingZones\",\"controltower:listManagedAccounts\",\"controltower:listManagedAccountsForGuardrail\",\"controltower:listManagedAccountsForParent\",\"controltower:listManagedOrganizationalUnits\",\"controltower:listManagedOrganizationalUnitsForGuardrail\",\"cost-optimization-hub:getPreferences\",\"cost-optimization-hub:getRecommendation\",\"cost-optimization-hub:listEnrollmentStatuses\",\"cost-optimization-hub:listRecommendations\",\"cost-optimization-hub:listRecommendationSummaries\",\"databrew:describeDataset\",\"databrew:describeJob\",\"databrew:describeProject\",\"databrew:describeRecipe\",\"databrew:listDatasets\",\"databrew:listJobRuns\",\"databrew:listJobs\",\"databrew:listProjects\",\"databrew:listRecipes\",\"databrew:listRecipeVersions\",\"databrew:listTagsForResource\",\"datapipeline:describeObjects\",\"datapipeline:describePipelines\",\"datapipeline:getPipelineDefinition\",\"datapipeline:listPipelines\",\"datapipeline:queryObjects\",\"datasync:describeAgent\",\"datasync:describeLocationEfs\",\"datasync:describeLocationFsxLustre\",\"datasync:describeLocationFsxOpenZfs\",\"datasync:describeLocationFsxWindows\",\"datasync:describeLocationHdfs\",\"datasync:describeLocationNfs\",\"datasync:describeLocationObjectStorage\",\"datasync:describeLocationS3\",\"datasync:describeLocationSmb\",\"datasync:describeTask\",\"datasync:describeTaskExecution\",\"datasync:listAgents\",\"datasync:listLocations\",\"datasync:listTaskExecutions\",\"datasync:listTasks\",\"dax:describeClusters\",\"dax:describeDefaultParameters\",\"dax:describeEvents\",\"dax:describeParameterGroups\",\"dax:describeParameters\",\"dax:describeSubnetGroups\",\"deadline:listAvailableMeteredProducts\",\"deadline:listBudgets\",\"deadline:listFarmMembers\",\"deadline:listFarms\",\"deadline:listFleetMembers\",\"deadline:listFleets\",\"deadline:listJobMembers\",\"deadline:listJobs\",\"deadline:listLicenseEndpoints\",\"deadline:listMeteredProducts\",\"deadline:listMonitors\",\"deadline:listQueueEnvironments\",\"deadline:listQueueFleetAssociations\",\"deadline:listQueueMembers\",\"deadline:listQueues\",\"deadline:listStorageProfiles\",\"deadline:listWorkers\",\"detective:getMembers\",\"detective:listGraphs\",\"detective:listInvitations\",\"detective:listMembers\",\"devicefarm:getAccountSettings\",\"devicefarm:getDevice\",\"devicefarm:getDevicePool\",\"devicefarm:getDevicePoolCompatibility\",\"devicefarm:getJob\",\"devicefarm:getProject\",\"devicefarm:getRemoteAccessSession\",\"devicefarm:getRun\",\"devicefarm:getSuite\",\"devicefarm:getTest\",\"devicefarm:getTestGridProject\",\"devicefarm:getTestGridSession\",\"devicefarm:getUpload\",\"devicefarm:listArtifacts\",\"devicefarm:listDevicePools\",\"devicefarm:listDevices\",\"devicefarm:listJobs\",\"devicefarm:listProjects\",\"devicefarm:listRemoteAccessSessions\",\"devicefarm:listRuns\",\"devicefarm:listSamples\",\"devicefarm:listSuites\",\"devicefarm:listTestGridProjects\",\"devicefarm:listTestGridSessionActions\",\"devicefarm:listTestGridSessionArtifacts\",\"devicefarm:listTestGridSessions\",\"devicefarm:listTests\",\"devicefarm:listUniqueProblems\",\"devicefarm:listUploads\",\"directconnect:describeConnectionLoa\",\"directconnect:describeConnections\",\"directconnect:describeConnectionsOnInterconnect\",\"directconnect:describeCustomerMetadata\",\"directconnect:describeDirectConnectGatewayAssociationProposals\",\"directconnect:describeDirectConnectGatewayAssociations\",\"directconnect:describeDirectConnectGatewayAttachments\",\"directconnect:describeDirectConnectGateways\",\"directconnect:describeHostedConnections\",\"directconnect:describeInterconnectLoa\",\"directconnect:describeInterconnects\",\"directconnect:describeLags\",\"directconnect:describeLoa\",\"directconnect:describeLocations\",\"directconnect:describeRouterConfiguration\",\"directconnect:describeVirtualGateways\",\"directconnect:describeVirtualInterfaces\",\"dlm:getLifecyclePolicies\",\"dlm:getLifecyclePolicy\",\"dms:describeAccountAttributes\",\"dms:describeApplicableIndividualAssessments\",\"dms:describeConnections\",\"dms:describeEndpoints\",\"dms:describeEndpointSettings\",\"dms:describeEndpointTypes\",\"dms:describeEventCategories\",\"dms:describeEvents\",\"dms:describeEventSubscriptions\",\"dms:describeFleetAdvisorCollectors\",\"dms:describeFleetAdvisorDatabases\",\"dms:describeFleetAdvisorLsaAnalysis\",\"dms:describeFleetAdvisorSchemaObjectSummary\",\"dms:describeFleetAdvisorSchemas\",\"dms:describeOrderableReplicationInstances\",\"dms:describePendingMaintenanceActions\",\"dms:describeRefreshSchemasStatus\",\"dms:describeReplicationInstances\",\"dms:describeReplicationInstanceTaskLogs\",\"dms:describeReplicationSubnetGroups\",\"dms:describeReplicationTaskAssessmentResults\",\"dms:describeReplicationTaskAssessmentRuns\",\"dms:describeReplicationTaskIndividualAssessments\",\"dms:describeReplicationTasks\",\"dms:describeSchemas\",\"dms:describeTableStatistics\",\"docdb-elastic:getCluster\",\"docdb-elastic:getClusterSnapshot\",\"docdb-elastic:listClusters\",\"docdb-elastic:listClusterSnapshots\",\"drs:describeJobLogItems\",\"drs:describeJobs\",\"drs:describeLaunchConfigurationTemplates\",\"drs:describeRecoveryInstances\",\"drs:describeRecoverySnapshots\",\"drs:describeReplicationConfigurationTemplates\",\"drs:describeSourceNetworks\",\"drs:describeSourceServers\",\"drs:getLaunchConfiguration\",\"drs:getReplicationConfiguration\",\"drs:listExtensibleSourceServers\",\"drs:listLaunchActions\",\"drs:listStagingAccounts\",\"ds:describeClientAuthenticationSettings\",\"ds:describeConditionalForwarders\",\"ds:describeDirectories\",\"ds:describeDomainControllers\",\"ds:describeEventTopics\",\"ds:describeLDAPSSettings\",\"ds:describeSharedDirectories\",\"ds:describeSnapshots\",\"ds:describeTrusts\",\"ds:getDirectoryLimits\",\"ds:getSnapshotLimits\",\"ds:listIpRoutes\",\"ds:listSchemaExtensions\",\"ds:listTagsForResource\",\"dynamodb:describeBackup\",\"dynamodb:describeContinuousBackups\",\"dynamodb:describeContributorInsights\",\"dynamodb:describeExport\",\"dynamodb:describeGlobalTable\",\"dynamodb:describeImport\",\"dynamodb:describeKinesisStreamingDestination\",\"dynamodb:describeLimits\",\"dynamodb:describeStream\",\"dynamodb:describeTable\",\"dynamodb:describeTimeToLive\",\"dynamodb:getResourcePolicy\",\"dynamodb:listBackups\",\"dynamodb:listContributorInsights\",\"dynamodb:listExports\",\"dynamodb:listGlobalTables\",\"dynamodb:listImports\",\"dynamodb:listStreams\",\"dynamodb:listTables\",\"dynamodb:listTagsOfResource\",\"ec2:describeAccountAttributes\",\"ec2:describeAddresses\",\"ec2:describeAddressesAttribute\",\"ec2:describeAddressTransfers\",\"ec2:describeAggregateIdFormat\",\"ec2:describeAvailabilityZones\",\"ec2:describeBundleTasks\",\"ec2:describeByoipCidrs\",\"ec2:describeCapacityReservationFleets\",\"ec2:describeCapacityReservations\",\"ec2:describeCarrierGateways\",\"ec2:describeClassicLinkInstances\",\"ec2:describeClientVpnAuthorizationRules\",\"ec2:describeClientVpnConnections\",\"ec2:describeClientVpnEndpoints\",\"ec2:describeClientVpnRoutes\",\"ec2:describeClientVpnTargetNetworks\",\"ec2:describeCoipPools\",\"ec2:describeConversionTasks\",\"ec2:describeCustomerGateways\",\"ec2:describeDhcpOptions\",\"ec2:describeEgressOnlyInternetGateways\",\"ec2:describeExportImageTasks\",\"ec2:describeExportTasks\",\"ec2:describeFastLaunchImages\",\"ec2:describeFastSnapshotRestores\",\"ec2:describeFleetHistory\",\"ec2:describeFleetInstances\",\"ec2:describeFleets\",\"ec2:describeFlowLogs\",\"ec2:describeFpgaImageAttribute\",\"ec2:describeFpgaImages\",\"ec2:describeHostReservationOfferings\",\"ec2:describeHostReservations\",\"ec2:describeHosts\",\"ec2:describeIamInstanceProfileAssociations\",\"ec2:describeIdentityIdFormat\",\"ec2:describeIdFormat\",\"ec2:describeImageAttribute\",\"ec2:describeImages\",\"ec2:describeImportImageTasks\",\"ec2:describeImportSnapshotTasks\",\"ec2:describeInstanceAttribute\",\"ec2:describeInstanceCreditSpecifications\",\"ec2:describeInstanceEventNotificationAttributes\",\"ec2:describeInstanceEventWindows\",\"ec2:describeInstances\",\"ec2:describeInstanceStatus\",\"ec2:describeInstanceTypeOfferings\",\"ec2:describeInstanceTypes\",\"ec2:describeInternetGateways\",\"ec2:describeIpamPools\",\"ec2:describeIpams\",\"ec2:describeIpamScopes\",\"ec2:describeIpv6Pools\",\"ec2:describeKeyPairs\",\"ec2:describeLaunchTemplates\",\"ec2:describeLaunchTemplateVersions\",\"ec2:describeLocalGatewayRouteTables\",\"ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations\",\"ec2:describeLocalGatewayRouteTableVpcAssociations\",\"ec2:describeLocalGateways\",\"ec2:describeLocalGatewayVirtualInterfaceGroups\",\"ec2:describeLocalGatewayVirtualInterfaces\",\"ec2:describeManagedPrefixLists\",\"ec2:describeMovingAddresses\",\"ec2:describeNatGateways\",\"ec2:describeNetworkAcls\",\"ec2:describeNetworkInterfaceAttribute\",\"ec2:describeNetworkInterfaces\",\"ec2:describePlacementGroups\",\"ec2:describePrefixLists\",\"ec2:describePrincipalIdFormat\",\"ec2:describePublicIpv4Pools\",\"ec2:describeRegions\",\"ec2:describeReservedInstances\",\"ec2:describeReservedInstancesListings\",\"ec2:describeReservedInstancesModifications\",\"ec2:describeReservedInstancesOfferings\",\"ec2:describeRouteTables\",\"ec2:describeScheduledInstanceAvailability\",\"ec2:describeScheduledInstances\",\"ec2:describeSecurityGroupReferences\",\"ec2:describeSecurityGroupRules\",\"ec2:describeSecurityGroups\",\"ec2:describeSnapshotAttribute\",\"ec2:describeSnapshots\",\"ec2:describeSnapshotTierStatus\",\"ec2:describeSpotDatafeedSubscription\",\"ec2:describeSpotFleetInstances\",\"ec2:describeSpotFleetRequestHistory\",\"ec2:describeSpotFleetRequests\",\"ec2:describeSpotInstanceRequests\",\"ec2:describeSpotPriceHistory\",\"ec2:describeStaleSecurityGroups\",\"ec2:describeStoreImageTasks\",\"ec2:describeSubnets\",\"ec2:describeTags\",\"ec2:describeTrafficMirrorFilters\",\"ec2:describeTrafficMirrorSessions\",\"ec2:describeTrafficMirrorTargets\",\"ec2:describeTransitGatewayAttachments\",\"ec2:describeTransitGatewayConnectPeers\",\"ec2:describeTransitGatewayMulticastDomains\",\"ec2:describeTransitGatewayPeeringAttachments\",\"ec2:describeTransitGatewayPolicyTables\",\"ec2:describeTransitGatewayRouteTableAnnouncements\",\"ec2:describeTransitGatewayRouteTables\",\"ec2:describeTransitGateways\",\"ec2:describeTransitGatewayVpcAttachments\",\"ec2:describeVerifiedAccessEndpoints\",\"ec2:describeVerifiedAccessGroups\",\"ec2:describeVerifiedAccessInstances\",\"ec2:describeVerifiedAccessTrustProviders\",\"ec2:describeVolumeAttribute\",\"ec2:describeVolumes\",\"ec2:describeVolumesModifications\",\"ec2:describeVolumeStatus\",\"ec2:describeVpcAttribute\",\"ec2:describeVpcClassicLink\",\"ec2:describeVpcClassicLinkDnsSupport\",\"ec2:describeVpcEndpointConnectionNotifications\",\"ec2:describeVpcEndpointConnections\",\"ec2:describeVpcEndpoints\",\"ec2:describeVpcEndpointServiceConfigurations\",\"ec2:describeVpcEndpointServicePermissions\",\"ec2:describeVpcEndpointServices\",\"ec2:describeVpcPeeringConnections\",\"ec2:describeVpcs\",\"ec2:describeVpnConnections\",\"ec2:describeVpnGateways\",\"ec2:getAssociatedIpv6PoolCidrs\",\"ec2:getCapacityReservationUsage\",\"ec2:getSubnetCidrReservations\",\"ec2:getCoipPoolUsage\",\"ec2:getConsoleOutput\",\"ec2:getConsoleScreenshot\",\"ec2:getDefaultCreditSpecification\",\"ec2:getEbsDefaultKmsKeyId\",\"ec2:getEbsEncryptionByDefault\",\"ec2:getGroupsForCapacityReservation\",\"ec2:getHostReservationPurchasePreview\",\"ec2:getInstanceTypesFromInstanceRequirements\",\"ec2:getIpamAddressHistory\",\"ec2:getIpamPoolAllocations\",\"ec2:getIpamPoolCidrs\",\"ec2:getIpamResourceCidrs\",\"ec2:getLaunchTemplateData\",\"ec2:getManagedPrefixListAssociations\",\"ec2:getManagedPrefixListEntries\",\"ec2:getReservedInstancesExchangeQuote\",\"ec2:getSerialConsoleAccessStatus\",\"ec2:getSpotPlacementScores\",\"ec2:getTransitGatewayMulticastDomainAssociations\",\"ec2:getTransitGatewayPrefixListReferences\",\"ec2:getVerifiedAccessEndpointPolicy\",\"ec2:getVerifiedAccessGroupPolicy\",\"ec2:listImagesInRecycleBin\",\"ec2:listSnapshotsInRecycleBin\",\"ec2:searchLocalGatewayRoutes\",\"ec2:searchTransitGatewayMulticastGroups\",\"ec2:searchTransitGatewayRoutes\",\"ec2:describeIpamByoasn\",\"ec2:describeIpamPools\",\"ec2:describeIpamResourceDiscoveries\",\"ec2:describeIpamResourceDiscoveryAssociations\",\"ec2:describeIpams\",\"ec2:describeIpamScopes\",\"ec2:getIpamAddressHistory\",\"ec2:getIpamDiscoveredAccounts\",\"ec2:getIpamDiscoveredPublicAddresses\",\"ec2:getIpamDiscoveredResourceCidrs\",\"ec2:getIpamPoolAllocations\",\"ec2:getIpamPoolCidrs\",\"ec2:getIpamResourceCidrs\",\"ecr-public:describeImages\",\"ecr-public:describeImageTags\",\"ecr-public:describeRegistries\",\"ecr-public:describeRepositories\",\"ecr-public:getRegistryCatalogData\",\"ecr-public:getRepositoryCatalogData\",\"ecr-public:getRepositoryPolicy\",\"ecr-public:listTagsForResource\",\"ecr:batchCheckLayerAvailability\",\"ecr:batchGetRepositoryScanningConfiguration\",\"ecr:describeImages\",\"ecr:describeImageReplicationStatus\",\"ecr:describeImageScanFindings\",\"ecr:describePullThroughCacheRules\",\"ecr:describeRegistry\",\"ecr:describeRepositories\",\"ecr:getLifecyclePolicy\",\"ecr:getLifecyclePolicyPreview\",\"ecr:getRegistryPolicy\",\"ecr:getRegistryScanningConfiguration\",\"ecr:getRepositoryPolicy\",\"ecr:listImages\",\"ecr:listTagsForResource\",\"ecs:describeCapacityProviders\",\"ecs:describeClusters\",\"ecs:describeContainerInstances\",\"ecs:describeServices\",\"ecs:describeTaskDefinition\",\"ecs:describeTasks\",\"ecs:describeTaskSets\",\"ecs:getTaskProtection\",\"ecs:listAccountSettings\",\"ecs:listAttributes\",\"ecs:listClusters\",\"ecs:listContainerInstances\",\"ecs:listServices\",\"ecs:listServicesByNamespace\",\"ecs:listTagsForResource\",\"ecs:listTaskDefinitionFamilies\",\"ecs:listTaskDefinitions\",\"ecs:listTasks\",\"eks:describeAccessEntry\",\"eks:describeAddon\",\"eks:describeAddonConfiguration\",\"eks:describeAddonVersions\",\"eks:describeCluster\",\"eks:describeEksAnywhereSubscription\",\"eks:describeFargateProfile\",\"eks:describeIdentityProviderConfig\",\"eks:describeNodegroup\",\"eks:describePodIdentityAssociation\",\"eks:listPodIdentityAssociations\",\"eks:describeUpdate\",\"eks:listAccessEntries\",\"eks:listAccessPolicies\",\"eks:listAddons\",\"eks:listAssociatedAccessPolicies\",\"eks:listClusters\",\"eks:listEksAnywhereSubscriptions\",\"eks:listFargateProfiles\",\"eks:listIdentityProviderConfigs\",\"eks:listNodegroups\",\"eks:listUpdates\",\"elasticache:describeCacheClusters\",\"elasticache:describeCacheEngineVersions\",\"elasticache:describeCacheParameterGroups\",\"elasticache:describeCacheParameters\",\"elasticache:describeCacheSecurityGroups\",\"elasticache:describeCacheSubnetGroups\",\"elasticache:describeEngineDefaultParameters\",\"elasticache:describeEvents\",\"elasticache:describeGlobalReplicationGroups\",\"elasticache:describeReplicationGroups\",\"elasticache:describeReservedCacheNodes\",\"elasticache:describeReservedCacheNodesOfferings\",\"elasticache:describeServerlessCaches\",\"elasticache:describeServerlessCacheSnapshots\",\"elasticache:describeServiceUpdates\",\"elasticache:describeSnapshots\",\"elasticache:describeUpdateActions\",\"elasticache:describeUserGroups\",\"elasticache:describeUsers\",\"elasticache:listAllowedNodeTypeModifications\",\"elasticache:listTagsForResource\",\"elasticbeanstalk:checkDNSAvailability\",\"elasticbeanstalk:describeAccountAttributes\",\"elasticbeanstalk:describeApplicationVersions\",\"elasticbeanstalk:describeApplications\",\"elasticbeanstalk:describeConfigurationOptions\",\"elasticbeanstalk:describeEnvironmentHealth\",\"elasticbeanstalk:describeEnvironmentManagedActionHistory\",\"elasticbeanstalk:describeEnvironmentManagedActions\",\"elasticbeanstalk:describeEnvironmentResources\",\"elasticbeanstalk:describeEnvironments\",\"elasticbeanstalk:describeEvents\",\"elasticbeanstalk:describeInstancesHealth\",\"elasticbeanstalk:describePlatformVersion\",\"elasticbeanstalk:listAvailableSolutionStacks\",\"elasticbeanstalk:listPlatformBranches\",\"elasticbeanstalk:listPlatformVersions\",\"elasticbeanstalk:validateConfigurationSettings\",\"elasticfilesystem:describeAccessPoints\",\"elasticfilesystem:describeBackupPolicy\",\"elasticfilesystem:describeReplicationConfigurations\",\"elasticfilesystem:describeFileSystemPolicy\",\"elasticfilesystem:describeFileSystems\",\"elasticfilesystem:describeLifecycleConfiguration\",\"elasticfilesystem:describeMountTargets\",\"elasticfilesystem:describeMountTargetSecurityGroups\",\"elasticfilesystem:describeTags\",\"elasticfilesystem:listTagsForResource\",\"elasticloadbalancing:describeAccountLimits\",\"elasticloadbalancing:describeInstanceHealth\",\"elasticloadbalancing:describeListenerCertificates\",\"elasticloadbalancing:describeListeners\",\"elasticloadbalancing:describeLoadBalancerAttributes\",\"elasticloadbalancing:describeLoadBalancerPolicies\",\"elasticloadbalancing:describeLoadBalancerPolicyTypes\",\"elasticloadbalancing:describeLoadBalancers\",\"elasticloadbalancing:describeTrustStores\",\"elasticloadbalancing:describeTrustStoreAssociations\",\"elasticloadbalancing:describeTrustStoreRevocations\",\"elasticloadbalancing:describeRules\",\"elasticloadbalancing:describeSSLPolicies\",\"elasticloadbalancing:describeTags\",\"elasticloadbalancing:describeTargetGroupAttributes\",\"elasticloadbalancing:describeTargetGroups\",\"elasticloadbalancing:describeTargetHealth\",\"elasticmapreduce:describeCluster\",\"elasticmapreduce:describeNotebookExecution\",\"elasticmapreduce:describeReleaseLabel\",\"elasticmapreduce:describeSecurityConfiguration\",\"elasticmapreduce:describeStep\",\"elasticmapreduce:describeStudio\",\"elasticmapreduce:getAutoTerminationPolicy\",\"elasticmapreduce:getBlockPublicAccessConfiguration\",\"elasticmapreduce:getManagedScalingPolicy\",\"elasticmapreduce:getStudioSessionMapping\",\"elasticmapreduce:listBootstrapActions\",\"elasticmapreduce:listClusters\",\"elasticmapreduce:listInstanceFleets\",\"elasticmapreduce:listInstanceGroups\",\"elasticmapreduce:listInstances\",\"elasticmapreduce:listNotebookExecutions\",\"elasticmapreduce:listReleaseLabels\",\"elasticmapreduce:listSecurityConfigurations\",\"elasticmapreduce:listSteps\",\"elasticmapreduce:listStudios\",\"elasticmapreduce:listStudioSessionMappings\",\"elastictranscoder:listJobsByPipeline\",\"elastictranscoder:listJobsByStatus\",\"elastictranscoder:listPipelines\",\"elastictranscoder:listPresets\",\"elastictranscoder:readPipeline\",\"elastictranscoder:readPreset\",\"emr-containers:describeJobRun\",\"emr-containers:describeJobTemplate\",\"emr-containers:describeManagedEndpoint\",\"emr-containers:describeVirtualCluster\",\"emr-containers:listJobRuns\",\"emr-containers:listJobTemplates\",\"emr-containers:listManagedEndpoints\",\"emr-containers:listVirtualClusters\",\"emr-serverless:getApplication\",\"emr-serverless:getJobRun\",\"emr-serverless:listApplications\",\"es:describeDomain\",\"es:describeDomainAutoTunes\",\"es:describeDomainChangeProgress\",\"es:describeDomainConfig\",\"es:describeDomains\",\"es:describeDryRunProgress\",\"es:describeElasticsearchDomain\",\"es:describeElasticsearchDomainConfig\",\"es:describeElasticsearchDomains\",\"es:describeInboundConnections\",\"es:describeInstanceTypeLimits\",\"es:describeOutboundConnections\",\"es:describePackages\",\"es:describeReservedInstanceOfferings\",\"es:describeReservedInstances\",\"es:describeVpcEndpoints\",\"es:getCompatibleVersions\",\"es:getPackageVersionHistory\",\"es:getUpgradeHistory\",\"es:getUpgradeStatus\",\"es:listDomainNames\",\"es:listDomainsForPackage\",\"es:listInstanceTypeDetails\",\"es:listPackagesForDomain\",\"es:listScheduledActions\",\"es:listTags\",\"es:listVersions\",\"es:listVpcEndpointAccess\",\"es:listVpcEndpoints\",\"es:listVpcEndpointsForDomain\",\"evidently:getExperiment\",\"evidently:getFeature\",\"evidently:getLaunch\",\"evidently:getProject\",\"evidently:getSegment\",\"evidently:listExperiments\",\"evidently:listFeatures\",\"evidently:listLaunches\",\"evidently:listProjects\",\"evidently:listSegments\",\"evidently:listSegmentReferences\",\"events:describeApiDestination\",\"events:describeArchive\",\"events:describeConnection\",\"events:describeEndpoint\",\"events:describeEventBus\",\"events:describeEventSource\",\"events:describePartnerEventSource\",\"events:describeReplay\",\"events:describeRule\",\"events:listArchives\",\"events:listApiDestinations\",\"events:listConnections\",\"events:listEndpoints\",\"events:listEventBuses\",\"events:listEventSources\",\"events:listPartnerEventSourceAccounts\",\"events:listPartnerEventSources\",\"events:listReplays\",\"events:listRuleNamesByTarget\",\"events:listRules\",\"events:listTargetsByRule\",\"events:testEventPattern\",\"firehose:describeDeliveryStream\",\"firehose:listDeliveryStreams\",\"fms:getAdminAccount\",\"fms:getComplianceDetail\",\"fms:getNotificationChannel\",\"fms:getPolicy\",\"fms:getProtectionStatus\",\"fms:listComplianceStatus\",\"fms:listMemberAccounts\",\"fms:listPolicies\",\"forecast:describeDataset\",\"forecast:describeDatasetGroup\",\"forecast:describeDatasetImportJob\",\"forecast:describeForecast\",\"forecast:describeForecastExportJob\",\"forecast:describePredictor\",\"forecast:getAccuracyMetrics\",\"forecast:listDatasetGroups\",\"forecast:listDatasetImportJobs\",\"forecast:listDatasets\",\"forecast:listForecastExportJobs\",\"forecast:listForecasts\",\"forecast:listPredictors\",\"freetier:getFreeTierUsage\",\"fsx:describeBackups\",\"fsx:describeDataRepositoryAssociations\",\"fsx:describeDataRepositoryTasks\",\"fsx:describeFileCaches\",\"fsx:describeFileSystems\",\"fsx:describeSnapshots\",\"fsx:describeStorageVirtualMachines\",\"fsx:describeVolumes\",\"fsx:listTagsForResource\",\"gamelift:describeAlias\",\"gamelift:describeBuild\",\"gamelift:describeEC2InstanceLimits\",\"gamelift:describeFleetAttributes\",\"gamelift:describeFleetCapacity\",\"gamelift:describeFleetEvents\",\"gamelift:describeFleetLocationAttributes\",\"gamelift:describeFleetLocationCapacity\",\"gamelift:describeFleetLocationUtilization\",\"gamelift:describeFleetPortSettings\",\"gamelift:describeFleetUtilization\",\"gamelift:describeGameServer\",\"gamelift:describeGameServerGroup\",\"gamelift:describeGameSessionDetails\",\"gamelift:describeGameSessionPlacement\",\"gamelift:describeGameSessionQueues\",\"gamelift:describeGameSessions\",\"gamelift:describeInstances\",\"gamelift:describeMatchmaking\",\"gamelift:describeMatchmakingConfigurations\",\"gamelift:describeMatchmakingRuleSets\",\"gamelift:describePlayerSessions\",\"gamelift:describeRuntimeConfiguration\",\"gamelift:describeScalingPolicies\",\"gamelift:describeScript\",\"gamelift:listAliases\",\"gamelift:listBuilds\",\"gamelift:listFleets\",\"gamelift:listGameServerGroups\",\"gamelift:listGameServers\",\"gamelift:listScripts\",\"gamelift:resolveAlias\",\"glacier:describeJob\",\"glacier:describeVault\",\"glacier:getDataRetrievalPolicy\",\"glacier:getVaultAccessPolicy\",\"glacier:getVaultLock\",\"glacier:getVaultNotifications\",\"glacier:listJobs\",\"glacier:listTagsForVault\",\"glacier:listVaults\",\"globalaccelerator:describeAccelerator\",\"globalaccelerator:describeAcceleratorAttributes\",\"globalaccelerator:describeEndpointGroup\",\"globalaccelerator:describeListener\",\"globalaccelerator:listAccelerators\",\"globalaccelerator:listEndpointGroups\",\"globalaccelerator:listListeners\",\"glue:batchGetBlueprints\",\"glue:batchGetCrawlers\",\"glue:batchGetDevEndpoints\",\"glue:batchGetJobs\",\"glue:batchGetPartition\",\"glue:batchGetTriggers\",\"glue:batchGetWorkflows\",\"glue:checkSchemaVersionValidity\",\"glue:getBlueprint\",\"glue:getBlueprintRun\",\"glue:getBlueprintRuns\",\"glue:getCatalogImportStatus\",\"glue:getClassifier\",\"glue:getClassifiers\",\"glue:getColumnStatisticsForPartition\",\"glue:getColumnStatisticsForTable\",\"glue:getCrawler\",\"glue:getCrawlerMetrics\",\"glue:getCrawlers\",\"glue:getCustomEntityType\",\"glue:getDatabase\",\"glue:getDatabases\",\"glue:getDataflowGraph\",\"glue:getDataQualityResult\",\"glue:getDataQualityRuleRecommendationRun\",\"glue:getDataQualityRuleset\",\"glue:getDataQualityRulesetEvaluationRun\",\"glue:getDevEndpoint\",\"glue:getDevEndpoints\",\"glue:getJob\",\"glue:getJobRun\",\"glue:getJobRuns\",\"glue:getJobs\",\"glue:getMapping\",\"glue:getMLTaskRun\",\"glue:getMLTaskRuns\",\"glue:getMLTransform\",\"glue:getMLTransforms\",\"glue:getPartition\",\"glue:getPartitionIndexes\",\"glue:getPartitions\",\"glue:getRegistry\",\"glue:getResourcePolicies\",\"glue:getResourcePolicy\",\"glue:getSchema\",\"glue:getSchemaByDefinition\",\"glue:getSchemaVersion\",\"glue:getSchemaVersionsDiff\",\"glue:getSession\",\"glue:getStatement\",\"glue:getTable\",\"glue:getTables\",\"glue:getTableVersions\",\"glue:getTrigger\",\"glue:getTriggers\",\"glue:getUserDefinedFunction\",\"glue:getUserDefinedFunctions\",\"glue:getWorkflow\",\"glue:getWorkflowRun\",\"glue:getWorkflowRuns\",\"glue:listCrawlers\",\"glue:listCrawls\",\"glue:listDataQualityResults\",\"glue:listDataQualityRuleRecommendationRuns\",\"glue:listDataQualityRulesetEvaluationRuns\",\"glue:listDataQualityRulesets\",\"glue:listDevEndpoints\",\"glue:listMLTransforms\",\"glue:listRegistries\",\"glue:listSchemas\",\"glue:listSchemaVersions\",\"glue:listSessions\",\"glue:listStatements\",\"glue:querySchemaVersionMetadata\",\"grafana:describeWorkspace\",\"grafana:describeWorkspaceAuthentication\",\"grafana:listPermissions\",\"grafana:listVersions\",\"grafana:listWorkspaces\",\"greengrass:getConnectivityInfo\",\"greengrass:getCoreDefinition\",\"greengrass:getCoreDefinitionVersion\",\"greengrass:getDeploymentStatus\",\"greengrass:getDeviceDefinition\",\"greengrass:getDeviceDefinitionVersion\",\"greengrass:getFunctionDefinition\",\"greengrass:getFunctionDefinitionVersion\",\"greengrass:getGroup\",\"greengrass:getGroupCertificateAuthority\",\"greengrass:getGroupVersion\",\"greengrass:getLoggerDefinition\",\"greengrass:getLoggerDefinitionVersion\",\"greengrass:getResourceDefinitionVersion\",\"greengrass:getServiceRoleForAccount\",\"greengrass:getSubscriptionDefinition\",\"greengrass:getSubscriptionDefinitionVersion\",\"greengrass:listCoreDefinitions\",\"greengrass:listCoreDefinitionVersions\",\"greengrass:listDeployments\",\"greengrass:listDeviceDefinitions\",\"greengrass:listDeviceDefinitionVersions\",\"greengrass:listFunctionDefinitions\",\"greengrass:listFunctionDefinitionVersions\",\"greengrass:listGroups\",\"greengrass:listGroupVersions\",\"greengrass:listLoggerDefinitions\",\"greengrass:listLoggerDefinitionVersions\",\"greengrass:listResourceDefinitions\",\"greengrass:listResourceDefinitionVersions\",\"greengrass:listSubscriptionDefinitions\",\"greengrass:listSubscriptionDefinitionVersions\",\"guardduty:getDetector\",\"guardduty:getFindings\",\"guardduty:getFindingsStatistics\",\"guardduty:getInvitationsCount\",\"guardduty:getIPSet\",\"guardduty:getMasterAccount\",\"guardduty:getMembers\",\"guardduty:getThreatIntelSet\",\"guardduty:listDetectors\",\"guardduty:listFindings\",\"guardduty:listInvitations\",\"guardduty:listIPSets\",\"guardduty:listMembers\",\"guardduty:listThreatIntelSets\",\"health:describeAffectedAccountsForOrganization\",\"health:describeAffectedEntities\",\"health:describeAffectedEntitiesForOrganization\",\"health:describeEntityAggregates\",\"health:describeEntityAggregatesForOrganization\",\"health:describeEventAggregates\",\"health:describeEventDetails\",\"health:describeEventDetailsForOrganization\",\"health:describeEvents\",\"health:describeEventsForOrganization\",\"health:describeEventTypes\",\"health:describeHealthServiceStatusForOrganization\",\"iam:getAccessKeyLastUsed\",\"iam:getAccountAuthorizationDetails\",\"iam:getAccountPasswordPolicy\",\"iam:getAccountSummary\",\"iam:getContextKeysForCustomPolicy\",\"iam:getContextKeysForPrincipalPolicy\",\"iam:getCredentialReport\",\"iam:getGroup\",\"iam:getGroupPolicy\",\"iam:getInstanceProfile\",\"iam:getLoginProfile\",\"iam:getOpenIDConnectProvider\",\"iam:getPolicy\",\"iam:getPolicyVersion\",\"iam:getRole\",\"iam:getRolePolicy\",\"iam:getSAMLProvider\",\"iam:getServerCertificate\",\"iam:getServiceLinkedRoleDeletionStatus\",\"iam:getSSHPublicKey\",\"iam:getUser\",\"iam:getUserPolicy\",\"iam:listAccessKeys\",\"iam:listAccountAliases\",\"iam:listAttachedGroupPolicies\",\"iam:listAttachedRolePolicies\",\"iam:listAttachedUserPolicies\",\"iam:listEntitiesForPolicy\",\"iam:listGroupPolicies\",\"iam:listGroups\",\"iam:listGroupsForUser\",\"iam:listInstanceProfiles\",\"iam:listInstanceProfilesForRole\",\"iam:listMFADevices\",\"iam:listOpenIDConnectProviders\",\"iam:listPolicies\",\"iam:listPolicyVersions\",\"iam:listRolePolicies\",\"iam:listRoles\",\"iam:listSAMLProviders\",\"iam:listServerCertificates\",\"iam:listSigningCertificates\",\"iam:listSSHPublicKeys\",\"iam:listUserPolicies\",\"iam:listUsers\",\"iam:listVirtualMFADevices\",\"iam:simulateCustomPolicy\",\"iam:simulatePrincipalPolicy\",\"imagebuilder:getComponent\",\"imagebuilder:getComponentPolicy\",\"imagebuilder:getContainerRecipe\",\"imagebuilder:getDistributionConfiguration\",\"imagebuilder:getImage\",\"imagebuilder:getImagePipeline\",\"imagebuilder:getImagePolicy\",\"imagebuilder:getImageRecipe\",\"imagebuilder:getImageRecipePolicy\",\"imagebuilder:getInfrastructureConfiguration\",\"imagebuilder:getLifecycleExecution\",\"imagebuilder:getLifecyclePolicy\",\"imagebuilder:getWorkflow\",\"imagebuilder:getWorkflowExecution\",\"imagebuilder:getWorkflowStepExecution\",\"imagebuilder:listComponentBuildVersions\",\"imagebuilder:listComponents\",\"imagebuilder:listContainerRecipes\",\"imagebuilder:listDistributionConfigurations\",\"imagebuilder:listImageBuildVersions\",\"imagebuilder:listImagePipelineImages\",\"imagebuilder:listImagePipelines\",\"imagebuilder:listImageRecipes\",\"imagebuilder:listImages\",\"imagebuilder:listImageScanFindingAggregations\",\"imagebuilder:listInfrastructureConfigurations\",\"imagebuilder:listLifecycleExecutions\",\"imagebuilder:listLifecycleExecutionResources\",\"imagebuilder:listLifecyclePolicies\",\"imagebuilder:listWorkflowBuildVersions\",\"imagebuilder:listWorkflowExecutions\",\"imagebuilder:listWorkflows\",\"imagebuilder:listWorkflowStepExecutions\",\"imagebuilder:listTagsForResource\",\"inspector:describeAssessmentRuns\",\"inspector:describeAssessmentTargets\",\"inspector:describeAssessmentTemplates\",\"inspector:describeCrossAccountAccessRole\",\"inspector:describeResourceGroups\",\"inspector:describeRulesPackages\",\"inspector:getTelemetryMetadata\",\"inspector:listAssessmentRunAgents\",\"inspector:listAssessmentRuns\",\"inspector:listAssessmentTargets\",\"inspector:listAssessmentTemplates\",\"inspector:listEventSubscriptions\",\"inspector:listRulesPackages\",\"inspector:listTagsForResource\",\"inspector2:batchGetAccountStatus\",\"inspector2:batchGetFreeTrialInfo\",\"inspector2:describeOrganizationConfiguration\",\"inspector2:getConfiguration\",\"inspector2:getEc2DeepInspectionConfiguration\",\"inspector2:getDelegatedAdminAccount\",\"inspector2:getMember\",\"inspector2:getSbomExport\",\"inspector2:listCisScanConfigurations\",\"inspector2:listCisScanResultsAggregatedByChecks\",\"inspector2:listCisScanResultsAggregatedByTargetResource\",\"inspector2:listCisScans\",\"inspector2:listCoverage\",\"inspector2:listDelegatedAdminAccounts\",\"inspector2:listFilters\",\"inspector2:listFindings\",\"inspector2:listMembers\",\"inspector2:listUsageTotals\",\"inspector-scan:scanSbom\",\"internetmonitor:getMonitor\",\"internetmonitor:listMonitors\",\"internetmonitor:getHealthEvent\",\"internetmonitor:listHealthEvents\",\"iot:describeAuthorizer\",\"iot:describeCACertificate\",\"iot:describeCertificate\",\"iot:describeDefaultAuthorizer\",\"iot:describeDomainConfiguration\",\"iot:describeEndpoint\",\"iot:describeIndex\",\"iot:describeJobExecution\",\"iot:describeThing\",\"iot:describeThingGroup\",\"iot:describeTunnel\",\"iot:getEffectivePolicies\",\"iot:getIndexingConfiguration\",\"iot:getLoggingOptions\",\"iot:getPolicy\",\"iot:getPolicyVersion\",\"iot:getTopicRule\",\"iot:getV2LoggingOptions\",\"iot:listAttachedPolicies\",\"iot:listAuthorizers\",\"iot:listCACertificates\",\"iot:listCertificates\",\"iot:listCertificatesByCA\",\"iot:listDomainConfigurations\",\"iot:listJobExecutionsForJob\",\"iot:listJobExecutionsForThing\",\"iot:listJobs\",\"iot:listNamedShadowsForThing\",\"iot:listOutgoingCertificates\",\"iot:listPackages\",\"iot:listPackageVersions\",\"iot:listPolicies\",\"iot:listPolicyPrincipals\",\"iot:listPolicyVersions\",\"iot:listPrincipalPolicies\",\"iot:listPrincipalThings\",\"iot:listRoleAliases\",\"iot:listTargetsForPolicy\",\"iot:listThingGroups\",\"iot:listThingGroupsForThing\",\"iot:listThingPrincipals\",\"iot:listThingRegistrationTasks\",\"iot:listThings\",\"iot:listThingsInThingGroup\",\"iot:listThingTypes\",\"iot:listTopicRules\",\"iot:listTunnels\",\"iot:listV2LoggingLevels\",\"iot:listNamedShadowsForThing\",\"iotevents:describeDetector\",\"iotevents:describeDetectorModel\",\"iotevents:describeInput\",\"iotevents:describeLoggingOptions\",\"iotevents:listDetectorModels\",\"iotevents:listDetectorModelVersions\",\"iotevents:listDetectors\",\"iotevents:listInputs\",\"iotfleetwise:getCampaign\",\"iotfleetwise:getDecoderManifest\",\"iotfleetwise:getFleet\",\"iotfleetwise:getModelManifest\",\"iotfleetwise:getSignalCatalog\",\"iotfleetwise:getVehicle\",\"iotfleetwise:getVehicleStatus\",\"iotfleetwise:listCampaigns\",\"iotfleetwise:listDecoderManifests\",\"iotfleetwise:listDecoderManifestNetworkInterfaces\",\"iotfleetwise:listDecoderManifestSignals\",\"iotfleetwise:listFleets\",\"iotfleetwise:listFleetsForVehicle\",\"iotfleetwise:listModelManifests\",\"iotfleetwise:listModelManifestNodes\",\"iotfleetwise:listSignalCatalogs\",\"iotfleetwise:listSignalCatalogNodes\",\"iotfleetwise:listVehicles\",\"iotsitewise:describeAccessPolicy\",\"iotsitewise:describeAsset\",\"iotsitewise:describeAssetModel\",\"iotsitewise:describeAssetProperty\",\"iotsitewise:describeDashboard\",\"iotsitewise:describeGateway\",\"iotsitewise:describeGatewayCapabilityConfiguration\",\"iotsitewise:describeLoggingOptions\",\"iotsitewise:describePortal\",\"iotsitewise:describeProject\",\"iotsitewise:listAccessPolicies\",\"iotsitewise:listAssetModels\",\"iotsitewise:listAssets\",\"iotsitewise:listAssociatedAssets\",\"iotsitewise:listDashboards\",\"iotsitewise:listGateways\",\"iotsitewise:listPortals\",\"iotsitewise:listProjectAssets\",\"iotsitewise:listProjects\",\"iottwinmaker:getComponentType\",\"iottwinmaker:getEntity\",\"iottwinmaker:getPricingPlan\",\"iottwinmaker:getScene\",\"iottwinmaker:getWorkspace\",\"iottwinmaker:listComponentTypes\",\"iottwinmaker:listEntities\",\"iottwinmaker:listScenes\",\"iottwinmaker:getSyncJob\",\"iottwinmaker:listSyncJobs\",\"iottwinmaker:listSyncResources\",\"iottwinmaker:listWorkspaces\",\"iotwireless:getDestination\",\"iotwireless:getDeviceProfile\",\"iotwireless:getPartnerAccount\",\"iotwireless:getServiceEndpoint\",\"iotwireless:getServiceProfile\",\"iotwireless:getWirelessDevice\",\"iotwireless:getWirelessDeviceStatistics\",\"iotwireless:getWirelessGateway\",\"iotwireless:getWirelessGatewayCertificate\",\"iotwireless:getWirelessGatewayFirmwareInformation\",\"iotwireless:getWirelessGatewayStatistics\",\"iotwireless:getWirelessGatewayTask\",\"iotwireless:getWirelessGatewayTaskDefinition\",\"iotwireless:listDestinations\",\"iotwireless:listDeviceProfiles\",\"iotwireless:listPartnerAccounts\",\"iotwireless:listServiceProfiles\",\"iotwireless:listTagsForResource\",\"iotwireless:listWirelessDevices\",\"iotwireless:listWirelessGateways\",\"iotwireless:listWirelessGatewayTaskDefinitions\",\"ivs:getChannel\",\"ivs:getRecordingConfiguration\",\"ivs:getStream\",\"ivs:getStreamSession\",\"ivs:listChannels\",\"ivs:listPlaybackKeyPairs\",\"ivs:listRecordingConfigurations\",\"ivs:listStreamKeys\",\"ivs:listStreams\",\"ivs:listStreamSessions\",\"kafka:describeCluster\",\"kafka:describeClusterOperation\",\"kafka:describeClusterOperationV2\",\"kafka:describeClusterV2\",\"kafka:describeConfiguration\",\"kafka:describeConfigurationRevision\",\"kafka:describeReplicator\",\"kafka:describeVpcConnection\",\"kafka:getBootstrapBrokers\",\"kafka:getClusterPolicy\",\"kafka:listConfigurations\",\"kafka:listConfigurationRevisions\",\"kafka:listClientVpcConnections\",\"kafka:listClusterOperations\",\"kafka:listClusterOperationsV2\",\"kafka:listClusters\",\"kafka:listClustersV2\",\"kafka:listNodes\",\"kafka:listReplicators\",\"kafka:listScramSecrets\",\"kafka:listVpcConnections\",\"kafkaconnect:describeConnector\",\"kafkaconnect:describeCustomPlugin\",\"kafkaconnect:describeWorkerConfiguration\",\"kafkaconnect:listConnectors\",\"kafkaconnect:listCustomPlugins\",\"kafkaconnect:listWorkerConfigurations\",\"kendra:describeDataSource\",\"kendra:describeFaq\",\"kendra:describeIndex\",\"kendra:listDataSources\",\"kendra:listFaqs\",\"kendra:listIndices\",\"kinesis:describeStream\",\"kinesis:describeStreamConsumer\",\"kinesis:describeStreamSummary\",\"kinesis:listShards\",\"kinesis:listStreams\",\"kinesis:listStreamConsumers\",\"kinesis:listTagsForStream\",\"kinesisanalytics:describeApplication\",\"kinesisanalytics:describeApplicationSnapshot\",\"kinesisanalytics:listApplications\",\"kinesisanalytics:listApplicationSnapshots\",\"kinesisvideo:describeImageGenerationConfiguration\",\"kinesisvideo:describeNotificationConfiguration\",\"kinesisvideo:describeSignalingChannel\",\"kinesisvideo:describeStream\",\"kinesisvideo:getDataEndpoint\",\"kinesisvideo:getIceServerConfig\",\"kinesisvideo:getSignalingChannelEndpoint\",\"kinesisvideo:listSignalingChannels\",\"kinesisvideo:listStreams\",\"kms:describeKey\",\"kms:getKeyPolicy\",\"kms:getKeyRotationStatus\",\"kms:listAliases\",\"kms:listGrants\",\"kms:listKeyPolicies\",\"kms:listKeys\",\"kms:listResourceTags\",\"kms:listRetirableGrants\",\"lambda:getAccountSettings\",\"lambda:getAlias\",\"lambda:getCodeSigningConfig\",\"lambda:getEventSourceMapping\",\"lambda:getFunction\",\"lambda:getFunctionCodeSigningConfig\",\"lambda:getFunctionConcurrency\",\"lambda:getFunctionConfiguration\",\"lambda:getFunctionEventInvokeConfig\",\"lambda:getFunctionUrlConfig\",\"lambda:getLayerVersion\",\"lambda:getLayerVersionPolicy\",\"lambda:getPolicy\",\"lambda:getProvisionedConcurrencyConfig\",\"lambda:getRuntimeManagementConfig\",\"lambda:listAliases\",\"lambda:listCodeSigningConfigs\",\"lambda:listEventSourceMappings\",\"lambda:listFunctionEventInvokeConfigs\",\"lambda:listFunctions\",\"lambda:listFunctionsByCodeSigningConfig\",\"lambda:listFunctionUrlConfigs\",\"lambda:listLayers\",\"lambda:listLayerVersions\",\"lambda:listProvisionedConcurrencyConfigs\",\"lambda:listTags\",\"lambda:listVersionsByFunction\",\"launchwizard:describeProvisionedApp\",\"launchwizard:describeProvisioningEvents\",\"launchwizard:listProvisionedApps\",\"launchwizard:listDeployments\",\"launchwizard:listDeploymentEvents\",\"lex:describeBot\",\"lex:describeBotAlias\",\"lex:describeBotLocale\",\"lex:describeBotRecommendation\",\"lex:describeBotVersion\",\"lex:describeCustomVocabularyMetadata\",\"lex:describeExport\",\"lex:describeImport\",\"lex:describeIntent\",\"lex:describeResourcePolicy\",\"lex:describeSlot\",\"lex:describeSlotType\",\"lex:getBot\",\"lex:getBotAlias\",\"lex:getBotAliases\",\"lex:getBotChannelAssociation\",\"lex:getBotChannelAssociations\",\"lex:getBots\",\"lex:getBotVersions\",\"lex:getBuiltinIntent\",\"lex:getBuiltinIntents\",\"lex:getBuiltinSlotTypes\",\"lex:getIntent\",\"lex:getIntents\",\"lex:getIntentVersions\",\"lex:getSlotType\",\"lex:getSlotTypes\",\"lex:getSlotTypeVersions\",\"lex:listBotAliases\",\"lex:listBotLocales\",\"lex:listBotRecommendations\",\"lex:listBots\",\"lex:listBotVersions\",\"lex:listExports\",\"lex:listImports\",\"lex:listIntents\",\"lex:listRecommendedIntents\",\"lex:listSlots\",\"lex:listSlotTypes\",\"license-manager:getLicenseConfiguration\",\"license-manager:getServiceSettings\",\"license-manager:listAssociationsForLicenseConfiguration\",\"license-manager:listFailuresForLicenseConfigurationOperations\",\"license-manager:listLicenseConfigurations\",\"license-manager:listLicenseSpecificationsForResource\",\"license-manager:listResourceInventory\",\"license-manager:listUsageForLicenseConfiguration\",\"lightsail:getActiveNames\",\"lightsail:getAlarms\",\"lightsail:getAutoSnapshots\",\"lightsail:getBlueprints\",\"lightsail:getBucketBundles\",\"lightsail:getBucketMetricData\",\"lightsail:getBuckets\",\"lightsail:getBundles\",\"lightsail:getCertificates\",\"lightsail:getContainerImages\",\"lightsail:getContainerServiceDeployments\",\"lightsail:getContainerServiceMetricData\",\"lightsail:getContainerServicePowers\",\"lightsail:getContainerServices\",\"lightsail:getDisk\",\"lightsail:getDisks\",\"lightsail:getDiskSnapshot\",\"lightsail:getDiskSnapshots\",\"lightsail:getDistributionBundles\",\"lightsail:getDistributionMetricData\",\"lightsail:getDistributions\",\"lightsail:getDomain\",\"lightsail:getDomains\",\"lightsail:getExportSnapshotRecords\",\"lightsail:getInstance\",\"lightsail:getInstanceMetricData\",\"lightsail:getInstancePortStates\",\"lightsail:getInstances\",\"lightsail:getInstanceSnapshot\",\"lightsail:getInstanceSnapshots\",\"lightsail:getInstanceState\",\"lightsail:getKeyPair\",\"lightsail:getKeyPairs\",\"lightsail:getLoadBalancer\",\"lightsail:getLoadBalancerMetricData\",\"lightsail:getLoadBalancers\",\"lightsail:getLoadBalancerTlsCertificates\",\"lightsail:getOperation\",\"lightsail:getOperations\",\"lightsail:getOperationsForResource\",\"lightsail:getRegions\",\"lightsail:getRelationalDatabase\",\"lightsail:getRelationalDatabaseMetricData\",\"lightsail:getRelationalDatabases\",\"lightsail:getRelationalDatabaseSnapshot\",\"lightsail:getRelationalDatabaseSnapshots\",\"lightsail:getStaticIp\",\"lightsail:getStaticIps\",\"lightsail:isVpcPeered\",\"logs:describeAccountPolicies\",\"logs:describeDeliveries\",\"logs:describeDeliveryDestinations\",\"logs:describeDeliverySources\",\"logs:describeDestinations\",\"logs:describeExportTasks\",\"logs:describeLogGroups\",\"logs:describeLogStreams\",\"logs:describeMetricFilters\",\"logs:describeQueries\",\"logs:describeQueryDefinitions\",\"logs:describeResourcePolicies\",\"logs:describeSubscriptionFilters\",\"logs:getDataProtectionPolicy\",\"logs:getDelivery\",\"logs:getDeliveryDestination\",\"logs:getDeliveryDestinationPolicy\",\"logs:getDeliverySource\",\"logs:getLogAnomalyDetector\",\"logs:getLogDelivery\",\"logs:getLogGroupFields\",\"logs:listAnomalies\",\"logs:listLogAnomalyDetectors\",\"logs:listLogDeliveries\",\"logs:testMetricFilter\",\"lookoutequipment:describeDataIngestionJob\",\"lookoutequipment:describeDataset\",\"lookoutequipment:describeInferenceScheduler\",\"lookoutequipment:describeModel\",\"lookoutequipment:listDataIngestionJobs\",\"lookoutequipment:listDatasets\",\"lookoutequipment:listInferenceExecutions\",\"lookoutequipment:listInferenceSchedulers\",\"lookoutequipment:listModels\",\"lookoutmetrics:describeAlert\",\"lookoutmetrics:describeAnomalyDetectionExecutions\",\"lookoutmetrics:describeAnomalyDetector\",\"lookoutmetrics:describeMetricSet\",\"lookoutmetrics:getAnomalyGroup\",\"lookoutmetrics:getDataQualityMetrics\",\"lookoutmetrics:getFeedback\",\"lookoutmetrics:getSampleData\",\"lookoutmetrics:listAlerts\",\"lookoutmetrics:listAnomalyDetectors\",\"lookoutmetrics:listAnomalyGroupSummaries\",\"lookoutmetrics:listAnomalyGroupTimeSeries\",\"lookoutmetrics:listMetricSets\",\"lookoutmetrics:listTagsForResource\",\"machinelearning:describeBatchPredictions\",\"machinelearning:describeDataSources\",\"machinelearning:describeEvaluations\",\"machinelearning:describeMLModels\",\"machinelearning:getBatchPrediction\",\"machinelearning:getDataSource\",\"machinelearning:getEvaluation\",\"machinelearning:getMLModel\",\"macie2:getClassificationExportConfiguration\",\"macie2:getCustomDataIdentifier\",\"macie2:getFindings\",\"macie2:getFindingStatistics\",\"macie2:listClassificationJobs\",\"macie2:listCustomDataIdentifiers\",\"macie2:listFindings\",\"managedblockchain:getMember\",\"managedblockchain:getNetwork\",\"managedblockchain:getNode\",\"managedblockchain:listMembers\",\"managedblockchain:listNetworks\",\"managedblockchain:listNodes\",\"mediaconnect:describeFlow\",\"mediaconnect:listEntitlements\",\"mediaconnect:listFlows\",\"mediaconvert:describeEndpoints\",\"mediaconvert:getJob\",\"mediaconvert:getJobTemplate\",\"mediaconvert:getPreset\",\"mediaconvert:getQueue\",\"mediaconvert:listJobs\",\"mediaconvert:listJobTemplates\",\"medialive:describeChannel\",\"medialive:describeInput\",\"medialive:describeInputDevice\",\"medialive:describeInputSecurityGroup\",\"medialive:describeMultiplex\",\"medialive:describeOffering\",\"medialive:describeReservation\",\"medialive:describeSchedule\",\"medialive:listChannels\",\"medialive:listInputDevices\",\"medialive:listInputs\",\"medialive:listInputSecurityGroups\",\"medialive:listMultiplexes\",\"medialive:listOfferings\",\"medialive:listReservations\",\"mediapackage:describeChannel\",\"mediapackage:describeOriginEndpoint\",\"mediapackage:listChannels\",\"mediapackage:listOriginEndpoints\",\"mediastore:describeContainer\",\"mediastore:getContainerPolicy\",\"mediastore:getCorsPolicy\",\"mediastore:listContainers\",\"mediatailor:getPlaybackConfiguration\",\"mediatailor:listPlaybackConfigurations\",\"medical-imaging:getDatastore\",\"medical-imaging:listDatastores\",\"mgn:describeJobLogItems\",\"mgn:describeJobs\",\"mgn:describeLaunchConfigurationTemplates\",\"mgn:describeReplicationConfigurationTemplates\",\"mgn:describeSourceServers\",\"mgn:describeVcenterClients\",\"mgn:getLaunchConfiguration\",\"mgn:getReplicationConfiguration\",\"mgn:listApplications\",\"mgn:listSourceServerActions\",\"mgn:listTemplateActions\",\"mgn:listWaves\",\"mobiletargeting:getAdmChannel\",\"mobiletargeting:getApnsChannel\",\"mobiletargeting:getApnsSandboxChannel\",\"mobiletargeting:getApnsVoipChannel\",\"mobiletargeting:getApnsVoipSandboxChannel\",\"mobiletargeting:getApp\",\"mobiletargeting:getApplicationSettings\",\"mobiletargeting:getApps\",\"mobiletargeting:getBaiduChannel\",\"mobiletargeting:getCampaign\",\"mobiletargeting:getCampaignActivities\",\"mobiletargeting:getCampaigns\",\"mobiletargeting:getCampaignVersion\",\"mobiletargeting:getCampaignVersions\",\"mobiletargeting:getEmailChannel\",\"mobiletargeting:getEndpoint\",\"mobiletargeting:getEventStream\",\"mobiletargeting:getExportJob\",\"mobiletargeting:getExportJobs\",\"mobiletargeting:getGcmChannel\",\"mobiletargeting:getImportJob\",\"mobiletargeting:getImportJobs\",\"mobiletargeting:getJourney\",\"mobiletargeting:getJourneyExecutionMetrics\",\"mobiletargeting:getJourneyExecutionActivityMetrics\",\"mobiletargeting:getJourneyRunExecutionActivityMetrics\",\"mobiletargeting:getJourneyRunExecutionMetrics\",\"mobiletargeting:getJourneyRuns\",\"mobiletargeting:getSegment\",\"mobiletargeting:getSegmentImportJobs\",\"mobiletargeting:getSegments\",\"mobiletargeting:getSegmentVersion\",\"mobiletargeting:getSegmentVersions\",\"mobiletargeting:getSmsChannel\",\"mobiletargeting:listJourneys\",\"mq:describeBroker\",\"mq:describeConfiguration\",\"mq:describeConfigurationRevision\",\"mq:describeUser\",\"mq:listBrokers\",\"mq:listConfigurationRevisions\",\"mq:listConfigurations\",\"mq:listUsers\",\"m2:getApplication\",\"m2:getApplicationVersion\",\"m2:getBatchJobExecution\",\"m2:getDataSetDetails\",\"m2:getDataSetImportTask\",\"m2:getDeployment\",\"m2:getEnvironment\",\"m2:listApplications\",\"m2:listApplicationVersions\",\"m2:listBatchJobDefinitions\",\"m2:listBatchJobExecutions\",\"m2:listDataSetImportHistory\",\"m2:listDataSets\",\"m2:listDeployments\",\"m2:listEngineVersions\",\"m2:listEnvironments\",\"network-firewall:describeFirewall\",\"network-firewall:describeFirewallPolicy\",\"network-firewall:describeLoggingConfiguration\",\"network-firewall:describeRuleGroup\",\"network-firewall:describeTlsInspectionConfiguration\",\"network-firewall:listFirewallPolicies\",\"network-firewall:listFirewalls\",\"network-firewall:listRuleGroups\",\"network-firewall:listTlsInspectionConfigurations\",\"networkmanager:describeGlobalNetworks\",\"networkmanager:getConnectAttachment\",\"networkmanager:getConnections\",\"networkmanager:getConnectPeer\",\"networkmanager:getConnectPeerAssociations\",\"networkmanager:getCoreNetwork\",\"networkmanager:getCoreNetworkChangeEvents\",\"networkmanager:getCoreNetworkChangeSet\",\"networkmanager:getCoreNetworkPolicy\",\"networkmanager:getCustomerGatewayAssociations\",\"networkmanager:getDevices\",\"networkmanager:getLinkAssociations\",\"networkmanager:getLinks\",\"networkmanager:getNetworkResourceCounts\",\"networkmanager:getNetworkResourceRelationships\",\"networkmanager:getNetworkResources\",\"networkmanager:getNetworkRoutes\",\"networkmanager:getNetworkTelemetry\",\"networkmanager:getResourcePolicy\",\"networkmanager:getRouteAnalysis\",\"networkmanager:getSites\",\"networkmanager:getSiteToSiteVpnAttachment\",\"networkmanager:getTransitGatewayConnectPeerAssociations\",\"networkmanager:getTransitGatewayPeering\",\"networkmanager:getTransitGatewayRegistrations\",\"networkmanager:getTransitGatewayRouteTableAttachment\",\"networkmanager:getVpcAttachment\",\"networkmanager:listAttachments\",\"networkmanager:listConnectPeers\",\"networkmanager:listCoreNetworkPolicyVersions\",\"networkmanager:listCoreNetworks\",\"networkmanager:listOrganizationServiceAccessStatus\",\"networkmanager:listPeerings\",\"networkmanager:listTagsForResource\",\"networkmonitor:getMonitor\",\"networkmonitor:getProbe\",\"networkmonitor:listMonitors\",\"nimble:getEula\",\"nimble:getLaunchProfile\",\"nimble:getLaunchProfileDetails\",\"nimble:getLaunchProfileInitialization\",\"nimble:getLaunchProfileMember\",\"nimble:getStreamingImage\",\"nimble:getStreamingSession\",\"nimble:getStreamingSessionStream\",\"nimble:getStudio\",\"nimble:getStudioComponent\",\"nimble:listEulaAcceptances\",\"nimble:listEulas\",\"nimble:listLaunchProfiles\",\"nimble:listStreamingImages\",\"nimble:listStreamingSessions\",\"nimble:listStudioComponents\",\"nimble:listStudios\",\"notifications:getEventRule\",\"notifications:getNotificationConfiguration\",\"notifications:getNotificationEvent\",\"notifications:listChannels\",\"notifications:listEventRules\",\"notifications:listNotificationConfigurations\",\"notifications:listNotificationEvents\",\"notifications:listNotificationHubs\",\"notifications-contacts:getEmailContact\",\"notifications-contacts:listEmailContacts\",\"oam:getLink\",\"oam:getSink\",\"oam:getSinkPolicy\",\"oam:listAttachedLinks\",\"oam:listLinks\",\"oam:listSinks\",\"omics:getAnnotationImportJob\",\"omics:getAnnotationStore\",\"omics:getReadSetImportJob\",\"omics:getReadSetMetadata\",\"omics:getReference\",\"omics:getReferenceImportJob\",\"omics:getReferenceMetadata\",\"omics:getReferenceStore\",\"omics:getRun\",\"omics:getRunGroup\",\"omics:getSequenceStore\",\"omics:getVariantImportJob\",\"omics:getVariantStore\",\"omics:getWorkflow\",\"omics:listAnnotationImportJobs\",\"omics:listAnnotationStores\",\"omics:listMultipartReadSetUploads\",\"omics:listReadSetImportJobs\",\"omics:listReadSets\",\"omics:listReadSetUploadParts\",\"omics:listReferenceImportJobs\",\"omics:listReferenceStores\",\"omics:listReferences\",\"omics:listRunGroups\",\"omics:listRunTasks\",\"omics:listRuns\",\"omics:listSequenceStores\",\"omics:listVariantImportJobs\",\"omics:listVariantStores\",\"omics:listWorkflows\",\"opsworks-cm:describeAccountAttributes\",\"opsworks-cm:describeBackups\",\"opsworks-cm:describeEvents\",\"opsworks-cm:describeNodeAssociationStatus\",\"opsworks-cm:describeServers\",\"opsworks:describeAgentVersions\",\"opsworks:describeApps\",\"opsworks:describeCommands\",\"opsworks:describeDeployments\",\"opsworks:describeEcsClusters\",\"opsworks:describeElasticIps\",\"opsworks:describeElasticLoadBalancers\",\"opsworks:describeInstances\",\"opsworks:describeLayers\",\"opsworks:describeLoadBasedAutoScaling\",\"opsworks:describeMyUserProfile\",\"opsworks:describePermissions\",\"opsworks:describeRaidArrays\",\"opsworks:describeRdsDbInstances\",\"opsworks:describeServiceErrors\",\"opsworks:describeStackProvisioningParameters\",\"opsworks:describeStacks\",\"opsworks:describeStackSummary\",\"opsworks:describeTimeBasedAutoScaling\",\"opsworks:describeUserProfiles\",\"opsworks:describeVolumes\",\"opsworks:getHostnameSuggestion\",\"organizations:listAccounts\",\"organizations:listTagsForResource\",\"osis:getPipeline\",\"osis:getPipelineBlueprint\",\"osis:getPipelineChangeProgress\",\"osis:listPipelineBlueprints\",\"osis:listPipelines\",\"osis:validatePipeline\",\"outposts:getCatalogItem\",\"outposts:getConnection\",\"outposts:getOrder\",\"outposts:getOutpost\",\"outposts:getOutpostInstanceTypes\",\"outposts:getSite\",\"outposts:listAssets\",\"outposts:listCatalogItems\",\"outposts:listOrders\",\"outposts:listOutposts\",\"outposts:listSites\",\"personalize:describeAlgorithm\",\"personalize:describeBatchInferenceJob\",\"personalize:describeBatchSegmentJob\",\"personalize:describeCampaign\",\"personalize:describeDataset\",\"personalize:describeDatasetExportJob\",\"personalize:describeDatasetGroup\",\"personalize:describeDatasetImportJob\",\"personalize:describeEventTracker\",\"personalize:describeFeatureTransformation\",\"personalize:describeFilter\",\"personalize:describeRecipe\",\"personalize:describeRecommender\",\"personalize:describeSchema\",\"personalize:describeSolution\",\"personalize:describeSolutionVersion\",\"personalize:getPersonalizedRanking\",\"personalize:getRecommendations\",\"personalize:getSolutionMetrics\",\"personalize:listBatchInferenceJobs\",\"personalize:listBatchSegmentJobs\",\"personalize:listCampaigns\",\"personalize:listDatasetExportJobs\",\"personalize:listDatasetGroups\",\"personalize:listDatasetImportJobs\",\"personalize:listDatasets\",\"personalize:listEventTrackers\",\"personalize:listRecipes\",\"personalize:listRecommenders\",\"personalize:listSchemas\",\"personalize:listSolutions\",\"personalize:listSolutionVersions\",\"pipes:describePipe\",\"pipes:listPipes\",\"pipes:listTagsForResource\",\"polly:describeVoices\",\"polly:getLexicon\",\"polly:listLexicons\",\"pricing:describeServices\",\"pricing:getAttributeValues\",\"pricing:getProducts\",\"private-networks:getDeviceIdentifier\",\"private-networks:getNetwork\",\"private-networks:getNetworkResource\",\"private-networks:listDeviceIdentifiers\",\"private-networks:listNetworks\",\"private-networks:listNetworkResources\",\"qbusiness:getApplication\",\"qbusiness:getDataSource\",\"qbusiness:getIndex\",\"qbusiness:getRetriever\",\"qbusiness:getWebExperience\",\"qbusiness:listApplications\",\"qbusiness:listDataSources\",\"qbusiness:listDataSourceSyncJobs\",\"qbusiness:listIndices\",\"qbusiness:listRetrievers\",\"qbusiness:listWebExperiences\",\"quicksight:describeAccountCustomization\",\"quicksight:describeAccountSettings\",\"quicksight:describeAccountSubscription\",\"quicksight:describeAnalysis\",\"quicksight:describeAnalysisPermissions\",\"quicksight:describeDashboard\",\"quicksight:describeDashboardPermissions\",\"quicksight:describeDataSet\",\"quicksight:describeDataSetPermissions\",\"quicksight:describeDataSetRefreshProperties\",\"quicksight:describeDataSource\",\"quicksight:describeDataSourcePermissions\",\"quicksight:describeFolder\",\"quicksight:describeFolderPermissions\",\"quicksight:describeFolderResolvedPermissions\",\"quicksight:describeGroup\",\"quicksight:describeGroupMembership\",\"quicksight:describeIAMPolicyAssignment\",\"quicksight:describeIngestion\",\"quicksight:describeIpRestriction\",\"quicksight:describeNamespace\",\"quicksight:describeRefreshSchedule\",\"quicksight:describeTemplate\",\"quicksight:describeTemplateAlias\",\"quicksight:describeTemplatePermissions\",\"quicksight:describeTheme\",\"quicksight:describeThemeAlias\",\"quicksight:describeThemePermissions\",\"quicksight:describeTopic\",\"quicksight:describeTopicPermissions\",\"quicksight:describeTopicRefresh\",\"quicksight:describeTopicRefreshSchedule\",\"quicksight:describeUser\",\"quicksight:describeVPCConnection\",\"quicksight:listAnalyses\",\"quicksight:listDashboards\",\"quicksight:listDashboardVersions\",\"quicksight:listDataSets\",\"quicksight:listDataSources\",\"quicksight:listFolderMembers\",\"quicksight:listFolders\",\"quicksight:listGroupMemberships\",\"quicksight:listGroups\",\"quicksight:listIAMPolicyAssignments\",\"quicksight:listIAMPolicyAssignmentsForUser\",\"quicksight:listIngestions\",\"quicksight:listNamespaces\",\"quicksight:listRefreshSchedules\",\"quicksight:listTemplateAliases\",\"quicksight:listTemplates\",\"quicksight:listTemplateVersions\",\"quicksight:listThemeAliases\",\"quicksight:listThemes\",\"quicksight:listThemeVersions\",\"quicksight:listTopicRefreshSchedules\",\"quicksight:listTopics\",\"quicksight:listUserGroups\",\"quicksight:listUsers\",\"quicksight:listVPCConnections\",\"quicksight:searchAnalyses\",\"quicksight:searchDashboards\",\"quicksight:searchDataSets\",\"quicksight:searchDataSources\",\"quicksight:searchFolders\",\"quicksight:searchGroups\",\"ram:getPermission\",\"ram:getResourceShareAssociations\",\"ram:getResourceShareInvitations\",\"ram:getResourceShares\",\"ram:listPendingInvitationResources\",\"ram:listPrincipals\",\"ram:listResources\",\"ram:listResourceSharePermissions\",\"rbin:getRule\",\"rbin:listRules\",\"rds:describeAccountAttributes\",\"rds:describeBlueGreenDeployments\",\"rds:describeCertificates\",\"rds:describeDBClusterEndpoints\",\"rds:describeDBClusterParameterGroups\",\"rds:describeDBClusterParameters\",\"rds:describeDBClusters\",\"rds:describeDBClusterSnapshots\",\"rds:describeDBEngineVersions\",\"rds:describeDBInstanceAutomatedBackups\",\"rds:describeDBInstances\",\"rds:describeDBLogFiles\",\"rds:describeDBParameterGroups\",\"rds:describeDBParameters\",\"rds:describeDBSecurityGroups\",\"rds:describeDBSnapshotAttributes\",\"rds:describeDBSnapshots\",\"rds:describeDBSubnetGroups\",\"rds:describeEngineDefaultClusterParameters\",\"rds:describeEngineDefaultParameters\",\"rds:describeEventCategories\",\"rds:describeEvents\",\"rds:describeEventSubscriptions\",\"rds:describeExportTasks\",\"rds:describeGlobalClusters\",\"rds:describeIntegrations\",\"rds:describeOptionGroupOptions\",\"rds:describeOptionGroups\",\"rds:describeOrderableDBInstanceOptions\",\"rds:describePendingMaintenanceActions\",\"rds:describeReservedDBInstances\",\"rds:describeReservedDBInstancesOfferings\",\"rds:describeSourceRegions\",\"rds:describeValidDBInstanceModifications\",\"rds:listTagsForResource\",\"redshift-data:describeStatement\",\"redshift-data:listStatements\",\"redshift:describeClusterParameterGroups\",\"redshift:describeClusterParameters\",\"redshift:describeClusters\",\"redshift:describeClusterSecurityGroups\",\"redshift:describeClusterSnapshots\",\"redshift:describeClusterSubnetGroups\",\"redshift:describeClusterVersions\",\"redshift:describeDataShares\",\"redshift:describeDataSharesForConsumer\",\"redshift:describeDataSharesForProducer\",\"redshift:describeDefaultClusterParameters\",\"redshift:describeEventCategories\",\"redshift:describeEvents\",\"redshift:describeEventSubscriptions\",\"redshift:describeHsmClientCertificates\",\"redshift:describeHsmConfigurations\",\"redshift:describeLoggingStatus\",\"redshift:describeOrderableClusterOptions\",\"redshift:describeReservedNodeOfferings\",\"redshift:describeReservedNodes\",\"redshift:describeResize\",\"redshift:describeSnapshotCopyGrants\",\"redshift:describeStorage\",\"redshift:describeTableRestoreStatus\",\"redshift:describeTags\",\"redshift-serverless:getEndpointAccess\",\"redshift-serverless:getNamespace\",\"redshift-serverless:getRecoveryPoint\",\"redshift-serverless:getSnapshot\",\"redshift-serverless:getTableRestoreStatus\",\"redshift-serverless:getUsageLimit\",\"redshift-serverless:getWorkgroup\",\"redshift-serverless:listEndpointAccess\",\"redshift-serverless:listNamespaces\",\"redshift-serverless:listRecoveryPoints\",\"redshift-serverless:listSnapshots\",\"redshift-serverless:listTableRestoreStatus\",\"redshift-serverless:listUsageLimits\",\"redshift-serverless:listWorkgroups\",\"rekognition:listCollections\",\"rekognition:listFaces\",\"resource-explorer-2:getAccountLevelServiceConfiguration\",\"resource-explorer-2:getIndex\",\"resource-explorer-2:getView\",\"resource-explorer-2:listIndexes\",\"resource-explorer-2:listViews\",\"resource-explorer-2:search\",\"resource-groups:getGroup\",\"resource-groups:getGroupQuery\",\"resource-groups:getTags\",\"resource-groups:listGroupResources\",\"resource-groups:listGroups\",\"resource-groups:searchResources\",\"robomaker:batchDescribeSimulationJob\",\"robomaker:describeDeploymentJob\",\"robomaker:describeFleet\",\"robomaker:describeRobot\",\"robomaker:describeRobotApplication\",\"robomaker:describeSimulationApplication\",\"robomaker:describeSimulationJob\",\"robomaker:listDeploymentJobs\",\"robomaker:listFleets\",\"robomaker:listRobotApplications\",\"robomaker:listRobots\",\"robomaker:listSimulationApplications\",\"robomaker:listSimulationJobs\",\"route53-recovery-cluster:getRoutingControlState\",\"route53-recovery-cluster:listRoutingControls\",\"route53-recovery-control-config:describeControlPanel\",\"route53-recovery-control-config:describeRoutingControl\",\"route53-recovery-control-config:describeSafetyRule\",\"route53-recovery-control-config:listControlPanels\",\"route53-recovery-control-config:listRoutingControls\",\"route53-recovery-control-config:listSafetyRules\",\"route53-recovery-readiness:getCell\",\"route53-recovery-readiness:getCellReadinessSummary\",\"route53-recovery-readiness:getReadinessCheck\",\"route53-recovery-readiness:getReadinessCheckResourceStatus\",\"route53-recovery-readiness:getReadinessCheckStatus\",\"route53-recovery-readiness:getRecoveryGroup\",\"route53-recovery-readiness:getRecoveryGroupReadinessSummary\",\"route53-recovery-readiness:listCells\",\"route53-recovery-readiness:listReadinessChecks\",\"route53-recovery-readiness:listRecoveryGroups\",\"route53-recovery-readiness:listResourceSets\",\"route53:getAccountLimit\",\"route53:getChange\",\"route53:getCheckerIpRanges\",\"route53:getDNSSEC\",\"route53:getGeoLocation\",\"route53:getHealthCheck\",\"route53:getHealthCheckCount\",\"route53:getHealthCheckLastFailureReason\",\"route53:getHealthCheckStatus\",\"route53:getHostedZone\",\"route53:getHostedZoneCount\",\"route53:getHostedZoneLimit\",\"route53:getQueryLoggingConfig\",\"route53:getReusableDelegationSet\",\"route53:getTrafficPolicy\",\"route53:getTrafficPolicyInstance\",\"route53:getTrafficPolicyInstanceCount\",\"route53:listCidrBlocks\",\"route53:listCidrCollections\",\"route53:listCidrLocations\",\"route53:listGeoLocations\",\"route53:listHealthChecks\",\"route53:listHostedZones\",\"route53:listHostedZonesByName\",\"route53:listHostedZonesByVpc\",\"route53:listQueryLoggingConfigs\",\"route53:listResourceRecordSets\",\"route53:listReusableDelegationSets\",\"route53:listTrafficPolicies\",\"route53:listTrafficPolicyInstances\",\"route53:listTrafficPolicyInstancesByHostedZone\",\"route53:listTrafficPolicyInstancesByPolicy\",\"route53:listTrafficPolicyVersions\",\"route53:listVPCAssociationAuthorizations\",\"route53domains:checkDomainAvailability\",\"route53domains:getContactReachabilityStatus\",\"route53domains:getDomainDetail\",\"route53domains:getOperationDetail\",\"route53domains:listDomains\",\"route53domains:listOperations\",\"route53domains:listPrices\",\"route53domains:listTagsForDomain\",\"route53domains:viewBilling\",\"route53profiles:getProfile\",\"route53profiles:listProfileAssociations\",\"route53profiles:listProfileResourceAssociations\",\"route53profiles:listProfiles\",\"route53profiles:listTagsForResource\",\"route53profiles:getProfileResourceAssociation\",\"route53profiles:getProfileAssociation\",\"route53resolver:getFirewallConfig\",\"route53resolver:getFirewallDomainList\",\"route53resolver:getFirewallRuleGroup\",\"route53resolver:getFirewallRuleGroupAssociation\",\"route53resolver:getFirewallRuleGroupPolicy\",\"route53resolver:getOutpostResolver\",\"route53resolver:getResolverDnssecConfig\",\"route53resolver:getResolverQueryLogConfig\",\"route53resolver:getResolverQueryLogConfigAssociation\",\"route53resolver:getResolverQueryLogConfigPolicy\",\"route53resolver:getResolverRule\",\"route53resolver:getResolverRuleAssociation\",\"route53resolver:getResolverRulePolicy\",\"route53resolver:listFirewallConfigs\",\"route53resolver:listFirewallDomainLists\",\"route53resolver:listFirewallDomains\",\"route53resolver:listFirewallRuleGroupAssociations\",\"route53resolver:listFirewallRuleGroups\",\"route53resolver:listFirewallRules\",\"route53resolver:listOutpostResolvers\",\"route53resolver:listResolverConfigs\",\"route53resolver:listResolverDnssecConfigs\",\"route53resolver:listResolverEndpointIpAddresses\",\"route53resolver:listResolverEndpoints\",\"route53resolver:listResolverQueryLogConfigAssociations\",\"route53resolver:listResolverQueryLogConfigs\",\"route53resolver:listResolverRuleAssociations\",\"route53resolver:listResolverRules\",\"route53resolver:listTagsForResource\",\"rum:batchGetRumMetricDefinitions\",\"rum:getAppMonitor\",\"rum:listAppMonitors\",\"rum:listRumMetricsDestinations\",\"s3:describeJob\",\"s3:describeMultiRegionAccessPointOperation\",\"s3:getAccelerateConfiguration\",\"s3:getAccessPoint\",\"s3:getAccessPointConfigurationForObjectLambda\",\"s3:getAccessPointForObjectLambda\",\"s3:getAccessPointPolicy\",\"s3:getAccessPointPolicyForObjectLambda\",\"s3:getAccessPointPolicyStatus\",\"s3:getAccessPointPolicyStatusForObjectLambda\",\"s3:getAccountPublicAccessBlock\",\"s3:getAnalyticsConfiguration\",\"s3:getBucketAcl\",\"s3:getBucketCORS\",\"s3:getBucketLocation\",\"s3:getBucketLogging\",\"s3:getBucketNotification\",\"s3:getBucketObjectLockConfiguration\",\"s3:getBucketOwnershipControls\",\"s3:getBucketPolicy\",\"s3:getBucketPolicyStatus\",\"s3:getBucketPublicAccessBlock\",\"s3:getBucketRequestPayment\",\"s3:getBucketVersioning\",\"s3:getBucketWebsite\",\"s3:getEncryptionConfiguration\",\"s3:getIntelligentTieringConfiguration\",\"s3:getInventoryConfiguration\",\"s3:getLifecycleConfiguration\",\"s3:getMetricsConfiguration\",\"s3:getMultiRegionAccessPoint\",\"s3:getMultiRegionAccessPointPolicy\",\"s3:getMultiRegionAccessPointPolicyStatus\",\"s3:getMultiRegionAccessPointRoutes\",\"s3:getObjectLegalHold\",\"s3:getObjectRetention\",\"s3:getReplicationConfiguration\",\"s3:getStorageLensConfiguration\",\"s3:listAccessPoints\",\"s3:listAccessPointsForObjectLambda\",\"s3:listAllMyBuckets\",\"s3:listBucket\",\"s3:listBucketMultipartUploads\",\"s3:listBucketVersions\",\"s3:listJobs\",\"s3:listMultipartUploadParts\",\"s3:listMultiRegionAccessPoints\",\"s3:listStorageLensConfigurations\",\"s3express:getBucketPolicy\",\"s3express:listAllMyDirectoryBuckets\",\"sagemaker:describeAction\",\"sagemaker:describeAlgorithm\",\"sagemaker:describeApp\",\"sagemaker:describeAppImageConfig\",\"sagemaker:describeArtifact\",\"sagemaker:describeAutoMLJob\",\"sagemaker:describeCluster\",\"sagemaker:describeClusterNode\",\"sagemaker:describeCodeRepository\",\"sagemaker:describeCompilationJob\",\"sagemaker:describeContext\",\"sagemaker:describeDataQualityJobDefinition\",\"sagemaker:describeDevice\",\"sagemaker:describeDeviceFleet\",\"sagemaker:describeDomain\",\"sagemaker:describeEdgeDeploymentPlan\",\"sagemaker:describeEdgePackagingJob\",\"sagemaker:describeEndpoint\",\"sagemaker:describeEndpointConfig\",\"sagemaker:describeExperiment\",\"sagemaker:describeFeatureGroup\",\"sagemaker:describeFeatureMetadata\",\"sagemaker:describeFlowDefinition\",\"sagemaker:describeHub\",\"sagemaker:describeHubContent\",\"sagemaker:describeHumanTaskUi\",\"sagemaker:describeHyperParameterTuningJob\",\"sagemaker:describeImage\",\"sagemaker:describeImageVersion\",\"sagemaker:describeInferenceComponent\",\"sagemaker:describeInferenceExperiment\",\"sagemaker:describeInferenceRecommendationsJob\",\"sagemaker:describeLabelingJob\",\"sagemaker:describeModel\",\"sagemaker:describeModelBiasJobDefinition\",\"sagemaker:describeModelCard\",\"sagemaker:describeModelCardExportJob\",\"sagemaker:describeModelExplainabilityJobDefinition\",\"sagemaker:describeModelPackage\",\"sagemaker:describeModelPackageGroup\",\"sagemaker:describeModelQualityJobDefinition\",\"sagemaker:describeMonitoringSchedule\",\"sagemaker:describeNotebookInstance\",\"sagemaker:describeNotebookInstanceLifecycleConfig\",\"sagemaker:describePipeline\",\"sagemaker:describePipelineDefinitionForExecution\",\"sagemaker:describePipelineExecution\",\"sagemaker:describeProcessingJob\",\"sagemaker:describeProject\",\"sagemaker:describeSpace\",\"sagemaker:describeStudioLifecycleConfig\",\"sagemaker:describeSubscribedWorkteam\",\"sagemaker:describeTrainingJob\",\"sagemaker:describeTransformJob\",\"sagemaker:describeTrial\",\"sagemaker:describeTrialComponent\",\"sagemaker:describeUserProfile\",\"sagemaker:describeWorkforce\",\"sagemaker:describeWorkteam\",\"sagemaker:getDeviceFleetReport\",\"sagemaker:getModelPackageGroupPolicy\",\"sagemaker:getSagemakerServicecatalogPortfolioStatus\",\"sagemaker:listActions\",\"sagemaker:listAlgorithms\",\"sagemaker:listAliases\",\"sagemaker:listAppImageConfigs\",\"sagemaker:listApps\",\"sagemaker:listArtifacts\",\"sagemaker:listAssociations\",\"sagemaker:listAutoMLJobs\",\"sagemaker:listCandidatesForAutoMLJob\",\"sagemaker:listClusterNodes\",\"sagemaker:listClusters\",\"sagemaker:listCodeRepositories\",\"sagemaker:listCompilationJobs\",\"sagemaker:listContexts\",\"sagemaker:listDataQualityJobDefinitions\",\"sagemaker:listDeviceFleets\",\"sagemaker:listDevices\",\"sagemaker:listDomains\",\"sagemaker:listEdgeDeploymentPlans\",\"sagemaker:listEdgePackagingJobs\",\"sagemaker:listEndpointConfigs\",\"sagemaker:listEndpoints\",\"sagemaker:listExperiments\",\"sagemaker:listFeatureGroups\",\"sagemaker:listFlowDefinitions\",\"sagemaker:listHubContents\",\"sagemaker:listHubContentVersions\",\"sagemaker:listHubs\",\"sagemaker:listHumanTaskUis\",\"sagemaker:listHyperParameterTuningJobs\",\"sagemaker:listImages\",\"sagemaker:listImageVersions\",\"sagemaker:listInferenceComponents\",\"sagemaker:listInferenceExperiments\",\"sagemaker:listInferenceRecommendationsJobs\",\"sagemaker:listInferenceRecommendationsJobSteps\",\"sagemaker:listLabelingJobs\",\"sagemaker:listLabelingJobsForWorkteam\",\"sagemaker:listLineageGroups\",\"sagemaker:listModelBiasJobDefinitions\",\"sagemaker:listModelCardExportJobs\",\"sagemaker:listModelCards\",\"sagemaker:listModelCardVersions\",\"sagemaker:listModelExplainabilityJobDefinitions\",\"sagemaker:listModelMetadata\",\"sagemaker:listModelPackageGroups\",\"sagemaker:listModelPackages\",\"sagemaker:listModelQualityJobDefinitions\",\"sagemaker:listModels\",\"sagemaker:listMonitoringAlertHistory\",\"sagemaker:listMonitoringAlerts\",\"sagemaker:listMonitoringExecutions\",\"sagemaker:listMonitoringSchedules\",\"sagemaker:listNotebookInstanceLifecycleConfigs\",\"sagemaker:listNotebookInstances\",\"sagemaker:listPipelineExecutions\",\"sagemaker:listPipelineExecutionSteps\",\"sagemaker:listPipelineParametersForExecution\",\"sagemaker:listPipelines\",\"sagemaker:listProcessingJobs\",\"sagemaker:listProjects\",\"sagemaker:listSpaces\",\"sagemaker:listStageDevices\",\"sagemaker:listStudioLifecycleConfigs\",\"sagemaker:listSubscribedWorkteams\",\"sagemaker:listTags\",\"sagemaker:listTrainingJobs\",\"sagemaker:listTrainingJobsForHyperParameterTuningJob\",\"sagemaker:listTransformJobs\",\"sagemaker:listTrialComponents\",\"sagemaker:listTrials\",\"sagemaker:listUserProfiles\",\"sagemaker:listWorkforces\",\"sagemaker:listWorkteams\",\"savingsplans:describeSavingsPlans\",\"scheduler:getSchedule\",\"scheduler:getScheduleGroup\",\"scheduler:listScheduleGroups\",\"scheduler:listSchedules\",\"schemas:describeCodeBinding\",\"schemas:describeDiscoverer\",\"schemas:describeRegistry\",\"schemas:describeSchema\",\"schemas:getCodeBindingSource\",\"schemas:getDiscoveredSchema\",\"schemas:getResourcePolicy\",\"schemas:listDiscoverers\",\"schemas:listRegistries\",\"schemas:listSchemas\",\"schemas:listSchemaVersions\",\"sdb:domainMetadata\",\"sdb:listDomains\",\"secretsmanager:describeSecret\",\"secretsmanager:getResourcePolicy\",\"secretsmanager:listSecrets\",\"secretsmanager:listSecretVersionIds\",\"securityhub:getEnabledStandards\",\"securityhub:getFindings\",\"securityhub:getInsightResults\",\"securityhub:getInsights\",\"securityhub:getMasterAccount\",\"securityhub:getMembers\",\"securityhub:listEnabledProductsForImport\",\"securityhub:listInvitations\",\"securityhub:listMembers\",\"securityhub:describeOrganizationConfiguration\",\"securityhub:batchGetConfigurationPolicyAssociations\",\"securityhub:getConfigurationPolicy\",\"securityhub:getConfigurationPolicyAssociation\",\"securityhub:listConfigurationPolicies\",\"securityhub:listConfigurationPolicyAssociations\",\"securityhub:getFindingAggregator\",\"securityhub:listFindingAggregators\",\"securitylake:getDataLakeExceptionSubscription\",\"securitylake:getDataLakeOrganizationConfiguration\",\"securitylake:getDataLakeSources\",\"securitylake:getSubscriber\",\"securitylake:listDataLakeExceptions\",\"securitylake:listDataLakes\",\"securitylake:listLogSources\",\"securitylake:listSubscribers\",\"serverlessrepo:getApplication\",\"serverlessrepo:getApplicationPolicy\",\"serverlessrepo:getCloudFormationTemplate\",\"serverlessrepo:listApplicationDependencies\",\"serverlessrepo:listApplications\",\"serverlessrepo:listApplicationVersions\",\"servicecatalog:describeConstraint\",\"servicecatalog:describePortfolio\",\"servicecatalog:describeProduct\",\"servicecatalog:describeProductAsAdmin\",\"servicecatalog:describeProductView\",\"servicecatalog:describeProvisioningArtifact\",\"servicecatalog:describeProvisioningParameters\",\"servicecatalog:describeRecord\",\"servicecatalog:listAcceptedPortfolioShares\",\"servicecatalog:listConstraintsForPortfolio\",\"servicecatalog:listLaunchPaths\",\"servicecatalog:listPortfolioAccess\",\"servicecatalog:listPortfolios\",\"servicecatalog:listPortfoliosForProduct\",\"servicecatalog:listPrincipalsForPortfolio\",\"servicecatalog:listProvisioningArtifacts\",\"servicecatalog:listRecordHistory\",\"servicecatalog:scanProvisionedProducts\",\"servicecatalog:searchProducts\",\"servicequotas:getAssociationForServiceQuotaTemplate\",\"servicequotas:getAWSDefaultServiceQuota\",\"servicequotas:getRequestedServiceQuotaChange\",\"servicequotas:getServiceQuota\",\"servicequotas:getServiceQuotaIncreaseRequestFromTemplate\",\"servicequotas:listAWSDefaultServiceQuotas\",\"servicequotas:listRequestedServiceQuotaChangeHistory\",\"servicequotas:listRequestedServiceQuotaChangeHistoryByQuota\",\"servicequotas:listServiceQuotaIncreaseRequestsInTemplate\",\"servicequotas:listServiceQuotas\",\"servicequotas:listServices\",\"ses:describeActiveReceiptRuleSet\",\"ses:describeConfigurationSet\",\"ses:describeReceiptRule\",\"ses:describeReceiptRuleSet\",\"ses:getAccount\",\"ses:getAccountSendingEnabled\",\"ses:getBlacklistReports\",\"ses:getConfigurationSet\",\"ses:getConfigurationSetEventDestinations\",\"ses:getContactList\",\"ses:getDedicatedIp\",\"ses:getDedicatedIpPool\",\"ses:getDedicatedIps\",\"ses:getDeliverabilityDashboardOptions\",\"ses:getDeliverabilityTestReport\",\"ses:getDomainDeliverabilityCampaign\",\"ses:getDomainStatisticsReport\",\"ses:getEmailIdentity\",\"ses:getIdentityDkimAttributes\",\"ses:getIdentityMailFromDomainAttributes\",\"ses:getIdentityNotificationAttributes\",\"ses:getIdentityPolicies\",\"ses:getIdentityVerificationAttributes\",\"ses:getImportJob\",\"ses:getSendQuota\",\"ses:getSendStatistics\",\"ses:listConfigurationSets\",\"ses:listContactLists\",\"ses:listContacts\",\"ses:listCustomVerificationEmailTemplates\",\"ses:listDedicatedIpPools\",\"ses:listDeliverabilityTestReports\",\"ses:listDomainDeliverabilityCampaigns\",\"ses:listEmailIdentities\",\"ses:listEmailTemplates\",\"ses:listIdentities\",\"ses:listIdentityPolicies\",\"ses:listImportJobs\",\"ses:listReceiptFilters\",\"ses:listReceiptRuleSets\",\"ses:listRecommendations\",\"ses:listTagsForResource\",\"ses:listTemplates\",\"ses:listVerifiedEmailAddresses\",\"shield:describeAttack\",\"shield:describeProtection\",\"shield:describeSubscription\",\"shield:listAttacks\",\"shield:listProtections\",\"sms-voice:getConfigurationSetEventDestinations\",\"sms:getConnectors\",\"sms:getReplicationJobs\",\"sms:getReplicationRuns\",\"sms:getServers\",\"snowball:describeAddress\",\"snowball:describeAddresses\",\"snowball:describeJob\",\"snowball:getSnowballUsage\",\"snowball:listJobs\",\"snowball:listServiceVersions\",\"sns:checkIfPhoneNumberIsOptedOut\",\"sns:getDataProtectionPolicy\",\"sns:getEndpointAttributes\",\"sns:getPlatformApplicationAttributes\",\"sns:getSMSAttributes\",\"sns:getSMSSandboxAccountStatus\",\"sns:getSubscriptionAttributes\",\"sns:getTopicAttributes\",\"sns:listEndpointsByPlatformApplication\",\"sns:listOriginationNumbers\",\"sns:listPhoneNumbersOptedOut\",\"sns:listPlatformApplications\",\"sns:listSMSSandboxPhoneNumbers\",\"sns:listSubscriptions\",\"sns:listSubscriptionsByTopic\",\"sns:listTopics\",\"sqs:getQueueAttributes\",\"sqs:getQueueUrl\",\"sqs:listDeadLetterSourceQueues\",\"sqs:listQueues\",\"ssm-contacts:describeEngagement\",\"ssm-contacts:describePage\",\"ssm-contacts:getContact\",\"ssm-contacts:getContactChannel\",\"ssm-contacts:getContactPolicy\",\"ssm-contacts:getRotation\",\"ssm-contacts:getRotationOverride\",\"ssm-contacts:listContactChannels\",\"ssm-contacts:listContacts\",\"ssm-contacts:listEngagements\",\"ssm-contacts:listPageReceipts\",\"ssm-contacts:listPageResolutions\",\"ssm-contacts:listPagesByContact\",\"ssm-contacts:listPagesByEngagement\",\"ssm-contacts:listPreviewRotationShifts\",\"ssm-contacts:listRotationOverrides\",\"ssm-contacts:listRotations\",\"ssm-contacts:listRotationShifts\",\"ssm-incidents:getIncidentRecord\",\"ssm-incidents:getReplicationSet\",\"ssm-incidents:getResourcePolicies\",\"ssm-incidents:getResponsePlan\",\"ssm-incidents:getTimelineEvent\",\"ssm-incidents:listIncidentRecords\",\"ssm-incidents:listRelatedItems\",\"ssm-incidents:listReplicationSets\",\"ssm-incidents:listResponsePlans\",\"ssm-incidents:listTimelineEvents\",\"ssm-sap:getApplication\",\"ssm-sap:getComponent\",\"ssm-sap:getDatabase\",\"ssm-sap:getOperation\",\"ssm-sap:getResourcePermission\",\"ssm-sap:listApplications\",\"ssm-sap:listComponents\",\"ssm-sap:listDatabases\",\"ssm-sap:listOperations\",\"ssm:describeActivations\",\"ssm:describeAssociation\",\"ssm:describeAssociationExecutions\",\"ssm:describeAssociationExecutionTargets\",\"ssm:describeAutomationExecutions\",\"ssm:describeAutomationStepExecutions\",\"ssm:describeAvailablePatches\",\"ssm:describeDocument\",\"ssm:describeDocumentPermission\",\"ssm:describeEffectiveInstanceAssociations\",\"ssm:describeEffectivePatchesForPatchBaseline\",\"ssm:describeInstanceAssociationsStatus\",\"ssm:describeInstanceInformation\",\"ssm:describeInstancePatches\",\"ssm:describeInstancePatchStates\",\"ssm:describeInstancePatchStatesForPatchGroup\",\"ssm:describeInventoryDeletions\",\"ssm:describeMaintenanceWindowExecutions\",\"ssm:describeMaintenanceWindowExecutionTaskInvocations\",\"ssm:describeMaintenanceWindowExecutionTasks\",\"ssm:describeMaintenanceWindows\",\"ssm:describeMaintenanceWindowSchedule\",\"ssm:describeMaintenanceWindowsForTarget\",\"ssm:describeMaintenanceWindowTargets\",\"ssm:describeMaintenanceWindowTasks\",\"ssm:describeOpsItems\",\"ssm:describeParameters\",\"ssm:describePatchBaselines\",\"ssm:describePatchGroups\",\"ssm:describePatchGroupState\",\"ssm:describePatchProperties\",\"ssm:describeSessions\",\"ssm:getAutomationExecution\",\"ssm:getCalendarState\",\"ssm:getCommandInvocation\",\"ssm:getConnectionStatus\",\"ssm:getDefaultPatchBaseline\",\"ssm:getDeployablePatchSnapshotForInstance\",\"ssm:getInventorySchema\",\"ssm:getMaintenanceWindow\",\"ssm:getMaintenanceWindowExecution\",\"ssm:getMaintenanceWindowExecutionTask\",\"ssm:getMaintenanceWindowExecutionTaskInvocation\",\"ssm:getMaintenanceWindowTask\",\"ssm:getOpsItem\",\"ssm:getOpsMetadata\",\"ssm:getOpsSummary\",\"ssm:getPatchBaseline\",\"ssm:getPatchBaselineForPatchGroup\",\"ssm:getResourcePolicies\",\"ssm:getServiceSetting\",\"ssm:listAssociations\",\"ssm:listAssociationVersions\",\"ssm:listCommandInvocations\",\"ssm:listCommands\",\"ssm:listComplianceItems\",\"ssm:listComplianceSummaries\",\"ssm:listDocuments\",\"ssm:listDocumentMetadataHistory\",\"ssm:listDocumentVersions\",\"ssm:listOpsItemEvents\",\"ssm:listOpsItemRelatedItems\",\"ssm:listOpsMetadata\",\"ssm:listResourceComplianceSummaries\",\"ssm:listResourceDataSync\",\"ssm:listTagsForResource\",\"sso:describeApplicationAssignment\",\"sso:describeApplicationProvider\",\"sso:describeApplication\",\"sso:describeInstance\",\"sso:describeTrustedTokenIssuer\",\"sso:getApplicationAccessScope\",\"sso:getApplicationAssignmentConfiguration\",\"sso:getApplicationAuthenticationMethod\",\"sso:getApplicationGrant\",\"sso:getApplicationInstance\",\"sso:getApplicationTemplate\",\"sso:getManagedApplicationInstance\",\"sso:getSharedSsoConfiguration\",\"sso:listApplicationAccessScopes\",\"sso:listApplicationAssignments\",\"sso:listApplicationAuthenticationMethods\",\"sso:listApplicationGrants\",\"sso:listApplicationInstances\",\"sso:listApplicationProviders\",\"sso:listApplications\",\"sso:listApplicationTemplates\",\"sso:listDirectoryAssociations\",\"sso:listInstances\",\"sso:listProfileAssociations\",\"sso:listTrustedTokenIssuers\",\"states:describeActivity\",\"states:describeExecution\",\"states:describeMapRun\",\"states:describeStateMachine\",\"states:describeStateMachineAlias\",\"states:describeStateMachineForExecution\",\"states:getExecutionHistory\",\"states:listActivities\",\"states:listExecutions\",\"states:listMapRuns\",\"states:listStateMachineAliases\",\"states:listStateMachines\",\"states:listStateMachineVersions\",\"storagegateway:describeBandwidthRateLimit\",\"storagegateway:describeCache\",\"storagegateway:describeCachediSCSIVolumes\",\"storagegateway:describeFileSystemAssociations\",\"storagegateway:describeGatewayInformation\",\"storagegateway:describeMaintenanceStartTime\",\"storagegateway:describeNFSFileShares\",\"storagegateway:describeSMBFileShares\",\"storagegateway:describeSMBSettings\",\"storagegateway:describeSnapshotSchedule\",\"storagegateway:describeStorediSCSIVolumes\",\"storagegateway:describeTapeArchives\",\"storagegateway:describeTapeRecoveryPoints\",\"storagegateway:describeTapes\",\"storagegateway:describeUploadBuffer\",\"storagegateway:describeVTLDevices\",\"storagegateway:describeWorkingStorage\",\"storagegateway:listAutomaticTapeCreationPolicies\",\"storagegateway:listFileShares\",\"storagegateway:listFileSystemAssociations\",\"storagegateway:listGateways\",\"storagegateway:listLocalDisks\",\"storagegateway:listTagsForResource\",\"storagegateway:listTapes\",\"storagegateway:listVolumeInitiators\",\"storagegateway:listVolumeRecoveryPoints\",\"storagegateway:listVolumes\",\"swf:countClosedWorkflowExecutions\",\"swf:countOpenWorkflowExecutions\",\"swf:countPendingActivityTasks\",\"swf:countPendingDecisionTasks\",\"swf:describeActivityType\",\"swf:describeDomain\",\"swf:describeWorkflowExecution\",\"swf:describeWorkflowType\",\"swf:getWorkflowExecutionHistory\",\"swf:listActivityTypes\",\"swf:listClosedWorkflowExecutions\",\"swf:listDomains\",\"swf:listOpenWorkflowExecutions\",\"swf:listWorkflowTypes\",\"synthetics:describeCanaries\",\"synthetics:describeCanariesLastRun\",\"synthetics:describeRuntimeVersions\",\"synthetics:getCanary\",\"synthetics:getCanaryRuns\",\"synthetics:getGroup\",\"synthetics:listAssociatedGroups\",\"synthetics:listGroupResources\",\"synthetics:listGroups\",\"tiros:createQuery\",\"tiros:getQueryAnswer\",\"tiros:getQueryExplanation\",\"transcribe:describeLanguageModel\",\"transcribe:getCallAnalyticsCategory\",\"transcribe:getCallAnalyticsJob\",\"transcribe:getMedicalTranscriptionJob\",\"transcribe:getMedicalVocabulary\",\"transcribe:getTranscriptionJob\",\"transcribe:getVocabulary\",\"transcribe:getVocabularyFilter\",\"transcribe:listCallAnalyticsCategories\",\"transcribe:listCallAnalyticsJobs\",\"transcribe:listLanguageModels\",\"transcribe:listMedicalTranscriptionJobs\",\"transcribe:listMedicalVocabularies\",\"transcribe:listTranscriptionJobs\",\"transcribe:listVocabularies\",\"transcribe:listVocabularyFilters\",\"transfer:describeAccess\",\"transfer:describeAgreement\",\"transfer:describeConnector\",\"transfer:describeExecution\",\"transfer:describeProfile\",\"transfer:describeServer\",\"transfer:describeUser\",\"transfer:describeWorkflow\",\"transfer:listAccesses\",\"transfer:listAgreements\",\"transfer:listConnectors\",\"transfer:listExecutions\",\"transfer:listHostKeys\",\"transfer:listProfiles\",\"transfer:listServers\",\"transfer:listTagsForResource\",\"transfer:listUsers\",\"transfer:listWorkflows\",\"transfer:sendWorkflowStepState\",\"trustedadvisor:getOrganizationRecommendation\",\"trustedadvisor:getRecommendation\",\"trustedadvisor:listChecks\",\"trustedadvisor:listOrganizationRecommendationAccounts\",\"trustedadvisor:listOrganizationRecommendationResources\",\"trustedadvisor:listOrganizationRecommendations\",\"trustedadvisor:listRecommendationResources\",\"trustedadvisor:listRecommendations\",\"verifiedpermissions:getIdentitySource\",\"verifiedpermissions:getPolicy\",\"verifiedpermissions:getPolicyStore\",\"verifiedpermissions:getPolicyTemplate\",\"verifiedpermissions:getSchema\",\"verifiedpermissions:listIdentitySources\",\"verifiedpermissions:listPolicies\",\"verifiedpermissions:listPolicyStores\",\"verifiedpermissions:listPolicyTemplates\",\"vpc-lattice:getAccessLogSubscription\",\"vpc-lattice:getAuthPolicy\",\"vpc-lattice:getListener\",\"vpc-lattice:getResourcePolicy\",\"vpc-lattice:getRule\",\"vpc-lattice:getService\",\"vpc-lattice:getServiceNetwork\",\"vpc-lattice:getServiceNetworkServiceAssociation\",\"vpc-lattice:getServiceNetworkVpcAssociation\",\"vpc-lattice:getTargetGroup\",\"vpc-lattice:listAccessLogSubscriptions\",\"vpc-lattice:listListeners\",\"vpc-lattice:listRules\",\"vpc-lattice:listServiceNetworks\",\"vpc-lattice:listServiceNetworkServiceAssociations\",\"vpc-lattice:listServiceNetworkVpcAssociations\",\"vpc-lattice:listServices\",\"vpc-lattice:listTargetGroups\",\"vpc-lattice:listTargets\",\"waf-regional:getByteMatchSet\",\"waf-regional:getChangeTokenStatus\",\"waf-regional:getGeoMatchSet\",\"waf-regional:getIPSet\",\"waf-regional:getLoggingConfiguration\",\"waf-regional:getRateBasedRule\",\"waf-regional:getRegexMatchSet\",\"waf-regional:getRegexPatternSet\",\"waf-regional:getRule\",\"waf-regional:getRuleGroup\",\"waf-regional:getSqlInjectionMatchSet\",\"waf-regional:getWebACL\",\"waf-regional:getWebACLForResource\",\"waf-regional:listActivatedRulesInRuleGroup\",\"waf-regional:listByteMatchSets\",\"waf-regional:listGeoMatchSets\",\"waf-regional:listIPSets\",\"waf-regional:listLoggingConfigurations\",\"waf-regional:listRateBasedRules\",\"waf-regional:listRegexMatchSets\",\"waf-regional:listRegexPatternSets\",\"waf-regional:listResourcesForWebACL\",\"waf-regional:listRuleGroups\",\"waf-regional:listRules\",\"waf-regional:listSqlInjectionMatchSets\",\"waf-regional:listWebACLs\",\"waf:getByteMatchSet\",\"waf:getChangeTokenStatus\",\"waf:getGeoMatchSet\",\"waf:getIPSet\",\"waf:getLoggingConfiguration\",\"waf:getRateBasedRule\",\"waf:getRegexMatchSet\",\"waf:getRegexPatternSet\",\"waf:getRule\",\"waf:getRuleGroup\",\"waf:getSampledRequests\",\"waf:getSizeConstraintSet\",\"waf:getSqlInjectionMatchSet\",\"waf:getWebACL\",\"waf:getXssMatchSet\",\"waf:listActivatedRulesInRuleGroup\",\"waf:listByteMatchSets\",\"waf:listGeoMatchSets\",\"waf:listIPSets\",\"waf:listLoggingConfigurations\",\"waf:listRateBasedRules\",\"waf:listRegexMatchSets\",\"waf:listRegexPatternSets\",\"waf:listRuleGroups\",\"waf:listRules\",\"waf:listSizeConstraintSets\",\"waf:listSqlInjectionMatchSets\",\"waf:listWebACLs\",\"waf:listXssMatchSets\",\"wafv2:checkCapacity\",\"wafv2:describeManagedRuleGroup\",\"wafv2:getIPSet\",\"wafv2:getLoggingConfiguration\",\"wafv2:getPermissionPolicy\",\"wafv2:getRateBasedStatementManagedKeys\",\"wafv2:getRegexPatternSet\",\"wafv2:getRuleGroup\",\"wafv2:getSampledRequests\",\"wafv2:getWebACL\",\"wafv2:getWebACLForResource\",\"wafv2:listAvailableManagedRuleGroups\",\"wafv2:listIPSets\",\"wafv2:listLoggingConfigurations\",\"wafv2:listRegexPatternSets\",\"wafv2:listResourcesForWebACL\",\"wafv2:listRuleGroups\",\"wafv2:listTagsForResource\",\"wafv2:listWebACLs\",\"workdocs:checkAlias\",\"workdocs:describeAvailableDirectories\",\"workdocs:describeInstances\",\"workmail:describeGroup\",\"workmail:describeOrganization\",\"workmail:describeResource\",\"workmail:describeUser\",\"workmail:listAliases\",\"workmail:listGroupMembers\",\"workmail:listGroups\",\"workmail:listMailboxPermissions\",\"workmail:listOrganizations\",\"workmail:listResourceDelegates\",\"workmail:listResources\",\"workmail:listUsers\",\"workspaces-web:getBrowserSettings\",\"workspaces-web:getIdentityProvider\",\"workspaces-web:getNetworkSettings\",\"workspaces-web:getPortal\",\"workspaces-web:getPortalServiceProviderMetadata\",\"workspaces-web:getTrustStoreCertificate\",\"workspaces-web:getUserSettings\",\"workspaces-web:listBrowserSettings\",\"workspaces-web:listIdentityProviders\",\"workspaces-web:listNetworkSettings\",\"workspaces-web:listPortals\",\"workspaces-web:listTagsForResource\",\"workspaces-web:listTrustStoreCertificates\",\"workspaces-web:listTrustStores\",\"workspaces-web:listUserSettings\",\"workspaces:describeAccount\",\"workspaces:describeAccountModifications\",\"workspaces:describeApplicationAssociations\",\"workspaces:describeWorkspaceAssociations\",\"workspaces:describeWorkspacesPools\",\"workspaces:describeWorkspacesPoolSessions\",\"workspaces:describeIpGroups\",\"workspaces:describeTags\",\"workspaces:describeWorkspaceBundles\",\"workspaces:describeWorkspaceDirectories\",\"workspaces:describeWorkspaceImages\",\"workspaces:describeWorkspaces\",\"workspaces:describeWorkspacesConnectionStatus\",\"xray:getEncryptionConfig\",\"xray:getGroup\",\"xray:getGroups\",\"xray:getSamplingRules\",\"xray:listResourcePolicies\",\"xray:getInsightImpactGraph\",\"xray:getSamplingStatisticSummaries\",\"xray:getSamplingTargets\",\"xray:getServiceGraph\",\"xray:getTimeSeriesServiceStatistics\",\"xray:getTraceGraph\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"],\"Sid\":\"AWSSupportActions\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy\",\"Tags\":null,\"DefaultVersionId\":\"v38\",\"Path\":\"/aws-service-role/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AWSSupportServiceRolePolicy\",\"UpdateDate\":\"2024-10-10T18:03:48Z\",\"roles\":null,\"AttachmentCount\":1,\"CreateDate\":\"2018-04-19T18:04:44Z\",\"Description\":null,\"IsAttachable\":true,\"PolicyId\":\"ANPAJ7W6266ELXF5MISDS\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy\",\"ANPAJ7W6266ELXF5MISDS\"],\"name\":\"AWSSupportServiceRolePolicy\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"name\":\"CloudWatchLogsFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Path\":\"/\",\"Arn\":\"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess\",\"AttachmentCount\":1,\"IsAttachable\":true,\"PolicyId\":\"ANPAJ3ZGNWK2R5HW5BQFO\",\"PolicyName\":\"CloudWatchLogsFullAccess\",\"UpdateDate\":\"2023-11-26T18:12:09Z\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"logs:*\",\"cloudwatch:GenerateQuery\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudWatchLogsFullAccess\"}]},\"roles\":null,\"DefaultVersionId\":\"v2\",\"Description\":null,\"CreateDate\":\"2015-02-06T18:40:02Z\",\"Tags\":null,\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess\",\"ANPAJ3ZGNWK2R5HW5BQFO\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"CloudWatchLogsFullAccess\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess\",\"ANPAJ3ZGNWK2R5HW5BQFO\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.362+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.339Z\",\"asset\":{\"name\":\"ReadOnlyAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PolicyName\":\"ReadOnlyAccess\",\"UpdateDate\":\"2024-10-21T14:38:46Z\",\"AttachmentCount\":3,\"document\":{\"Statement\":[{\"Action\":[\"a4b:Get*\",\"a4b:List*\",\"a4b:Search*\",\"access-analyzer:GetAccessPreview\",\"access-analyzer:GetAnalyzedResource\",\"access-analyzer:GetAnalyzer\",\"access-analyzer:GetArchiveRule\",\"access-analyzer:GetFinding\",\"access-analyzer:GetGeneratedPolicy\",\"access-analyzer:ListAccessPreviewFindings\",\"access-analyzer:ListAccessPreviews\",\"access-analyzer:ListAnalyzedResources\",\"access-analyzer:ListAnalyzers\",\"access-analyzer:ListArchiveRules\",\"access-analyzer:ListFindings\",\"access-analyzer:ListPolicyGenerations\",\"access-analyzer:ListTagsForResource\",\"access-analyzer:ValidatePolicy\",\"account:GetAccountInformation\",\"account:GetAlternateContact\",\"account:GetChallengeQuestions\",\"account:GetContactInformation\",\"account:GetPrimaryEmail\",\"account:GetRegionOptStatus\",\"account:ListRegions\",\"acm-pca:Describe*\",\"acm-pca:Get*\",\"acm-pca:List*\",\"acm:Describe*\",\"acm:Get*\",\"acm:List*\",\"airflow:ListEnvironments\",\"airflow:ListTagsForResource\",\"amplify:GetApp\",\"amplify:GetBranch\",\"amplify:GetDomainAssociation\",\"amplify:GetJob\",\"amplify:ListApps\",\"amplify:ListBranches\",\"amplify:ListDomainAssociations\",\"amplify:ListJobs\",\"aoss:BatchGetCollection\",\"aoss:BatchGetLifecyclePolicy\",\"aoss:BatchGetVpcEndpoint\",\"aoss:GetAccessPolicy\",\"aoss:GetAccountSettings\",\"aoss:GetPoliciesStats\",\"aoss:GetSecurityConfig\",\"aoss:GetSecurityPolicy\",\"aoss:ListAccessPolicies\",\"aoss:ListCollections\",\"aoss:ListLifecyclePolicies\",\"aoss:ListSecurityConfigs\",\"aoss:ListSecurityPolicies\",\"aoss:ListTagsForResource\",\"aoss:ListVpcEndpoints\",\"apigateway:GET\",\"appconfig:GetApplication\",\"appconfig:GetConfiguration\",\"appconfig:GetConfigurationProfile\",\"appconfig:GetDeployment\",\"appconfig:GetDeploymentStrategy\",\"appconfig:GetEnvironment\",\"appconfig:GetHostedConfigurationVersion\",\"appconfig:ListApplications\",\"appconfig:ListConfigurationProfiles\",\"appconfig:ListDeployments\",\"appconfig:ListDeploymentStrategies\",\"appconfig:ListEnvironments\",\"appconfig:ListHostedConfigurationVersions\",\"appconfig:ListTagsForResource\",\"appfabric:GetAppAuthorization\",\"appfabric:GetAppBundle\",\"appfabric:GetIngestion\",\"appfabric:GetIngestionDestination\",\"appfabric:ListAppAuthorizations\",\"appfabric:ListAppBundles\",\"appfabric:ListIngestionDestinations\",\"appfabric:ListIngestions\",\"appfabric:ListTagsForResource\",\"appflow:DescribeConnector\",\"appflow:DescribeConnectorEntity\",\"appflow:DescribeConnectorFields\",\"appflow:DescribeConnectorProfiles\",\"appflow:DescribeConnectors\",\"appflow:DescribeFlow\",\"appflow:DescribeFlowExecution\",\"appflow:DescribeFlowExecutionRecords\",\"appflow:DescribeFlows\",\"appflow:ListConnectorEntities\",\"appflow:ListConnectorFields\",\"appflow:ListConnectors\",\"appflow:ListFlows\",\"appflow:ListTagsForResource\",\"application-autoscaling:Describe*\",\"application-autoscaling:ListTagsForResource\",\"application-signals:BatchGetServiceLevelObjectiveBudgetReport\",\"application-signals:GetService\",\"application-signals:GetServiceLevelObjective\",\"application-signals:ListServiceDependencies\",\"application-signals:ListServiceDependents\",\"application-signals:ListServiceLevelObjectives\",\"application-signals:ListServiceOperations\",\"application-signals:ListServices\",\"application-signals:ListTagsForResource\",\"applicationinsights:Describe*\",\"applicationinsights:List*\",\"appmesh:Describe*\",\"appmesh:List*\",\"apprunner:DescribeAutoScalingConfiguration\",\"apprunner:DescribeCustomDomains\",\"apprunner:DescribeObservabilityConfiguration\",\"apprunner:DescribeService\",\"apprunner:DescribeVpcConnector\",\"apprunner:DescribeVpcIngressConnection\",\"apprunner:DescribeWebAclForService\",\"apprunner:ListAssociatedServicesForWebAcl\",\"apprunner:ListAutoScalingConfigurations\",\"apprunner:ListConnections\",\"apprunner:ListObservabilityConfigurations\",\"apprunner:ListOperations\",\"apprunner:ListServices\",\"apprunner:ListServicesForAutoScalingConfiguration\",\"apprunner:ListTagsForResource\",\"apprunner:ListVpcConnectors\",\"apprunner:ListVpcIngressConnections\",\"appstream:Describe*\",\"appstream:List*\",\"appstudio:GetAccountStatus\",\"appstudio:GetEnablementJobStatus\",\"appsync:Get*\",\"appsync:List*\",\"aps:DescribeAlertManagerDefinition\",\"aps:DescribeLoggingConfiguration\",\"aps:DescribeRuleGroupsNamespace\",\"aps:DescribeScraper\",\"aps:DescribeWorkspace\",\"aps:GetAlertManagerSilence\",\"aps:GetAlertManagerStatus\",\"aps:GetDefaultScraperConfiguration\",\"aps:GetLabels\",\"aps:GetMetricMetadata\",\"aps:GetSeries\",\"aps:ListAlertManagerAlertGroups\",\"aps:ListAlertManagerAlerts\",\"aps:ListAlertManagerReceivers\",\"aps:ListAlertManagerSilences\",\"aps:ListAlerts\",\"aps:ListRuleGroupsNamespaces\",\"aps:ListRules\",\"aps:ListScrapers\",\"aps:ListTagsForResource\",\"aps:ListWorkspaces\",\"aps:QueryMetrics\",\"arc-zonal-shift:GetManagedResource\",\"arc-zonal-shift:ListAutoshifts\",\"arc-zonal-shift:ListManagedResources\",\"arc-zonal-shift:ListZonalShifts\",\"artifact:GetReport\",\"artifact:GetReportMetadata\",\"artifact:GetTermForReport\",\"artifact:ListReports\",\"athena:Batch*\",\"athena:Get*\",\"athena:List*\",\"auditmanager:GetAccountStatus\",\"auditmanager:GetAssessment\",\"auditmanager:GetAssessmentFramework\",\"auditmanager:GetAssessmentReportUrl\",\"auditmanager:GetChangeLogs\",\"auditmanager:GetControl\",\"auditmanager:GetDelegations\",\"auditmanager:GetEvidence\",\"auditmanager:GetEvidenceByEvidenceFolder\",\"auditmanager:GetEvidenceFolder\",\"auditmanager:GetEvidenceFoldersByAssessment\",\"auditmanager:GetEvidenceFoldersByAssessmentControl\",\"auditmanager:GetOrganizationAdminAccount\",\"auditmanager:GetServicesInScope\",\"auditmanager:GetSettings\",\"auditmanager:ListAssessmentFrameworks\",\"auditmanager:ListAssessmentReports\",\"auditmanager:ListAssessments\",\"auditmanager:ListControls\",\"auditmanager:ListKeywordsForDataSource\",\"auditmanager:ListNotifications\",\"auditmanager:ListTagsForResource\",\"auditmanager:ValidateAssessmentReportIntegrity\",\"autoscaling-plans:Describe*\",\"autoscaling-plans:GetScalingPlanResourceForecastData\",\"autoscaling:Describe*\",\"autoscaling:GetPredictiveScalingForecast\",\"aws-portal:View*\",\"backup-gateway:GetBandwidthRateLimitSchedule\",\"backup-gateway:GetGateway\",\"backup-gateway:GetHypervisor\",\"backup-gateway:GetHypervisorPropertyMappings\",\"backup-gateway:GetVirtualMachine\",\"backup-gateway:ListGateways\",\"backup-gateway:ListHypervisors\",\"backup-gateway:ListTagsForResource\",\"backup-gateway:ListVirtualMachines\",\"backup:Describe*\",\"backup:Get*\",\"backup:List*\",\"batch:Describe*\",\"batch:List*\",\"bedrock:GetAgent\",\"bedrock:GetAgentActionGroup\",\"bedrock:GetAgentAlias\",\"bedrock:GetAgentKnowledgeBase\",\"bedrock:GetAgentVersion\",\"bedrock:GetCustomModel\",\"bedrock:GetDataSource\",\"bedrock:GetEvaluationJob\",\"bedrock:GetFlow\",\"bedrock:GetFlowAlias\",\"bedrock:GetFlowVersion\",\"bedrock:GetFoundationModel\",\"bedrock:GetFoundationModelAvailability\",\"bedrock:GetGuardrail\",\"bedrock:GetInferenceProfile\",\"bedrock:GetIngestionJob\",\"bedrock:GetKnowledgeBase\",\"bedrock:GetModelCustomizationJob\",\"bedrock:GetModelInvocationLoggingConfiguration\",\"bedrock:GetPrompt\",\"bedrock:GetProvisionedModelThroughput\",\"bedrock:GetUseCaseForModelAccess\",\"bedrock:ListAgentActionGroups\",\"bedrock:ListAgentAliases\",\"bedrock:ListAgentKnowledgeBases\",\"bedrock:ListAgents\",\"bedrock:ListAgentVersions\",\"bedrock:ListCustomModels\",\"bedrock:ListDataSources\",\"bedrock:ListEvaluationJobs\",\"bedrock:ListFlows\",\"bedrock:ListFlowAliases\",\"bedrock:ListFlowVersions\",\"bedrock:ListFoundationModelAgreementOffers\",\"bedrock:ListFoundationModels\",\"bedrock:ListGuardrails\",\"bedrock:ListInferenceProfiles\",\"bedrock:ListIngestionJobs\",\"bedrock:ListKnowledgeBases\",\"bedrock:ListModelCustomizationJobs\",\"bedrock:ListPrompts\",\"bedrock:ListProvisionedModelThroughputs\",\"billing:GetBillingData\",\"billing:GetBillingDetails\",\"billing:GetBillingNotifications\",\"billing:GetBillingPreferences\",\"billing:GetContractInformation\",\"billing:GetCredits\",\"billing:GetIAMAccessPreference\",\"billing:GetSellerOfRecord\",\"billing:ListBillingViews\",\"billingconductor:GetBillingGroupCostReport\",\"billingconductor:ListAccountAssociations\",\"billingconductor:ListBillingGroupCostReports\",\"billingconductor:ListBillingGroups\",\"billingconductor:ListCustomLineItems\",\"billingconductor:ListCustomLineItemVersions\",\"billingconductor:ListPricingPlans\",\"billingconductor:ListPricingPlansAssociatedWithPricingRule\",\"billingconductor:ListPricingRules\",\"billingconductor:ListPricingRulesAssociatedToPricingPlan\",\"billingconductor:ListResourcesAssociatedToCustomLineItem\",\"billingconductor:ListTagsForResource\",\"braket:GetDevice\",\"braket:GetJob\",\"braket:GetQuantumTask\",\"braket:SearchDevices\",\"braket:SearchJobs\",\"braket:SearchQuantumTasks\",\"budgets:Describe*\",\"budgets:ListTagsForResource\",\"budgets:View*\",\"cassandra:Select\",\"ce:DescribeCostCategoryDefinition\",\"ce:DescribeNotificationSubscription\",\"ce:DescribeReport\",\"ce:GetAnomalies\",\"ce:GetAnomalyMonitors\",\"ce:GetAnomalySubscriptions\",\"ce:GetApproximateUsageRecords\",\"ce:GetCostAndUsage\",\"ce:GetCostAndUsageWithResources\",\"ce:GetCostCategories\",\"ce:GetCostForecast\",\"ce:GetDimensionValues\",\"ce:GetPreferences\",\"ce:GetReservationCoverage\",\"ce:GetReservationPurchaseRecommendation\",\"ce:GetReservationUtilization\",\"ce:GetRightsizingRecommendation\",\"ce:GetSavingsPlanPurchaseRecommendationDetails\",\"ce:GetSavingsPlansCoverage\",\"ce:GetSavingsPlansPurchaseRecommendation\",\"ce:GetSavingsPlansUtilization\",\"ce:GetSavingsPlansUtilizationDetails\",\"ce:GetTags\",\"ce:GetUsageForecast\",\"ce:ListCostAllocationTagBackfillHistory\",\"ce:ListCostAllocationTags\",\"ce:ListCostCategoryDefinitions\",\"ce:ListSavingsPlansPurchaseRecommendationGeneration\",\"ce:ListTagsForResource\",\"chatbot:Describe*\",\"chatbot:Get*\",\"chatbot:ListMicrosoftTeamsChannelConfigurations\",\"chatbot:ListMicrosoftTeamsConfiguredTeams\",\"chatbot:ListMicrosoftTeamsUserIdentities\",\"chatbot:ListTagsForResource\",\"chime:Get*\",\"chime:List*\",\"chime:Retrieve*\",\"chime:Search*\",\"chime:Validate*\",\"cleanrooms-ml:GetAudienceGenerationJob\",\"cleanrooms-ml:GetAudienceModel\",\"cleanrooms-ml:GetConfiguredAudienceModel\",\"cleanrooms-ml:GetConfiguredAudienceModelPolicy\",\"cleanrooms-ml:GetTrainingDataset\",\"cleanrooms-ml:ListAudienceExportJobs\",\"cleanrooms-ml:ListAudienceGenerationJobs\",\"cleanrooms-ml:ListAudienceModels\",\"cleanrooms-ml:ListConfiguredAudienceModels\",\"cleanrooms-ml:ListTagsForResource\",\"cleanrooms-ml:ListTrainingDatasets\",\"cleanrooms:BatchGetCollaborationAnalysisTemplate\",\"cleanrooms:BatchGetSchema\",\"cleanrooms:GetAnalysisTemplate\",\"cleanrooms:GetCollaboration\",\"cleanrooms:GetCollaborationAnalysisTemplate\",\"cleanrooms:GetConfiguredAudienceModelAssociation\",\"cleanrooms:GetConfiguredTable\",\"cleanrooms:GetConfiguredTableAnalysisRule\",\"cleanrooms:GetConfiguredTableAssociation\",\"cleanrooms:GetMembership\",\"cleanrooms:GetProtectedQuery\",\"cleanrooms:GetSchema\",\"cleanrooms:GetSchemaAnalysisRule\",\"cleanrooms:ListAnalysisTemplates\",\"cleanrooms:ListCollaborationAnalysisTemplates\",\"cleanrooms:ListCollaborationConfiguredAudienceModelAssociations\",\"cleanrooms:ListCollaborations\",\"cleanrooms:ListConfiguredTableAssociations\",\"cleanrooms:ListConfiguredTables\",\"cleanrooms:ListMembers\",\"cleanrooms:ListMemberships\",\"cleanrooms:ListProtectedQueries\",\"cleanrooms:ListSchemas\",\"cleanrooms:ListTagsForResource\",\"cloud9:Describe*\",\"cloud9:List*\",\"clouddirectory:BatchRead\",\"clouddirectory:Get*\",\"clouddirectory:List*\",\"clouddirectory:LookupPolicy\",\"cloudformation:Describe*\",\"cloudformation:Detect*\",\"cloudformation:Estimate*\",\"cloudformation:Get*\",\"cloudformation:List*\",\"cloudformation:ValidateTemplate\",\"cloudfront-keyvaluestore:Describe*\",\"cloudfront-keyvaluestore:Get*\",\"cloudfront-keyvaluestore:List*\",\"cloudfront:Describe*\",\"cloudfront:Get*\",\"cloudfront:List*\",\"cloudhsm:Describe*\",\"cloudhsm:List*\",\"cloudsearch:Describe*\",\"cloudsearch:List*\",\"cloudtrail:Describe*\",\"cloudtrail:Get*\",\"cloudtrail:List*\",\"cloudtrail:LookupEvents\",\"cloudwatch:Describe*\",\"cloudwatch:GenerateQuery\",\"cloudwatch:Get*\",\"cloudwatch:List*\",\"codeartifact:DescribeDomain\",\"codeartifact:DescribePackage\",\"codeartifact:DescribePackageVersion\",\"codeartifact:DescribeRepository\",\"codeartifact:GetAuthorizationToken\",\"codeartifact:GetDomainPermissionsPolicy\",\"codeartifact:GetPackageVersionAsset\",\"codeartifact:GetPackageVersionReadme\",\"codeartifact:GetRepositoryEndpoint\",\"codeartifact:GetRepositoryPermissionsPolicy\",\"codeartifact:ListDomains\",\"codeartifact:ListPackages\",\"codeartifact:ListPackageVersionAssets\",\"codeartifact:ListPackageVersionDependencies\",\"codeartifact:ListPackageVersions\",\"codeartifact:ListRepositories\",\"codeartifact:ListRepositoriesInDomain\",\"codeartifact:ListTagsForResource\",\"codeartifact:ReadFromRepository\",\"codebuild:BatchGet*\",\"codebuild:DescribeCodeCoverages\",\"codebuild:DescribeTestCases\",\"codebuild:List*\",\"codecatalyst:GetBillingAuthorization\",\"codecatalyst:GetConnection\",\"codecatalyst:GetPendingConnection\",\"codecatalyst:ListConnections\",\"codecatalyst:ListIamRolesForConnection\",\"codecatalyst:ListTagsForResource\",\"codecommit:BatchGet*\",\"codecommit:Describe*\",\"codecommit:Get*\",\"codecommit:GitPull\",\"codecommit:List*\",\"codedeploy:BatchGet*\",\"codedeploy:Get*\",\"codedeploy:List*\",\"codeguru-profiler:Describe*\",\"codeguru-profiler:Get*\",\"codeguru-profiler:List*\",\"codeguru-reviewer:Describe*\",\"codeguru-reviewer:Get*\",\"codeguru-reviewer:List*\",\"codepipeline:Get*\",\"codepipeline:List*\",\"codestar-connections:GetConnection\",\"codestar-connections:GetHost\",\"codestar-connections:GetRepositoryLink\",\"codestar-connections:GetRepositorySyncStatus\",\"codestar-connections:GetResourceSyncStatus\",\"codestar-connections:GetSyncConfiguration\",\"codestar-connections:ListConnections\",\"codestar-connections:ListHosts\",\"codestar-connections:ListRepositoryLinks\",\"codestar-connections:ListRepositorySyncDefinitions\",\"codestar-connections:ListSyncConfigurations\",\"codestar-connections:ListTagsForResource\",\"codestar-notifications:describeNotificationRule\",\"codestar-notifications:listEventTypes\",\"codestar-notifications:listNotificationRules\",\"codestar-notifications:listTagsForResource\",\"codestar-notifications:ListTargets\",\"codestar:Describe*\",\"codestar:Get*\",\"codestar:List*\",\"codestar:Verify*\",\"cognito-identity:Describe*\",\"cognito-identity:GetCredentialsForIdentity\",\"cognito-identity:GetIdentityPoolAnalytics\",\"cognito-identity:GetIdentityPoolDailyAnalytics\",\"cognito-identity:GetIdentityPoolRoles\",\"cognito-identity:GetIdentityProviderDailyAnalytics\",\"cognito-identity:GetOpenIdToken\",\"cognito-identity:GetOpenIdTokenForDeveloperIdentity\",\"cognito-identity:List*\",\"cognito-identity:Lookup*\",\"cognito-idp:AdminGet*\",\"cognito-idp:AdminList*\",\"cognito-idp:Describe*\",\"cognito-idp:Get*\",\"cognito-idp:List*\",\"cognito-sync:Describe*\",\"cognito-sync:Get*\",\"cognito-sync:List*\",\"cognito-sync:QueryRecords\",\"comprehend:BatchDetect*\",\"comprehend:Classify*\",\"comprehend:Contains*\",\"comprehend:Describe*\",\"comprehend:Detect*\",\"comprehend:List*\",\"compute-optimizer:DescribeRecommendationExportJobs\",\"compute-optimizer:GetAutoScalingGroupRecommendations\",\"compute-optimizer:GetEBSVolumeRecommendations\",\"compute-optimizer:GetEC2InstanceRecommendations\",\"compute-optimizer:GetEC2RecommendationProjectedMetrics\",\"compute-optimizer:GetECSServiceRecommendationProjectedMetrics\",\"compute-optimizer:GetECSServiceRecommendations\",\"compute-optimizer:GetEffectiveRecommendationPreferences\",\"compute-optimizer:GetEnrollmentStatus\",\"compute-optimizer:GetEnrollmentStatusesForOrganization\",\"compute-optimizer:GetLambdaFunctionRecommendations\",\"compute-optimizer:GetLicenseRecommendations\",\"compute-optimizer:GetRDSDatabaseRecommendationProjectedMetrics\",\"compute-optimizer:GetRDSDatabaseRecommendations\",\"compute-optimizer:GetRecommendationPreferences\",\"compute-optimizer:GetRecommendationSummaries\",\"config:BatchGetAggregateResourceConfig\",\"config:BatchGetResourceConfig\",\"config:Deliver*\",\"config:Describe*\",\"config:Get*\",\"config:List*\",\"config:SelectAggregateResourceConfig\",\"config:SelectResourceConfig\",\"connect:Describe*\",\"connect:GetContactAttributes\",\"connect:GetCurrentMetricData\",\"connect:GetCurrentUserData\",\"connect:GetFederationToken\",\"connect:GetMetricData\",\"connect:GetMetricDataV2\",\"connect:GetTaskTemplate\",\"connect:GetTrafficDistribution\",\"connect:List*\",\"consoleapp:GetDeviceIdentity\",\"consoleapp:ListDeviceIdentities\",\"consolidatedbilling:GetAccountBillingRole\",\"consolidatedbilling:ListLinkedAccounts\",\"controlcatalog:ListCommonControls\",\"controlcatalog:ListDomains\",\"controlcatalog:ListObjectives\",\"cost-optimization-hub:GetPreferences\",\"cost-optimization-hub:GetRecommendation\",\"cost-optimization-hub:ListEnrollmentStatuses\",\"cost-optimization-hub:ListRecommendations\",\"cost-optimization-hub:ListRecommendationSummaries\",\"cur:GetClassicReport\",\"cur:GetClassicReportPreferences\",\"cur:GetUsageReport\",\"customer-verification:GetCustomerVerificationDetails\",\"customer-verification:GetCustomerVerificationEligibility\",\"databrew:DescribeDataset\",\"databrew:DescribeJob\",\"databrew:DescribeJobRun\",\"databrew:DescribeProject\",\"databrew:DescribeRecipe\",\"databrew:DescribeRuleset\",\"databrew:DescribeSchedule\",\"databrew:ListDatasets\",\"databrew:ListJobRuns\",\"databrew:ListJobs\",\"databrew:ListProjects\",\"databrew:ListRecipes\",\"databrew:ListRecipeVersions\",\"databrew:ListRulesets\",\"databrew:ListSchedules\",\"databrew:ListTagsForResource\",\"dataexchange:Get*\",\"dataexchange:List*\",\"datapipeline:Describe*\",\"datapipeline:EvaluateExpression\",\"datapipeline:Get*\",\"datapipeline:List*\",\"datapipeline:QueryObjects\",\"datapipeline:Validate*\",\"datasync:Describe*\",\"datasync:List*\",\"datazone:GetAsset\",\"datazone:GetAssetType\",\"datazone:GetDataProduct\",\"datazone:GetDataSource\",\"datazone:GetDataSourceRun\",\"datazone:GetDomain\",\"datazone:GetDomainSharingPolicy\",\"datazone:GetDomainUnit\",\"datazone:GetEnvironment\",\"datazone:GetEnvironmentAction\",\"datazone:GetEnvironmentBlueprint\",\"datazone:GetEnvironmentBlueprintConfiguration\",\"datazone:GetEnvironmentProfile\",\"datazone:GetFormType\",\"datazone:GetGlossary\",\"datazone:GetGlossaryTerm\",\"datazone:GetGroupProfile\",\"datazone:GetLineageNode\",\"datazone:GetListing\",\"datazone:GetListing\",\"datazone:GetMetadataGenerationRun\",\"datazone:GetProject\",\"datazone:GetProjectProfile\",\"datazone:GetSubscription\",\"datazone:GetSubscriptionEligibility\",\"datazone:GetSubscriptionGrant\",\"datazone:GetSubscriptionRequestDetails\",\"datazone:GetSubscriptionTarget\",\"datazone:GetTimeSeriesDataPoint\",\"datazone:GetUserProfile\",\"datazone:ListAccountEnvironments\",\"datazone:ListAssetRevisions\",\"datazone:ListDataProductRevisions\",\"datazone:ListDataSourceRunActivities\",\"datazone:ListDataSourceRuns\",\"datazone:ListDataSources\",\"datazone:ListDomains\",\"datazone:ListDomainUnitsForParent\",\"datazone:ListEntityOwners\",\"datazone:ListEnvironmentActions\",\"datazone:ListEnvironmentBlueprintConfigurations\",\"datazone:ListEnvironmentBlueprintConfigurationSummaries\",\"datazone:ListEnvironmentBlueprints\",\"datazone:ListEnvironmentProfiles\",\"datazone:ListEnvironments\",\"datazone:ListGroupsForUser\",\"datazone:ListLineageNodeHistory\",\"datazone:ListNotifications\",\"datazone:ListPolicyGrants\",\"datazone:ListProjectMemberships\",\"datazone:ListProjectProfiles\",\"datazone:ListProjects\",\"datazone:ListSubscriptionGrants\",\"datazone:ListSubscriptionRequests\",\"datazone:ListSubscriptions\",\"datazone:ListSubscriptionTargets\",\"datazone:ListTagsForResource\",\"datazone:ListTimeSeriesDataPoints\",\"datazone:Search\",\"datazone:SearchGroupProfiles\",\"datazone:SearchListings\",\"datazone:SearchTypes\",\"datazone:SearchUserProfiles\",\"dax:BatchGetItem\",\"dax:Describe*\",\"dax:GetItem\",\"dax:ListTags\",\"dax:Query\",\"dax:Scan\",\"deadline:BatchGetJobEntity\",\"deadline:GetApplicationVersion\",\"deadline:GetBudget\",\"deadline:GetFarm\",\"deadline:GetFleet\",\"deadline:GetJob\",\"deadline:GetLicenseEndpoint\",\"deadline:GetMonitor\",\"deadline:GetQueue\",\"deadline:GetQueueEnvironment\",\"deadline:GetQueueFleetAssociation\",\"deadline:GetSession\",\"deadline:GetSessionAction\",\"deadline:GetSessionsStatisticsAggregation\",\"deadline:GetStep\",\"deadline:GetStorageProfile\",\"deadline:GetStorageProfileForQueue\",\"deadline:GetTask\",\"deadline:GetWorker\",\"deadline:ListAvailableMeteredProducts\",\"deadline:ListBudgets\",\"deadline:ListFarmMembers\",\"deadline:ListFarms\",\"deadline:ListFleetMembers\",\"deadline:ListFleets\",\"deadline:ListJobMembers\",\"deadline:ListJobParameterDefinitions\",\"deadline:ListJobs\",\"deadline:ListLicenseEndpoints\",\"deadline:ListMeteredProducts\",\"deadline:ListMonitors\",\"deadline:ListQueueEnvironments\",\"deadline:ListQueueFleetAssociations\",\"deadline:ListQueueMembers\",\"deadline:ListQueues\",\"deadline:ListSessionActions\",\"deadline:ListSessions\",\"deadline:ListSessionsForWorker\",\"deadline:ListStepConsumers\",\"deadline:ListStepDependencies\",\"deadline:ListSteps\",\"deadline:ListStorageProfiles\",\"deadline:ListStorageProfilesForQueue\",\"deadline:ListTagsForResource\",\"deadline:ListTasks\",\"deadline:ListWorkers\",\"deadline:SearchJobs\",\"deadline:SearchSteps\",\"deadline:SearchTasks\",\"deadline:SearchWorkers\",\"deepcomposer:GetComposition\",\"deepcomposer:GetModel\",\"deepcomposer:GetSampleModel\",\"deepcomposer:ListCompositions\",\"deepcomposer:ListModels\",\"deepcomposer:ListSampleModels\",\"deepcomposer:ListTrainingTopics\",\"detective:BatchGetGraphMemberDatasources\",\"detective:BatchGetMembershipDatasources\",\"detective:Get*\",\"detective:List*\",\"detective:SearchGraph\",\"devicefarm:Get*\",\"devicefarm:List*\",\"devops-guru:DescribeAccountHealth\",\"devops-guru:DescribeAccountOverview\",\"devops-guru:DescribeAnomaly\",\"devops-guru:DescribeEventSourcesConfig\",\"devops-guru:DescribeFeedback\",\"devops-guru:DescribeInsight\",\"devops-guru:DescribeOrganizationHealth\",\"devops-guru:DescribeOrganizationOverview\",\"devops-guru:DescribeOrganizationResourceCollectionHealth\",\"devops-guru:DescribeResourceCollectionHealth\",\"devops-guru:DescribeServiceIntegration\",\"devops-guru:GetCostEstimation\",\"devops-guru:GetResourceCollection\",\"devops-guru:ListAnomaliesForInsight\",\"devops-guru:ListAnomalousLogGroups\",\"devops-guru:ListEvents\",\"devops-guru:ListInsights\",\"devops-guru:ListMonitoredResources\",\"devops-guru:ListNotificationChannels\",\"devops-guru:ListOrganizationInsights\",\"devops-guru:ListRecommendations\",\"devops-guru:SearchInsights\",\"devops-guru:StartCostEstimation\",\"directconnect:Describe*\",\"discovery:Describe*\",\"discovery:Get*\",\"discovery:List*\",\"dlm:Get*\",\"dms:Describe*\",\"dms:List*\",\"dms:Test*\",\"drs:DescribeJobLogItems\",\"drs:DescribeJobs\",\"drs:DescribeLaunchConfigurationTemplates\",\"drs:DescribeRecoveryInstances\",\"drs:DescribeRecoverySnapshots\",\"drs:DescribeReplicationConfigurationTemplates\",\"drs:DescribeSourceNetworks\",\"drs:DescribeSourceServers\",\"drs:GetFailbackReplicationConfiguration\",\"drs:GetLaunchConfiguration\",\"drs:GetReplicationConfiguration\",\"drs:ListExtensibleSourceServers\",\"drs:ListLaunchActions\",\"drs:ListStagingAccounts\",\"drs:ListTagsForResource\",\"ds:Check*\",\"ds:Describe*\",\"ds:Get*\",\"ds:List*\",\"ds:Verify*\",\"dynamodb:BatchGet*\",\"dynamodb:Describe*\",\"dynamodb:Get*\",\"dynamodb:List*\",\"dynamodb:PartiQLSelect\",\"dynamodb:Query\",\"dynamodb:Scan\",\"ec2:Describe*\",\"ec2:Get*\",\"ec2:ListImagesInRecycleBin\",\"ec2:ListSnapshotsInRecycleBin\",\"ec2:SearchLocalGatewayRoutes\",\"ec2:SearchTransitGatewayRoutes\",\"ec2messages:Get*\",\"ecr-public:BatchCheckLayerAvailability\",\"ecr-public:DescribeImages\",\"ecr-public:DescribeImageTags\",\"ecr-public:DescribeRegistries\",\"ecr-public:DescribeRepositories\",\"ecr-public:GetAuthorizationToken\",\"ecr-public:GetRegistryCatalogData\",\"ecr-public:GetRepositoryCatalogData\",\"ecr-public:GetRepositoryPolicy\",\"ecr-public:ListTagsForResource\",\"ecr:BatchCheck*\",\"ecr:BatchGet*\",\"ecr:Describe*\",\"ecr:Get*\",\"ecr:List*\",\"ecs:Describe*\",\"ecs:List*\",\"eks:Describe*\",\"eks:List*\",\"elastic-inference:DescribeAcceleratorOfferings\",\"elastic-inference:DescribeAccelerators\",\"elastic-inference:DescribeAcceleratorTypes\",\"elastic-inference:ListTagsForResource\",\"elasticache:Describe*\",\"elasticache:List*\",\"elasticbeanstalk:Check*\",\"elasticbeanstalk:Describe*\",\"elasticbeanstalk:List*\",\"elasticbeanstalk:Request*\",\"elasticbeanstalk:Retrieve*\",\"elasticbeanstalk:Validate*\",\"elasticfilesystem:Describe*\",\"elasticfilesystem:ListTagsForResource\",\"elasticloadbalancing:Describe*\",\"elasticmapreduce:Describe*\",\"elasticmapreduce:GetBlockPublicAccessConfiguration\",\"elasticmapreduce:List*\",\"elasticmapreduce:View*\",\"elastictranscoder:List*\",\"elastictranscoder:Read*\",\"elemental-appliances-software:Get*\",\"elemental-appliances-software:List*\",\"emr-containers:DescribeJobRun\",\"emr-containers:DescribeManagedEndpoint\",\"emr-containers:DescribeVirtualCluster\",\"emr-containers:ListJobRuns\",\"emr-containers:ListManagedEndpoints\",\"emr-containers:ListTagsForResource\",\"emr-containers:ListVirtualClusters\",\"emr-serverless:GetApplication\",\"emr-serverless:GetDashboardForJobRun\",\"emr-serverless:GetJobRun\",\"emr-serverless:ListApplications\",\"emr-serverless:ListJobRuns\",\"emr-serverless:ListTagsForResource\",\"es:Describe*\",\"es:ESHttpGet\",\"es:ESHttpHead\",\"es:Get*\",\"es:List*\",\"events:Describe*\",\"events:List*\",\"events:Test*\",\"evidently:GetExperiment\",\"evidently:GetExperimentResults\",\"evidently:GetFeature\",\"evidently:GetLaunch\",\"evidently:GetProject\",\"evidently:GetSegment\",\"evidently:ListExperiments\",\"evidently:ListFeatures\",\"evidently:ListLaunches\",\"evidently:ListProjects\",\"evidently:ListSegmentReferences\",\"evidently:ListSegments\",\"evidently:ListTagsForResource\",\"evidently:TestSegmentPattern\",\"firehose:Describe*\",\"firehose:List*\",\"fis:GetAction\",\"fis:GetExperiment\",\"fis:GetExperimentTargetAccountConfiguration\",\"fis:GetExperimentTemplate\",\"fis:GetTargetAccountConfiguration\",\"fis:GetTargetResourceType\",\"fis:ListActions\",\"fis:ListExperimentResolvedTargets\",\"fis:ListExperiments\",\"fis:ListExperimentTargetAccountConfigurations\",\"fis:ListExperimentTemplates\",\"fis:ListTagsForResource\",\"fis:ListTargetAccountConfigurations\",\"fis:ListTargetResourceTypes\",\"fms:GetAdminAccount\",\"fms:GetAppsList\",\"fms:GetComplianceDetail\",\"fms:GetNotificationChannel\",\"fms:GetPolicy\",\"fms:GetProtectionStatus\",\"fms:GetProtocolsList\",\"fms:GetViolationDetails\",\"fms:ListAppsLists\",\"fms:ListComplianceStatus\",\"fms:ListMemberAccounts\",\"fms:ListPolicies\",\"fms:ListProtocolsLists\",\"fms:ListTagsForResource\",\"forecast:DescribeAutoPredictor\",\"forecast:DescribeDataset\",\"forecast:DescribeDatasetGroup\",\"forecast:DescribeDatasetImportJob\",\"forecast:DescribeExplainability\",\"forecast:DescribeExplainabilityExport\",\"forecast:DescribeForecast\",\"forecast:DescribeForecastExportJob\",\"forecast:DescribeMonitor\",\"forecast:DescribePredictor\",\"forecast:DescribePredictorBacktestExportJob\",\"forecast:DescribeWhatIfAnalysis\",\"forecast:DescribeWhatIfForecast\",\"forecast:DescribeWhatIfForecastExport\",\"forecast:GetAccuracyMetrics\",\"forecast:ListDatasetGroups\",\"forecast:ListDatasetImportJobs\",\"forecast:ListDatasets\",\"forecast:ListExplainabilities\",\"forecast:ListExplainabilityExports\",\"forecast:ListForecastExportJobs\",\"forecast:ListForecasts\",\"forecast:ListMonitorEvaluations\",\"forecast:ListMonitors\",\"forecast:ListPredictorBacktestExportJobs\",\"forecast:ListPredictors\",\"forecast:ListWhatIfAnalyses\",\"forecast:ListWhatIfForecastExports\",\"forecast:ListWhatIfForecasts\",\"forecast:QueryForecast\",\"forecast:QueryWhatIfForecast\",\"frauddetector:BatchGetVariable\",\"frauddetector:DescribeDetector\",\"frauddetector:DescribeModelVersions\",\"frauddetector:GetBatchImportJobs\",\"frauddetector:GetBatchPredictionJobs\",\"frauddetector:GetDeleteEventsByEventTypeStatus\",\"frauddetector:GetDetectors\",\"frauddetector:GetDetectorVersion\",\"frauddetector:GetEntityTypes\",\"frauddetector:GetEvent\",\"frauddetector:GetEventPredictionMetadata\",\"frauddetector:GetEventTypes\",\"frauddetector:GetExternalModels\",\"frauddetector:GetKMSEncryptionKey\",\"frauddetector:GetLabels\",\"frauddetector:GetListElements\",\"frauddetector:GetListsMetadata\",\"frauddetector:GetModels\",\"frauddetector:GetModelVersion\",\"frauddetector:GetOutcomes\",\"frauddetector:GetRules\",\"frauddetector:GetVariables\",\"frauddetector:ListEventPredictions\",\"frauddetector:ListTagsForResource\",\"freertos:Describe*\",\"freertos:List*\",\"freetier:GetFreeTierAlertPreference\",\"freetier:GetFreeTierUsage\",\"fsx:Describe*\",\"fsx:List*\",\"gamelift:Describe*\",\"gamelift:Get*\",\"gamelift:List*\",\"gamelift:ResolveAlias\",\"gamelift:Search*\",\"glacier:Describe*\",\"glacier:Get*\",\"glacier:List*\",\"globalaccelerator:Describe*\",\"globalaccelerator:List*\",\"glue:BatchGetCrawlers\",\"glue:BatchGetDevEndpoints\",\"glue:BatchGetJobs\",\"glue:BatchGetPartition\",\"glue:BatchGetTableOptimizer\",\"glue:BatchGetTriggers\",\"glue:BatchGetWorkflows\",\"glue:CheckSchemaVersionValidity\",\"glue:GetCatalogImportStatus\",\"glue:GetClassifier\",\"glue:GetClassifiers\",\"glue:GetCrawler\",\"glue:GetCrawlerMetrics\",\"glue:GetCrawlers\",\"glue:GetDatabase\",\"glue:GetDatabases\",\"glue:GetDataCatalogEncryptionSettings\",\"glue:GetDataflowGraph\",\"glue:GetDevEndpoint\",\"glue:GetDevEndpoints\",\"glue:GetJob\",\"glue:GetJobBookmark\",\"glue:GetJobRun\",\"glue:GetJobRuns\",\"glue:GetJobs\",\"glue:GetMapping\",\"glue:GetMLTaskRun\",\"glue:GetMLTaskRuns\",\"glue:GetMLTransform\",\"glue:GetMLTransforms\",\"glue:GetPartition\",\"glue:GetPartitions\",\"glue:GetPlan\",\"glue:GetRegistry\",\"glue:GetResourcePolicy\",\"glue:GetSchema\",\"glue:GetSchemaByDefinition\",\"glue:GetSchemaVersion\",\"glue:GetSchemaVersionsDiff\",\"glue:GetSecurityConfiguration\",\"glue:GetSecurityConfigurations\",\"glue:GetTable\",\"glue:GetTableOptimizer\",\"glue:GetTables\",\"glue:GetTableVersion\",\"glue:GetTableVersions\",\"glue:GetTags\",\"glue:GetTrigger\",\"glue:GetTriggers\",\"glue:GetUserDefinedFunction\",\"glue:GetUserDefinedFunctions\",\"glue:GetWorkflow\",\"glue:GetWorkflowRun\",\"glue:GetWorkflowRunProperties\",\"glue:GetWorkflowRuns\",\"glue:ListCrawlers\",\"glue:ListCrawls\",\"glue:ListDevEndpoints\",\"glue:ListJobs\",\"glue:ListMLTransforms\",\"glue:ListRegistries\",\"glue:ListSchemas\",\"glue:ListSchemaVersions\",\"glue:ListTableOptimizerRuns\",\"glue:ListTriggers\",\"glue:ListWorkflows\",\"glue:QuerySchemaVersionMetadata\",\"glue:SearchTables\",\"grafana:DescribeWorkspace\",\"grafana:DescribeWorkspaceAuthentication\",\"grafana:DescribeWorkspaceConfiguration\",\"grafana:ListPermissions\",\"grafana:ListTagsForResource\",\"grafana:ListVersions\",\"grafana:ListWorkspaces\",\"greengrass:DescribeComponent\",\"greengrass:Get*\",\"greengrass:List*\",\"groundstation:DescribeContact\",\"groundstation:GetConfig\",\"groundstation:GetDataflowEndpointGroup\",\"groundstation:GetMinuteUsage\",\"groundstation:GetMissionProfile\",\"groundstation:GetSatellite\",\"groundstation:ListConfigs\",\"groundstation:ListContacts\",\"groundstation:ListDataflowEndpointGroups\",\"groundstation:ListGroundStations\",\"groundstation:ListMissionProfiles\",\"groundstation:ListSatellites\",\"groundstation:ListTagsForResource\",\"guardduty:Describe*\",\"guardduty:Get*\",\"guardduty:List*\",\"health:Describe*\",\"healthlake:DescribeFHIRDatastore\",\"healthlake:DescribeFHIRExportJob\",\"healthlake:DescribeFHIRImportJob\",\"healthlake:GetCapabilities\",\"healthlake:ListFHIRDatastores\",\"healthlake:ListFHIRExportJobs\",\"healthlake:ListFHIRImportJobs\",\"healthlake:ListTagsForResource\",\"healthlake:ReadResource\",\"healthlake:SearchWithGet\",\"healthlake:SearchWithPost\",\"iam:Generate*\",\"iam:Get*\",\"iam:List*\",\"iam:Simulate*\",\"identity-sync:GetSyncProfile\",\"identity-sync:GetSyncTarget\",\"identity-sync:ListSyncFilters\",\"identitystore-auth:BatchGetSession\",\"identitystore-auth:ListSessions\",\"identitystore:DescribeGroup\",\"identitystore:DescribeGroupMembership\",\"identitystore:DescribeUser\",\"identitystore:GetGroupId\",\"identitystore:GetGroupMembershipId\",\"identitystore:GetUserId\",\"identitystore:IsMemberInGroups\",\"identitystore:ListGroupMemberships\",\"identitystore:ListGroupMembershipsForMember\",\"identitystore:ListGroups\",\"identitystore:ListUsers\",\"imagebuilder:Get*\",\"imagebuilder:List*\",\"importexport:Get*\",\"importexport:List*\",\"inspector:Describe*\",\"inspector:Get*\",\"inspector:List*\",\"inspector:Preview*\",\"inspector2:BatchGetAccountStatus\",\"inspector2:BatchGetFreeTrialInfo\",\"inspector2:DescribeOrganizationConfiguration\",\"inspector2:GetDelegatedAdminAccount\",\"inspector2:GetFindingsReportStatus\",\"inspector2:GetMember\",\"inspector2:ListAccountPermissions\",\"inspector2:ListCisScans\",\"inspector2:ListCoverage\",\"inspector2:ListCoverageStatistics\",\"inspector2:ListDelegatedAdminAccounts\",\"inspector2:ListFilters\",\"inspector2:ListFindingAggregations\",\"inspector2:ListFindings\",\"inspector2:ListMembers\",\"inspector2:ListTagsForResource\",\"inspector2:ListUsageTotals\",\"internetmonitor:GetHealthEvent\",\"internetmonitor:GetInternetEvent\",\"internetmonitor:GetMonitor\",\"internetmonitor:ListHealthEvents\",\"internetmonitor:ListInternetEvents\",\"internetmonitor:ListMonitors\",\"internetmonitor:ListTagsForResource\",\"invoicing:GetInvoiceEmailDeliveryPreferences\",\"invoicing:GetInvoicePDF\",\"invoicing:ListInvoiceSummaries\",\"iot:Describe*\",\"iot:Get*\",\"iot:List*\",\"iot1click:DescribeDevice\",\"iot1click:DescribePlacement\",\"iot1click:DescribeProject\",\"iot1click:GetDeviceMethods\",\"iot1click:GetDevicesInPlacement\",\"iot1click:ListDeviceEvents\",\"iot1click:ListDevices\",\"iot1click:ListPlacements\",\"iot1click:ListProjects\",\"iot1click:ListTagsForResource\",\"iotanalytics:Describe*\",\"iotanalytics:Get*\",\"iotanalytics:List*\",\"iotanalytics:SampleChannelData\",\"iotevents:DescribeAlarm\",\"iotevents:DescribeAlarmModel\",\"iotevents:DescribeDetector\",\"iotevents:DescribeDetectorModel\",\"iotevents:DescribeInput\",\"iotevents:DescribeLoggingOptions\",\"iotevents:ListAlarmModels\",\"iotevents:ListAlarmModelVersions\",\"iotevents:ListAlarms\",\"iotevents:ListDetectorModels\",\"iotevents:ListDetectorModelVersions\",\"iotevents:ListDetectors\",\"iotevents:ListInputs\",\"iotevents:ListTagsForResource\",\"iotfleethub:DescribeApplication\",\"iotfleethub:ListApplications\",\"iotfleetwise:GetCampaign\",\"iotfleetwise:GetDecoderManifest\",\"iotfleetwise:GetFleet\",\"iotfleetwise:GetLoggingOptions\",\"iotfleetwise:GetModelManifest\",\"iotfleetwise:GetRegisterAccountStatus\",\"iotfleetwise:GetSignalCatalog\",\"iotfleetwise:GetVehicle\",\"iotfleetwise:GetVehicleStatus\",\"iotfleetwise:ListCampaigns\",\"iotfleetwise:ListDecoderManifestNetworkInterfaces\",\"iotfleetwise:ListDecoderManifests\",\"iotfleetwise:ListDecoderManifestSignals\",\"iotfleetwise:ListFleets\",\"iotfleetwise:ListFleetsForVehicle\",\"iotfleetwise:ListModelManifestNodes\",\"iotfleetwise:ListModelManifests\",\"iotfleetwise:ListSignalCatalogNodes\",\"iotfleetwise:ListSignalCatalogs\",\"iotfleetwise:ListTagsForResource\",\"iotfleetwise:ListVehicles\",\"iotfleetwise:ListVehiclesInFleet\",\"iotroborunner:GetDestination\",\"iotroborunner:GetSite\",\"iotroborunner:GetWorker\",\"iotroborunner:GetWorkerFleet\",\"iotroborunner:ListDestinations\",\"iotroborunner:ListSites\",\"iotroborunner:ListWorkerFleets\",\"iotroborunner:ListWorkers\",\"iotsitewise:Describe*\",\"iotsitewise:Get*\",\"iotsitewise:List*\",\"iotwireless:GetDestination\",\"iotwireless:GetDeviceProfile\",\"iotwireless:GetEventConfigurationByResourceTypes\",\"iotwireless:GetFuotaTask\",\"iotwireless:GetLogLevelsByResourceTypes\",\"iotwireless:GetMetricConfiguration\",\"iotwireless:GetMetrics\",\"iotwireless:GetMulticastGroup\",\"iotwireless:GetMulticastGroupSession\",\"iotwireless:GetNetworkAnalyzerConfiguration\",\"iotwireless:GetPartnerAccount\",\"iotwireless:GetPosition\",\"iotwireless:GetPositionConfiguration\",\"iotwireless:GetPositionEstimate\",\"iotwireless:GetResourceEventConfiguration\",\"iotwireless:GetResourceLogLevel\",\"iotwireless:GetResourcePosition\",\"iotwireless:GetServiceEndpoint\",\"iotwireless:GetServiceProfile\",\"iotwireless:GetWirelessDevice\",\"iotwireless:GetWirelessDeviceImportTask\",\"iotwireless:GetWirelessDeviceStatistics\",\"iotwireless:GetWirelessGateway\",\"iotwireless:GetWirelessGatewayCertificate\",\"iotwireless:GetWirelessGatewayFirmwareInformation\",\"iotwireless:GetWirelessGatewayStatistics\",\"iotwireless:GetWirelessGatewayTask\",\"iotwireless:GetWirelessGatewayTaskDefinition\",\"iotwireless:ListDestinations\",\"iotwireless:ListDeviceProfiles\",\"iotwireless:ListDevicesForWirelessDeviceImportTask\",\"iotwireless:ListEventConfigurations\",\"iotwireless:ListFuotaTasks\",\"iotwireless:ListMulticastGroups\",\"iotwireless:ListMulticastGroupsByFuotaTask\",\"iotwireless:ListNetworkAnalyzerConfigurations\",\"iotwireless:ListPartnerAccounts\",\"iotwireless:ListPositionConfigurations\",\"iotwireless:ListQueuedMessages\",\"iotwireless:ListServiceProfiles\",\"iotwireless:ListTagsForResource\",\"iotwireless:ListWirelessDeviceImportTasks\",\"iotwireless:ListWirelessDevices\",\"iotwireless:ListWirelessGateways\",\"iotwireless:ListWirelessGatewayTaskDefinitions\",\"ivs:BatchGetChannel\",\"ivs:GetChannel\",\"ivs:GetComposition\",\"ivs:GetEncoderConfiguration\",\"ivs:GetIngestConfiguration\",\"ivs:GetPublicKey\",\"ivs:GetParticipant\",\"ivs:GetPlaybackKeyPair\",\"ivs:GetPlaybackRestrictionPolicy\",\"ivs:GetRecordingConfiguration\",\"ivs:GetStage\",\"ivs:GetStageSession\",\"ivs:GetStreamSession\",\"ivs:ListChannels\",\"ivs:ListCompositions\",\"ivs:ListEncoderConfigurations\",\"ivs:ListIngestConfigurations\",\"ivs:ListParticipantEvents\",\"ivs:ListParticipants\",\"ivs:ListPlaybackKeyPairs\",\"ivs:ListPlaybackRestrictionPolicies\",\"ivs:ListPublicKeys\",\"ivs:ListRecordingConfigurations\",\"ivs:ListStages\",\"ivs:ListStageSessions\",\"ivs:ListStreamKeys\",\"ivs:ListStreams\",\"ivs:ListStreamSessions\",\"ivs:ListTagsForResource\",\"ivschat:GetLoggingConfiguration\",\"ivschat:GetRoom\",\"ivschat:ListLoggingConfigurations\",\"ivschat:ListRooms\",\"ivschat:ListTagsForResource\",\"kafka:Describe*\",\"kafka:DescribeCluster\",\"kafka:DescribeClusterOperation\",\"kafka:DescribeClusterV2\",\"kafka:DescribeConfiguration\",\"kafka:DescribeConfigurationRevision\",\"kafka:Get*\",\"kafka:GetBootstrapBrokers\",\"kafka:GetCompatibleKafkaVersions\",\"kafka:List*\",\"kafka:ListClusterOperations\",\"kafka:ListClusters\",\"kafka:ListClustersV2\",\"kafka:ListConfigurationRevisions\",\"kafka:ListConfigurations\",\"kafka:ListKafkaVersions\",\"kafka:ListNodes\",\"kafka:ListTagsForResource\",\"kafkaconnect:DescribeConnector\",\"kafkaconnect:DescribeCustomPlugin\",\"kafkaconnect:DescribeWorkerConfiguration\",\"kafkaconnect:ListConnectors\",\"kafkaconnect:ListCustomPlugins\",\"kafkaconnect:ListWorkerConfigurations\",\"kendra:BatchGetDocumentStatus\",\"kendra:DescribeDataSource\",\"kendra:DescribeExperience\",\"kendra:DescribeFaq\",\"kendra:DescribeIndex\",\"kendra:DescribePrincipalMapping\",\"kendra:DescribeQuerySuggestionsBlockList\",\"kendra:DescribeQuerySuggestionsConfig\",\"kendra:DescribeThesaurus\",\"kendra:GetQuerySuggestions\",\"kendra:GetSnapshots\",\"kendra:ListDataSources\",\"kendra:ListDataSourceSyncJobs\",\"kendra:ListEntityPersonas\",\"kendra:ListExperienceEntities\",\"kendra:ListExperiences\",\"kendra:ListFaqs\",\"kendra:ListGroupsOlderThanOrderingId\",\"kendra:ListIndices\",\"kendra:ListQuerySuggestionsBlockLists\",\"kendra:ListTagsForResource\",\"kendra:ListThesauri\",\"kendra:Query\",\"kinesis:Describe*\",\"kinesis:Get*\",\"kinesis:List*\",\"kinesisanalytics:Describe*\",\"kinesisanalytics:Discover*\",\"kinesisanalytics:Get*\",\"kinesisanalytics:List*\",\"kinesisvideo:Describe*\",\"kinesisvideo:Get*\",\"kinesisvideo:List*\",\"kms:Describe*\",\"kms:Get*\",\"kms:List*\",\"lakeformation:DescribeResource\",\"lakeformation:GetDataCellsFilter\",\"lakeformation:GetDataLakeSettings\",\"lakeformation:GetEffectivePermissionsForPath\",\"lakeformation:GetLfTag\",\"lakeformation:GetResourceLfTags\",\"lakeformation:ListDataCellsFilter\",\"lakeformation:ListLfTags\",\"lakeformation:ListPermissions\",\"lakeformation:ListResources\",\"lakeformation:ListTableStorageOptimizers\",\"lakeformation:SearchDatabasesByLfTags\",\"lakeformation:SearchTablesByLfTags\",\"lambda:Get*\",\"lambda:List*\",\"launchwizard:DescribeAdditionalNode\",\"launchwizard:DescribeProvisionedApp\",\"launchwizard:DescribeProvisioningEvents\",\"launchwizard:DescribeSettingsSet\",\"launchwizard:GetDeployment\",\"launchwizard:GetInfrastructureSuggestion\",\"launchwizard:GetIpAddress\",\"launchwizard:GetResourceCostEstimate\",\"launchwizard:GetResourceRecommendation\",\"launchwizard:GetSettingsSet\",\"launchwizard:GetWorkload\",\"launchwizard:GetWorkloadAsset\",\"launchwizard:GetWorkloadAssets\",\"launchwizard:GetWorkloadDeploymentPattern\",\"launchwizard:ListAdditionalNodes\",\"launchwizard:ListAllowedResources\",\"launchwizard:ListDeploymentEvents\",\"launchwizard:ListDeployments\",\"launchwizard:ListProvisionedApps\",\"launchwizard:ListResourceCostEstimates\",\"launchwizard:ListSettingsSets\",\"launchwizard:ListTagsForResource\",\"launchwizard:ListWorkloadDeploymentOptions\",\"launchwizard:ListWorkloadDeploymentPatterns\",\"launchwizard:ListWorkloads\",\"lex:DescribeBot\",\"lex:DescribeBotAlias\",\"lex:DescribeBotChannel\",\"lex:DescribeBotLocale\",\"lex:DescribeBotReplica\",\"lex:DescribeBotVersion\",\"lex:DescribeExport\",\"lex:DescribeImport\",\"lex:DescribeIntent\",\"lex:DescribeResourcePolicy\",\"lex:DescribeSlot\",\"lex:DescribeSlotType\",\"lex:Get*\",\"lex:ListBotAliases\",\"lex:ListBotAliasReplicas\",\"lex:ListBotChannels\",\"lex:ListBotLocales\",\"lex:ListBotReplicas\",\"lex:ListBots\",\"lex:ListBotVersionReplicas\",\"lex:ListBotVersions\",\"lex:ListBuiltInIntents\",\"lex:ListBuiltInSlotTypes\",\"lex:ListExports\",\"lex:ListImports\",\"lex:ListIntents\",\"lex:ListSlots\",\"lex:ListSlotTypes\",\"lex:ListTagsForResource\",\"license-manager:Get*\",\"license-manager:List*\",\"lightsail:GetActiveNames\",\"lightsail:GetAlarms\",\"lightsail:GetAutoSnapshots\",\"lightsail:GetBlueprints\",\"lightsail:GetBucketAccessKeys\",\"lightsail:GetBucketBundles\",\"lightsail:GetBucketMetricData\",\"lightsail:GetBuckets\",\"lightsail:GetBundles\",\"lightsail:GetCertificates\",\"lightsail:GetCloudFormationStackRecords\",\"lightsail:GetContainerAPIMetadata\",\"lightsail:GetContainerImages\",\"lightsail:GetContainerServiceDeployments\",\"lightsail:GetContainerServiceMetricData\",\"lightsail:GetContainerServicePowers\",\"lightsail:GetContainerServices\",\"lightsail:GetDisk\",\"lightsail:GetDisks\",\"lightsail:GetDiskSnapshot\",\"lightsail:GetDiskSnapshots\",\"lightsail:GetDistributionBundles\",\"lightsail:GetDistributionLatestCacheReset\",\"lightsail:GetDistributionMetricData\",\"lightsail:GetDistributions\",\"lightsail:GetDomain\",\"lightsail:GetDomains\",\"lightsail:GetExportSnapshotRecords\",\"lightsail:GetInstance\",\"lightsail:GetInstanceMetricData\",\"lightsail:GetInstancePortStates\",\"lightsail:GetInstances\",\"lightsail:GetInstanceSnapshot\",\"lightsail:GetInstanceSnapshots\",\"lightsail:GetInstanceState\",\"lightsail:GetKeyPair\",\"lightsail:GetKeyPairs\",\"lightsail:GetLoadBalancer\",\"lightsail:GetLoadBalancerMetricData\",\"lightsail:GetLoadBalancers\",\"lightsail:GetLoadBalancerTlsCertificates\",\"lightsail:GetOperation\",\"lightsail:GetOperations\",\"lightsail:GetOperationsForResource\",\"lightsail:GetRegions\",\"lightsail:GetRelationalDatabase\",\"lightsail:GetRelationalDatabaseBlueprints\",\"lightsail:GetRelationalDatabaseBundles\",\"lightsail:GetRelationalDatabaseEvents\",\"lightsail:GetRelationalDatabaseLogEvents\",\"lightsail:GetRelationalDatabaseLogStreams\",\"lightsail:GetRelationalDatabaseMetricData\",\"lightsail:GetRelationalDatabaseParameters\",\"lightsail:GetRelationalDatabases\",\"lightsail:GetRelationalDatabaseSnapshot\",\"lightsail:GetRelationalDatabaseSnapshots\",\"lightsail:GetStaticIp\",\"lightsail:GetStaticIps\",\"lightsail:Is*\",\"logs:Describe*\",\"logs:FilterLogEvents\",\"logs:Get*\",\"logs:ListAnomalies\",\"logs:ListLogAnomalyDetectors\",\"logs:ListLogDeliveries\",\"logs:ListTagsForResource\",\"logs:ListTagsLogGroup\",\"logs:StartLiveTail\",\"logs:StartQuery\",\"logs:StopLiveTail\",\"logs:StopQuery\",\"logs:TestMetricFilter\",\"lookoutequipment:DescribeDataIngestionJob\",\"lookoutequipment:DescribeDataset\",\"lookoutequipment:DescribeInferenceScheduler\",\"lookoutequipment:DescribeLabel\",\"lookoutequipment:DescribeLabelGroup\",\"lookoutequipment:DescribeModel\",\"lookoutequipment:DescribeModelVersion\",\"lookoutequipment:DescribeResourcePolicy\",\"lookoutequipment:DescribeRetrainingScheduler\",\"lookoutequipment:ListDataIngestionJobs\",\"lookoutequipment:ListDatasets\",\"lookoutequipment:ListInferenceEvents\",\"lookoutequipment:ListInferenceExecutions\",\"lookoutequipment:ListInferenceSchedulers\",\"lookoutequipment:ListLabelGroups\",\"lookoutequipment:ListLabels\",\"lookoutequipment:ListModels\",\"lookoutequipment:ListModelVersions\",\"lookoutequipment:ListRetrainingSchedulers\",\"lookoutequipment:ListSensorStatistics\",\"lookoutequipment:ListTagsForResource\",\"lookoutmetrics:Describe*\",\"lookoutmetrics:Get*\",\"lookoutmetrics:List*\",\"lookoutvision:DescribeDataset\",\"lookoutvision:DescribeModel\",\"lookoutvision:DescribeModelPackagingJob\",\"lookoutvision:DescribeProject\",\"lookoutvision:ListDatasetEntries\",\"lookoutvision:ListModelPackagingJobs\",\"lookoutvision:ListModels\",\"lookoutvision:ListProjects\",\"lookoutvision:ListTagsForResource\",\"m2:GetApplication\",\"m2:GetApplicationVersion\",\"m2:GetBatchJobExecution\",\"m2:GetDataSetDetails\",\"m2:GetDataSetImportTask\",\"m2:GetDeployment\",\"m2:GetEnvironment\",\"m2:ListApplications\",\"m2:ListApplicationVersions\",\"m2:ListBatchJobDefinitions\",\"m2:ListBatchJobExecutions\",\"m2:ListDataSetImportHistory\",\"m2:ListDataSets\",\"m2:ListDeployments\",\"m2:ListEngineVersions\",\"m2:ListEnvironments\",\"m2:ListTagsForResource\",\"machinelearning:Describe*\",\"machinelearning:Get*\",\"macie2:BatchGetCustomDataIdentifiers\",\"macie2:DescribeBuckets\",\"macie2:DescribeClassificationJob\",\"macie2:DescribeOrganizationConfiguration\",\"macie2:GetAdministratorAccount\",\"macie2:GetAllowList\",\"macie2:GetAutomatedDiscoveryConfiguration\",\"macie2:GetBucketStatistics\",\"macie2:GetClassificationExportConfiguration\",\"macie2:GetClassificationScope\",\"macie2:GetCustomDataIdentifier\",\"macie2:GetFindings\",\"macie2:GetFindingsFilter\",\"macie2:GetFindingsPublicationConfiguration\",\"macie2:GetFindingStatistics\",\"macie2:GetInvitationsCount\",\"macie2:GetMacieSession\",\"macie2:GetMember\",\"macie2:GetResourceProfile\",\"macie2:GetRevealConfiguration\",\"macie2:GetSensitiveDataOccurrencesAvailability\",\"macie2:GetSensitivityInspectionTemplate\",\"macie2:GetUsageStatistics\",\"macie2:GetUsageTotals\",\"macie2:ListAllowLists\",\"macie2:ListAutomatedDiscoveryAccounts\",\"macie2:ListClassificationJobs\",\"macie2:ListClassificationScopes\",\"macie2:ListCustomDataIdentifiers\",\"macie2:ListFindings\",\"macie2:ListFindingsFilters\",\"macie2:ListInvitations\",\"macie2:ListMembers\",\"macie2:ListOrganizationAdminAccounts\",\"macie2:ListResourceProfileArtifacts\",\"macie2:ListResourceProfileDetections\",\"macie2:ListSensitivityInspectionTemplates\",\"macie2:ListTagsForResource\",\"macie2:SearchResources\",\"managedblockchain:GetMember\",\"managedblockchain:GetNetwork\",\"managedblockchain:GetNode\",\"managedblockchain:GetProposal\",\"managedblockchain:ListInvitations\",\"managedblockchain:ListMembers\",\"managedblockchain:ListNetworks\",\"managedblockchain:ListNodes\",\"managedblockchain:ListProposals\",\"managedblockchain:ListProposalVotes\",\"managedblockchain:ListTagsForResource\",\"mediaconnect:DescribeFlow\",\"mediaconnect:DescribeOffering\",\"mediaconnect:DescribeReservation\",\"mediaconnect:ListEntitlements\",\"mediaconnect:ListFlows\",\"mediaconnect:ListOfferings\",\"mediaconnect:ListReservations\",\"mediaconnect:ListTagsForResource\",\"mediaconvert:DescribeEndpoints\",\"mediaconvert:Get*\",\"mediaconvert:List*\",\"medialive:DescribeChannel\",\"medialive:DescribeInput\",\"medialive:DescribeInputDevice\",\"medialive:DescribeInputDeviceThumbnail\",\"medialive:DescribeInputSecurityGroup\",\"medialive:DescribeMultiplex\",\"medialive:DescribeMultiplexProgram\",\"medialive:DescribeOffering\",\"medialive:DescribeReservation\",\"medialive:DescribeSchedule\",\"medialive:GetCloudWatchAlarmTemplate\",\"medialive:GetCloudWatchAlarmTemplateGroup\",\"medialive:GetEventBridgeRuleTemplate\",\"medialive:GetEventBridgeRuleTemplateGroup\",\"medialive:GetSignalMap\",\"medialive:ListChannels\",\"medialive:ListCloudWatchAlarmTemplateGroups\",\"medialive:ListCloudWatchAlarmTemplates\",\"medialive:ListEventBridgeRuleTemplateGroups\",\"medialive:ListEventBridgeRuleTemplates\",\"medialive:ListInputDevices\",\"medialive:ListInputDeviceTransfers\",\"medialive:ListInputs\",\"medialive:ListInputSecurityGroups\",\"medialive:ListMultiplexes\",\"medialive:ListMultiplexPrograms\",\"medialive:ListOfferings\",\"medialive:ListReservations\",\"medialive:ListSignalMaps\",\"medialive:ListTagsForResource\",\"mediapackage-vod:Describe*\",\"mediapackage-vod:List*\",\"mediapackage:Describe*\",\"mediapackage:List*\",\"mediapackagev2:GetChannel\",\"mediapackagev2:GetChannelGroup\",\"mediapackagev2:GetChannelPolicy\",\"mediapackagev2:GetHeadObject\",\"mediapackagev2:GetObject\",\"mediapackagev2:GetOriginEndpoint\",\"mediapackagev2:GetOriginEndpointPolicy\",\"mediapackagev2:ListChannelGroups\",\"mediapackagev2:ListChannels\",\"mediapackagev2:ListOriginEndpoints\",\"mediapackagev2:ListTagsForResource\",\"mediastore:DescribeContainer\",\"mediastore:DescribeObject\",\"mediastore:GetContainerPolicy\",\"mediastore:GetCorsPolicy\",\"mediastore:GetLifecyclePolicy\",\"mediastore:GetMetricPolicy\",\"mediastore:GetObject\",\"mediastore:ListContainers\",\"mediastore:ListItems\",\"mediastore:ListTagsForResource\",\"memorydb:DescribeClusters\",\"memorydb:DescribeParameterGroups\",\"memorydb:DescribeParameters\",\"memorydb:ListTags\",\"mgh:Describe*\",\"mgh:GetHomeRegion\",\"mgh:List*\",\"mgn:DescribeJobLogItems\",\"mgn:DescribeJobs\",\"mgn:DescribeLaunchConfigurationTemplates\",\"mgn:DescribeReplicationConfigurationTemplates\",\"mgn:DescribeSourceServers\",\"mgn:DescribeVcenterClients\",\"mgn:GetLaunchConfiguration\",\"mgn:GetReplicationConfiguration\",\"mgn:ListApplications\",\"mgn:ListSourceServerActions\",\"mgn:ListTemplateActions\",\"mgn:ListWaves\",\"mobileanalytics:Get*\",\"mobiletargeting:Get*\",\"mobiletargeting:List*\",\"monitron:GetProject\",\"monitron:GetProjectAdminUser\",\"monitron:ListProjects\",\"monitron:ListTagsForResource\",\"mq:Describe*\",\"mq:List*\",\"network-firewall:DescribeFirewall\",\"network-firewall:DescribeFirewallPolicy\",\"network-firewall:DescribeLoggingConfiguration\",\"network-firewall:DescribeResourcePolicy\",\"network-firewall:DescribeRuleGroup\",\"network-firewall:DescribeRuleGroupMetadata\",\"network-firewall:DescribeTLSInspectionConfiguration\",\"network-firewall:ListFirewallPolicies\",\"network-firewall:ListFirewalls\",\"network-firewall:ListRuleGroups\",\"network-firewall:ListTagsForResource\",\"network-firewall:ListTLSInspectionConfigurations\",\"networkmanager:DescribeGlobalNetworks\",\"networkmanager:GetConnectAttachment\",\"networkmanager:GetConnections\",\"networkmanager:GetConnectPeer\",\"networkmanager:GetConnectPeerAssociations\",\"networkmanager:GetCoreNetwork\",\"networkmanager:GetCoreNetworkChangeEvents\",\"networkmanager:GetCoreNetworkChangeSet\",\"networkmanager:GetCoreNetworkPolicy\",\"networkmanager:GetCustomerGatewayAssociations\",\"networkmanager:GetDevices\",\"networkmanager:GetLinkAssociations\",\"networkmanager:GetLinks\",\"networkmanager:GetNetworkResourceCounts\",\"networkmanager:GetNetworkResourceRelationships\",\"networkmanager:GetNetworkResources\",\"networkmanager:GetNetworkRoutes\",\"networkmanager:GetNetworkTelemetry\",\"networkmanager:GetResourcePolicy\",\"networkmanager:GetRouteAnalysis\",\"networkmanager:GetSites\",\"networkmanager:GetSiteToSiteVpnAttachment\",\"networkmanager:GetTransitGatewayConnectPeerAssociations\",\"networkmanager:GetTransitGatewayPeering\",\"networkmanager:GetTransitGatewayRegistrations\",\"networkmanager:GetTransitGatewayRouteTableAttachment\",\"networkmanager:GetVpcAttachment\",\"networkmanager:ListAttachments\",\"networkmanager:ListConnectPeers\",\"networkmanager:ListCoreNetworkPolicyVersions\",\"networkmanager:ListCoreNetworks\",\"networkmanager:ListPeerings\",\"networkmanager:ListTagsForResource\",\"nimble:GetEula\",\"nimble:GetFeatureMap\",\"nimble:GetLaunchProfile\",\"nimble:GetLaunchProfileDetails\",\"nimble:GetLaunchProfileInitialization\",\"nimble:GetLaunchProfileMember\",\"nimble:GetStreamingImage\",\"nimble:GetStreamingSession\",\"nimble:GetStudio\",\"nimble:GetStudioComponent\",\"nimble:GetStudioMember\",\"nimble:ListEulaAcceptances\",\"nimble:ListEulas\",\"nimble:ListLaunchProfileMembers\",\"nimble:ListLaunchProfiles\",\"nimble:ListStreamingImages\",\"nimble:ListStreamingSessions\",\"nimble:ListStudioComponents\",\"nimble:ListStudioMembers\",\"nimble:ListStudios\",\"nimble:ListTagsForResource\",\"notifications-contacts:GetEmailContact\",\"notifications-contacts:ListEmailContacts\",\"notifications-contacts:ListTagsForResource\",\"notifications:GetEventRule\",\"notifications:GetNotificationConfiguration\",\"notifications:GetNotificationEvent\",\"notifications:ListChannels\",\"notifications:ListEventRules\",\"notifications:ListNotificationConfigurations\",\"notifications:ListNotificationEvents\",\"notifications:ListNotificationHubs\",\"notifications:ListTagsForResource\",\"oam:GetLink\",\"oam:GetSink\",\"oam:GetSinkPolicy\",\"oam:ListAttachedLinks\",\"oam:ListLinks\",\"oam:ListSinks\",\"omics:Get*\",\"omics:List*\",\"one:GetDeviceConfigurationTemplate\",\"one:GetDeviceInstance\",\"one:GetDeviceInstanceConfiguration\",\"one:GetSite\",\"one:GetSiteAddress\",\"one:ListDeviceConfigurationTemplates\",\"one:ListDeviceInstances\",\"one:ListSites\",\"one:ListUsers\",\"opsworks-cm:Describe*\",\"opsworks-cm:List*\",\"opsworks:Describe*\",\"opsworks:Get*\",\"organizations:Describe*\",\"organizations:List*\",\"osis:GetPipeline\",\"osis:GetPipelineBlueprint\",\"osis:GetPipelineChangeProgress\",\"osis:ListPipelineBlueprints\",\"osis:ListPipelines\",\"osis:ListTagsForResource\",\"outposts:Get*\",\"outposts:List*\",\"payment-cryptography:GetAlias\",\"payment-cryptography:GetKey\",\"payment-cryptography:GetPublicKeyCertificate\",\"payment-cryptography:ListAliases\",\"payment-cryptography:ListKeys\",\"payment-cryptography:ListTagsForResource\",\"payments:GetPaymentInstrument\",\"payments:GetPaymentStatus\",\"payments:ListPaymentInstruments\",\"payments:ListPaymentPreferences\",\"payments:ListTagsForResource\",\"pca-connector-ad:GetConnector\",\"pca-connector-ad:GetDirectoryRegistration\",\"pca-connector-ad:GetServicePrincipalName\",\"pca-connector-ad:GetTemplate\",\"pca-connector-ad:GetTemplateGroupAccessControlEntry\",\"pca-connector-ad:ListConnectors\",\"pca-connector-ad:ListDirectoryRegistrations\",\"pca-connector-ad:ListServicePrincipalNames\",\"pca-connector-ad:ListTagsForResource\",\"pca-connector-ad:ListTemplateGroupAccessControlEntries\",\"pca-connector-ad:ListTemplates\",\"pca-connector-scep:GetChallengeMetadata\",\"pca-connector-scep:GetConnector\",\"pca-connector-scep:ListChallengeMetadata\",\"pca-connector-scep:ListConnectors\",\"pca-connector-scep:ListTagsForResource\",\"personalize:Describe*\",\"personalize:Get*\",\"personalize:List*\",\"pi:DescribeDimensionKeys\",\"pi:GetDimensionKeyDetails\",\"pi:GetResourceMetadata\",\"pi:GetResourceMetrics\",\"pi:ListAvailableResourceDimensions\",\"pi:ListAvailableResourceMetrics\",\"pipes:DescribePipe\",\"pipes:ListPipes\",\"pipes:ListTagsForResource\",\"polly:Describe*\",\"polly:Get*\",\"polly:List*\",\"polly:SynthesizeSpeech\",\"pricing:DescribeServices\",\"pricing:GetAttributeValues\",\"pricing:GetPriceListFileUrl\",\"pricing:GetProducts\",\"pricing:ListPriceLists\",\"proton:GetDeployment\",\"proton:GetEnvironment\",\"proton:GetEnvironmentTemplate\",\"proton:GetEnvironmentTemplateVersion\",\"proton:GetService\",\"proton:GetServiceInstance\",\"proton:GetServiceTemplate\",\"proton:GetServiceTemplateVersion\",\"proton:ListDeployments\",\"proton:ListEnvironmentAccountConnections\",\"proton:ListEnvironments\",\"proton:ListEnvironmentTemplates\",\"proton:ListServiceInstances\",\"proton:ListServices\",\"proton:ListServiceTemplates\",\"proton:ListTagsForResource\",\"purchase-orders:GetPurchaseOrder\",\"purchase-orders:ListPurchaseOrderInvoices\",\"purchase-orders:ListPurchaseOrders\",\"purchase-orders:ViewPurchaseOrders\",\"qbusiness:GetApplication\",\"qbusiness:GetChatControlsConfiguration\",\"qbusiness:GetDataSource\",\"qbusiness:GetGroup\",\"qbusiness:GetIndex\",\"qbusiness:GetPlugin\",\"qbusiness:GetRetriever\",\"qbusiness:GetUser\",\"qbusiness:GetWebExperience\",\"qbusiness:ListApplications\",\"qbusiness:ListDataSources\",\"qbusiness:ListDataSourceSyncJobs\",\"qbusiness:ListGroups\",\"qbusiness:ListIndices\",\"qbusiness:ListPlugins\",\"qbusiness:ListRetrievers\",\"qbusiness:ListSubscriptions\",\"qbusiness:ListTagsForResource\",\"qbusiness:ListWebExperiences\",\"qldb:DescribeJournalKinesisStream\",\"qldb:DescribeJournalS3Export\",\"qldb:DescribeLedger\",\"qldb:GetBlock\",\"qldb:GetDigest\",\"qldb:GetRevision\",\"qldb:ListJournalKinesisStreamsForLedger\",\"qldb:ListJournalS3Exports\",\"qldb:ListJournalS3ExportsForLedger\",\"qldb:ListLedgers\",\"qldb:ListTagsForResource\",\"ram:Get*\",\"ram:List*\",\"rbin:GetRule\",\"rbin:ListRules\",\"rbin:ListTagsForResource\",\"rds:Describe*\",\"rds:Download*\",\"rds:List*\",\"redshift-serverless:GetCustomDomainAssociation\",\"redshift-serverless:GetEndpointAccess\",\"redshift-serverless:GetNamespace\",\"redshift-serverless:GetRecoveryPoint\",\"redshift-serverless:GetResourcePolicy\",\"redshift-serverless:GetScheduledAction\",\"redshift-serverless:GetSnapshot\",\"redshift-serverless:GetTableRestoreStatus\",\"redshift-serverless:GetUsageLimit\",\"redshift-serverless:GetWorkgroup\",\"redshift-serverless:ListCustomDomainAssociations\",\"redshift-serverless:ListEndpointAccess\",\"redshift-serverless:ListNamespaces\",\"redshift-serverless:ListRecoveryPoints\",\"redshift-serverless:ListScheduledActions\",\"redshift-serverless:ListSnapshotCopyConfigurations\",\"redshift-serverless:ListSnapshots\",\"redshift-serverless:ListTableRestoreStatus\",\"redshift-serverless:ListTagsForResource\",\"redshift-serverless:ListUsageLimits\",\"redshift-serverless:ListWorkgroups\",\"redshift:Describe*\",\"redshift:GetReservedNodeExchangeOfferings\",\"redshift:ListRecommendations\",\"redshift:View*\",\"refactor-spaces:GetApplication\",\"refactor-spaces:GetEnvironment\",\"refactor-spaces:GetResourcePolicy\",\"refactor-spaces:GetRoute\",\"refactor-spaces:GetService\",\"refactor-spaces:ListApplications\",\"refactor-spaces:ListEnvironments\",\"refactor-spaces:ListEnvironmentVpcs\",\"refactor-spaces:ListRoutes\",\"refactor-spaces:ListServices\",\"refactor-spaces:ListTagsForResource\",\"rekognition:CompareFaces\",\"rekognition:DescribeDataset\",\"rekognition:DescribeProjects\",\"rekognition:DescribeProjectVersions\",\"rekognition:DescribeStreamProcessor\",\"rekognition:Detect*\",\"rekognition:GetCelebrityInfo\",\"rekognition:GetCelebrityRecognition\",\"rekognition:GetContentModeration\",\"rekognition:GetFaceDetection\",\"rekognition:GetFaceSearch\",\"rekognition:GetLabelDetection\",\"rekognition:GetPersonTracking\",\"rekognition:GetSegmentDetection\",\"rekognition:GetTextDetection\",\"rekognition:List*\",\"rekognition:RecognizeCelebrities\",\"rekognition:Search*\",\"resiliencehub:DescribeApp\",\"resiliencehub:DescribeAppAssessment\",\"resiliencehub:DescribeAppVersion\",\"resiliencehub:DescribeAppVersionAppComponent\",\"resiliencehub:DescribeAppVersionResource\",\"resiliencehub:DescribeAppVersionResourcesResolutionStatus\",\"resiliencehub:DescribeAppVersionTemplate\",\"resiliencehub:DescribeDraftAppVersionResourcesImportStatus\",\"resiliencehub:DescribeResiliencyPolicy\",\"resiliencehub:DescribeResourceGroupingRecommendationTask\",\"resiliencehub:ListAlarmRecommendations\",\"resiliencehub:ListAppAssessmentComplianceDrifts\",\"resiliencehub:ListAppAssessmentResourceDrifts\",\"resiliencehub:ListAppAssessments\",\"resiliencehub:ListAppComponentCompliances\",\"resiliencehub:ListAppComponentRecommendations\",\"resiliencehub:ListAppInputSources\",\"resiliencehub:ListApps\",\"resiliencehub:ListAppVersionAppComponents\",\"resiliencehub:ListAppVersionResourceMappings\",\"resiliencehub:ListAppVersionResources\",\"resiliencehub:ListAppVersions\",\"resiliencehub:ListRecommendationTemplates\",\"resiliencehub:ListResiliencyPolicies\",\"resiliencehub:ListResourceGroupingRecommendations\",\"resiliencehub:ListSopRecommendations\",\"resiliencehub:ListSuggestedResiliencyPolicies\",\"resiliencehub:ListTagsForResource\",\"resiliencehub:ListTestRecommendations\",\"resiliencehub:ListUnsupportedAppVersionResources\",\"resource-explorer-2:BatchGetView\",\"resource-explorer-2:GetDefaultView\",\"resource-explorer-2:GetIndex\",\"resource-explorer-2:GetView\",\"resource-explorer-2:ListIndexes\",\"resource-explorer-2:ListSupportedResourceTypes\",\"resource-explorer-2:ListTagsForResource\",\"resource-explorer-2:ListViews\",\"resource-explorer-2:Search\",\"resource-groups:Get*\",\"resource-groups:List*\",\"resource-groups:Search*\",\"robomaker:BatchDescribe*\",\"robomaker:Describe*\",\"robomaker:Get*\",\"robomaker:List*\",\"route53-recovery-cluster:Get*\",\"route53-recovery-cluster:ListRoutingControls\",\"route53-recovery-control-config:Describe*\",\"route53-recovery-control-config:GetResourcePolicy\",\"route53-recovery-control-config:List*\",\"route53-recovery-readiness:Get*\",\"route53-recovery-readiness:List*\",\"route53:Get*\",\"route53:List*\",\"route53:Test*\",\"route53domains:Check*\",\"route53domains:Get*\",\"route53domains:List*\",\"route53domains:View*\",\"route53profiles:GetProfile\",\"route53profiles:GetProfileAssociation\",\"route53profiles:GetProfileResourceAssociation\",\"route53profiles:ListProfileAssociations\",\"route53profiles:ListProfileResourceAssociations\",\"route53profiles:ListProfiles\",\"route53profiles:ListTagsForResource\",\"route53resolver:Get*\",\"route53resolver:List*\",\"rum:GetAppMonitor\",\"rum:GetAppMonitorData\",\"rum:ListAppMonitors\",\"s3-object-lambda:GetObject\",\"s3-object-lambda:GetObjectAcl\",\"s3-object-lambda:GetObjectLegalHold\",\"s3-object-lambda:GetObjectRetention\",\"s3-object-lambda:GetObjectTagging\",\"s3-object-lambda:GetObjectVersion\",\"s3-object-lambda:GetObjectVersionAcl\",\"s3-object-lambda:GetObjectVersionTagging\",\"s3-object-lambda:ListBucket\",\"s3-object-lambda:ListBucketMultipartUploads\",\"s3-object-lambda:ListBucketVersions\",\"s3-object-lambda:ListMultipartUploadParts\",\"s3-outposts:GetAccessPoint\",\"s3-outposts:GetAccessPointPolicy\",\"s3-outposts:GetBucket\",\"s3-outposts:GetBucketPolicy\",\"s3-outposts:GetBucketTagging\",\"s3-outposts:GetBucketVersioning\",\"s3-outposts:GetLifecycleConfiguration\",\"s3-outposts:GetObject\",\"s3-outposts:GetObjectTagging\",\"s3-outposts:GetObjectVersion\",\"s3-outposts:GetObjectVersionForReplication\",\"s3-outposts:GetObjectVersionTagging\",\"s3-outposts:GetReplicationConfiguration\",\"s3-outposts:ListAccessPoints\",\"s3-outposts:ListBucket\",\"s3-outposts:ListBucketMultipartUploads\",\"s3-outposts:ListBucketVersions\",\"s3-outposts:ListEndpoints\",\"s3-outposts:ListMultipartUploadParts\",\"s3-outposts:ListOutpostsWithS3\",\"s3-outposts:ListRegionalBuckets\",\"s3-outposts:ListSharedEndpoints\",\"s3:DescribeJob\",\"s3:Get*\",\"s3:List*\",\"sagemaker-groundtruth-synthetic:GetAccountDetails\",\"sagemaker-groundtruth-synthetic:GetBatch\",\"sagemaker-groundtruth-synthetic:GetProject\",\"sagemaker-groundtruth-synthetic:ListBatchDataTransfers\",\"sagemaker-groundtruth-synthetic:ListBatchSummaries\",\"sagemaker-groundtruth-synthetic:ListProjectDataTransfers\",\"sagemaker-groundtruth-synthetic:ListProjectSummaries\",\"sagemaker:Describe*\",\"sagemaker:GetSearchSuggestions\",\"sagemaker:List*\",\"sagemaker:Search\",\"savingsplans:DescribeSavingsPlanRates\",\"savingsplans:DescribeSavingsPlans\",\"savingsplans:DescribeSavingsPlansOfferingRates\",\"savingsplans:DescribeSavingsPlansOfferings\",\"savingsplans:ListTagsForResource\",\"scheduler:GetSchedule\",\"scheduler:GetScheduleGroup\",\"scheduler:ListScheduleGroups\",\"scheduler:ListSchedules\",\"scheduler:ListTagsForResource\",\"schemas:Describe*\",\"schemas:Get*\",\"schemas:List*\",\"schemas:Search*\",\"sdb:Get*\",\"sdb:List*\",\"sdb:Select*\",\"secretsmanager:Describe*\",\"secretsmanager:GetResourcePolicy\",\"secretsmanager:List*\",\"securityhub:BatchGetAutomationRules\",\"securityhub:BatchGetConfigurationPolicyAssociations\",\"securityhub:BatchGetControlEvaluations\",\"securityhub:BatchGetSecurityControls\",\"securityhub:BatchGetStandardsControlAssociations\",\"securityhub:Describe*\",\"securityhub:Get*\",\"securityhub:List*\",\"securitylake:GetDataLakeExceptionSubscription\",\"securitylake:GetDataLakeOrganizationConfiguration\",\"securitylake:GetDataLakeSources\",\"securitylake:GetSubscriber\",\"securitylake:ListDataLakeExceptions\",\"securitylake:ListDataLakes\",\"securitylake:ListLogSources\",\"securitylake:ListSubscribers\",\"securitylake:ListTagsForResource\",\"serverlessrepo:Get*\",\"serverlessrepo:List*\",\"serverlessrepo:SearchApplications\",\"servicecatalog:Describe*\",\"servicecatalog:GetApplication\",\"servicecatalog:GetAttributeGroup\",\"servicecatalog:List*\",\"servicecatalog:Scan*\",\"servicecatalog:Search*\",\"servicediscovery:DiscoverInstances\",\"servicediscovery:DiscoverInstancesRevision\",\"servicediscovery:Get*\",\"servicediscovery:List*\",\"servicequotas:GetAssociationForServiceQuotaTemplate\",\"servicequotas:GetAWSDefaultServiceQuota\",\"servicequotas:GetRequestedServiceQuotaChange\",\"servicequotas:GetServiceQuota\",\"servicequotas:GetServiceQuotaIncreaseRequestFromTemplate\",\"servicequotas:ListAWSDefaultServiceQuotas\",\"servicequotas:ListRequestedServiceQuotaChangeHistory\",\"servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota\",\"servicequotas:ListServiceQuotaIncreaseRequestsInTemplate\",\"servicequotas:ListServiceQuotas\",\"servicequotas:ListServices\",\"ses:BatchGetMetricData\",\"ses:Describe*\",\"ses:Get*\",\"ses:List*\",\"shield:Describe*\",\"shield:Get*\",\"shield:List*\",\"signer:DescribeSigningJob\",\"signer:GetSigningPlatform\",\"signer:GetSigningProfile\",\"signer:ListProfilePermissions\",\"signer:ListSigningJobs\",\"signer:ListSigningPlatforms\",\"signer:ListSigningProfiles\",\"signer:ListTagsForResource\",\"signin:ListTrustedIdentityPropagationApplicationsForConsole\",\"sms-voice:DescribeAccountAttributes\",\"sms-voice:DescribeAccountLimits\",\"sms-voice:DescribeConfigurationSets\",\"sms-voice:DescribeKeywords\",\"sms-voice:DescribeOptedOutNumbers\",\"sms-voice:DescribeOptOutLists\",\"sms-voice:DescribePhoneNumbers\",\"sms-voice:DescribePools\",\"sms-voice:DescribeSenderIds\",\"sms-voice:DescribeSpendLimits\",\"sms-voice:ListPoolOriginationIdentities\",\"sms-voice:ListTagsForResource\",\"snowball:Describe*\",\"snowball:Get*\",\"snowball:List*\",\"sns:Check*\",\"sns:Get*\",\"sns:List*\",\"sqs:Get*\",\"sqs:List*\",\"sqs:Receive*\",\"ssm-contacts:DescribeEngagement\",\"ssm-contacts:DescribePage\",\"ssm-contacts:GetContact\",\"ssm-contacts:GetContactChannel\",\"ssm-contacts:ListContactChannels\",\"ssm-contacts:ListContacts\",\"ssm-contacts:ListEngagements\",\"ssm-contacts:ListPageReceipts\",\"ssm-contacts:ListPagesByContact\",\"ssm-contacts:ListPagesByEngagement\",\"ssm-incidents:GetIncidentRecord\",\"ssm-incidents:GetReplicationSet\",\"ssm-incidents:GetResourcePolicies\",\"ssm-incidents:GetResponsePlan\",\"ssm-incidents:GetTimelineEvent\",\"ssm-incidents:ListIncidentRecords\",\"ssm-incidents:ListRelatedItems\",\"ssm-incidents:ListReplicationSets\",\"ssm-incidents:ListResponsePlans\",\"ssm-incidents:ListTagsForResource\",\"ssm-incidents:ListTimelineEvents\",\"ssm-sap:GetApplication\",\"ssm-sap:GetComponent\",\"ssm-sap:GetDatabase\",\"ssm-sap:GetOperation\",\"ssm-sap:GetResourcePermission\",\"ssm-sap:ListApplications\",\"ssm-sap:ListComponents\",\"ssm-sap:ListDatabases\",\"ssm-sap:ListOperationEvents\",\"ssm-sap:ListOperations\",\"ssm-sap:ListTagsForResource\",\"ssm:Describe*\",\"ssm:Get*\",\"ssm:List*\",\"sso-directory:Describe*\",\"sso-directory:List*\",\"sso-directory:Search*\",\"sso:Describe*\",\"sso:Get*\",\"sso:List*\",\"sso:Search*\",\"states:Describe*\",\"states:GetExecutionHistory\",\"states:List*\",\"states:ValidateStateMachineDefinition\",\"storagegateway:Describe*\",\"storagegateway:List*\",\"sts:GetAccessKeyInfo\",\"sts:GetCallerIdentity\",\"sts:GetSessionToken\",\"support:DescribeAttachment\",\"support:DescribeCases\",\"support:DescribeCommunications\",\"support:DescribeServices\",\"support:DescribeSeverityLevels\",\"support:DescribeTrustedAdvisorCheckRefreshStatuses\",\"support:DescribeTrustedAdvisorCheckResult\",\"support:DescribeTrustedAdvisorChecks\",\"support:DescribeTrustedAdvisorCheckSummaries\",\"supportplans:GetSupportPlan\",\"supportplans:GetSupportPlanUpdateStatus\",\"sustainability:GetCarbonFootprintSummary\",\"swf:Count*\",\"swf:Describe*\",\"swf:Get*\",\"swf:List*\",\"synthetics:Describe*\",\"synthetics:Get*\",\"synthetics:List*\",\"tag:DescribeReportCreation\",\"tag:Get*\",\"tax:GetExemptions\",\"tax:GetTaxInheritance\",\"tax:GetTaxInterview\",\"tax:GetTaxRegistration\",\"tax:GetTaxRegistrationDocument\",\"tax:ListTaxRegistrations\",\"timestream:DescribeBatchLoadTask\",\"timestream:DescribeDatabase\",\"timestream:DescribeEndpoints\",\"timestream:DescribeTable\",\"timestream:ListBatchLoadTasks\",\"timestream:ListDatabases\",\"timestream:ListMeasures\",\"timestream:ListTables\",\"timestream:ListTagsForResource\",\"tnb:GetSolFunctionInstance\",\"tnb:GetSolFunctionPackage\",\"tnb:GetSolFunctionPackageContent\",\"tnb:GetSolFunctionPackageDescriptor\",\"tnb:GetSolNetworkInstance\",\"tnb:GetSolNetworkOperation\",\"tnb:GetSolNetworkPackage\",\"tnb:GetSolNetworkPackageContent\",\"tnb:GetSolNetworkPackageDescriptor\",\"tnb:ListSolFunctionInstances\",\"tnb:ListSolFunctionPackages\",\"tnb:ListSolNetworkInstances\",\"tnb:ListSolNetworkOperations\",\"tnb:ListSolNetworkPackages\",\"tnb:ListTagsForResource\",\"transcribe:Get*\",\"transcribe:List*\",\"transfer:Describe*\",\"transfer:List*\",\"transfer:TestIdentityProvider\",\"translate:DescribeTextTranslationJob\",\"translate:GetParallelData\",\"translate:GetTerminology\",\"translate:ListParallelData\",\"translate:ListTerminologies\",\"translate:ListTextTranslationJobs\",\"trustedadvisor:Describe*\",\"trustedadvisor:GetOrganizationRecommendation\",\"trustedadvisor:GetRecommendation\",\"trustedadvisor:ListChecks\",\"trustedadvisor:ListOrganizationRecommendationAccounts\",\"trustedadvisor:ListOrganizationRecommendationResources\",\"trustedadvisor:ListOrganizationRecommendations\",\"trustedadvisor:ListRecommendationResources\",\"trustedadvisor:ListRecommendations\",\"user-subscriptions:ListApplicationClaims\",\"user-subscriptions:ListClaims\",\"user-subscriptions:ListUserSubscriptions\",\"verifiedpermissions:GetIdentitySource\",\"verifiedpermissions:GetPolicy\",\"verifiedpermissions:GetPolicyStore\",\"verifiedpermissions:GetPolicyTemplate\",\"verifiedpermissions:GetSchema\",\"verifiedpermissions:IsAuthorized\",\"verifiedpermissions:IsAuthorizedWithToken\",\"verifiedpermissions:ListIdentitySources\",\"verifiedpermissions:ListPolicies\",\"verifiedpermissions:ListPolicyStores\",\"verifiedpermissions:ListPolicyTemplates\",\"vpc-lattice:GetAccessLogSubscription\",\"vpc-lattice:GetAuthPolicy\",\"vpc-lattice:GetListener\",\"vpc-lattice:GetResourcePolicy\",\"vpc-lattice:GetRule\",\"vpc-lattice:GetService\",\"vpc-lattice:GetServiceNetwork\",\"vpc-lattice:GetServiceNetworkServiceAssociation\",\"vpc-lattice:GetServiceNetworkVpcAssociation\",\"vpc-lattice:GetTargetGroup\",\"vpc-lattice:ListAccessLogSubscriptions\",\"vpc-lattice:ListListeners\",\"vpc-lattice:ListRules\",\"vpc-lattice:ListServiceNetworks\",\"vpc-lattice:ListServiceNetworkServiceAssociations\",\"vpc-lattice:ListServiceNetworkVpcAssociations\",\"vpc-lattice:ListServices\",\"vpc-lattice:ListTagsForResource\",\"vpc-lattice:ListTargetGroups\",\"vpc-lattice:ListTargets\",\"waf-regional:Get*\",\"waf-regional:List*\",\"waf:Get*\",\"waf:List*\",\"wafv2:CheckCapacity\",\"wafv2:Describe*\",\"wafv2:Get*\",\"wafv2:List*\",\"wellarchitected:ExportLens\",\"wellarchitected:GetAnswer\",\"wellarchitected:GetConsolidatedReport\",\"wellarchitected:GetLens\",\"wellarchitected:GetLensReview\",\"wellarchitected:GetLensReviewReport\",\"wellarchitected:GetLensVersionDifference\",\"wellarchitected:GetMilestone\",\"wellarchitected:GetProfile\",\"wellarchitected:GetProfileTemplate\",\"wellarchitected:GetReviewTemplate\",\"wellarchitected:GetReviewTemplateAnswer\",\"wellarchitected:GetReviewTemplateLensReview\",\"wellarchitected:GetWorkload\",\"wellarchitected:ListAnswers\",\"wellarchitected:ListCheckDetails\",\"wellarchitected:ListCheckSummaries\",\"wellarchitected:ListLenses\",\"wellarchitected:ListLensReviewImprovements\",\"wellarchitected:ListLensReviews\",\"wellarchitected:ListLensShares\",\"wellarchitected:ListMilestones\",\"wellarchitected:ListNotifications\",\"wellarchitected:ListProfileNotifications\",\"wellarchitected:ListProfiles\",\"wellarchitected:ListProfileShares\",\"wellarchitected:ListReviewTemplateAnswers\",\"wellarchitected:ListReviewTemplates\",\"wellarchitected:ListShareInvitations\",\"wellarchitected:ListTagsForResource\",\"wellarchitected:ListTemplateShares\",\"wellarchitected:ListWorkloads\",\"wellarchitected:ListWorkloadShares\",\"workdocs:CheckAlias\",\"workdocs:Describe*\",\"workdocs:Get*\",\"workmail:Describe*\",\"workmail:Get*\",\"workmail:List*\",\"workmail:Search*\",\"workspaces-web:GetBrowserSettings\",\"workspaces-web:GetIdentityProvider\",\"workspaces-web:GetNetworkSettings\",\"workspaces-web:GetPortal\",\"workspaces-web:GetPortalServiceProviderMetadata\",\"workspaces-web:GetTrustStore\",\"workspaces-web:GetUserAccessLoggingSettings\",\"workspaces-web:GetUserSettings\",\"workspaces-web:ListBrowserSettings\",\"workspaces-web:ListIdentityProviders\",\"workspaces-web:ListNetworkSettings\",\"workspaces-web:ListPortals\",\"workspaces-web:ListTagsForResource\",\"workspaces-web:ListTrustStores\",\"workspaces-web:ListUserAccessLoggingSettings\",\"workspaces-web:ListUserSettings\",\"workspaces:Describe*\",\"xray:BatchGet*\",\"xray:Get*\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ReadOnlyActions\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/ReadOnlyAccess\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"DefaultVersionId\":\"v121\",\"Description\":null,\"Path\":\"/\",\"PolicyId\":\"ANPAILL3HVNFSB6DCOWYQ\",\"CreateDate\":\"2015-02-06T18:39:48Z\"},\"id\":[\"arn:aws:iam::aws:policy/ReadOnlyAccess\",\"ANPAILL3HVNFSB6DCOWYQ\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"ReadOnlyActions\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::aws:policy/ReadOnlyAccess\",\"ANPAILL3HVNFSB6DCOWYQ\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/ReadOnlyAccess\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/SecretsManagerReadWrite\",\"ANPAI3VG7CI5BIQZQ6G2E\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/SecretsManagerReadWrite\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"AttachmentCount\":2,\"CreateDate\":\"2018-04-04T18:05:29Z\",\"DefaultVersionId\":\"v5\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"SecretsManagerReadWrite\",\"roles\":null,\"Path\":\"/\",\"document\":{\"Statement\":[{\"Action\":[\"secretsmanager:*\",\"cloudformation:CreateChangeSet\",\"cloudformation:DescribeChangeSet\",\"cloudformation:DescribeStackResource\",\"cloudformation:DescribeStacks\",\"cloudformation:ExecuteChangeSet\",\"docdb-elastic:GetCluster\",\"docdb-elastic:ListClusters\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeVpcs\",\"kms:DescribeKey\",\"kms:ListAliases\",\"kms:ListKeys\",\"lambda:ListFunctions\",\"rds:DescribeDBClusters\",\"rds:DescribeDBInstances\",\"redshift:DescribeClusters\",\"redshift-serverless:ListWorkgroups\",\"redshift-serverless:GetNamespace\",\"tag:GetResources\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"BasePermissions\"},{\"Action\":[\"lambda:AddPermission\",\"lambda:CreateFunction\",\"lambda:GetFunction\",\"lambda:InvokeFunction\",\"lambda:UpdateFunctionConfiguration\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:lambda:*:*:function:SecretsManager*\",\"Sid\":\"LambdaPermissions\"},{\"Action\":[\"serverlessrepo:CreateCloudFormationChangeSet\",\"serverlessrepo:GetApplication\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:serverlessrepo:*:*:applications/SecretsManager*\",\"Sid\":\"SARPermissions\"},{\"Resource\":[\"arn:aws:s3:::awsserverlessrepo-changesets*\",\"arn:aws:s3:::secrets-manager-rotation-apps-*/*\"],\"Sid\":\"S3Permissions\",\"Action\":[\"s3:GetObject\"],\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"Description\":null,\"UpdateDate\":\"2024-02-22T18:12:06Z\",\"Arn\":\"arn:aws:iam::aws:policy/SecretsManagerReadWrite\",\"PolicyId\":\"ANPAI3VG7CI5BIQZQ6G2E\",\"Tags\":null},\"id\":[\"arn:aws:iam::aws:policy/SecretsManagerReadWrite\",\"ANPAI3VG7CI5BIQZQ6G2E\"],\"name\":\"SecretsManagerReadWrite\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"BasePermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"LambdaPermissions\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:lambda:*:*:function:SecretsManager*\"]},{\"version\":\"2012-10-17\",\"id\":\"SARPermissions\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:serverlessrepo:*:*:applications/SecretsManager*\"]},{\"version\":\"2012-10-17\",\"id\":\"S3Permissions\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"logs:CreateLogGroup\",\"logs:PutRetentionPolicy\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:*:*:log-group:RDS*\"],\"Sid\":\"EnableCreationAndManagementOfRDSCloudwatchLogGroups\"},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:*:*:log-group:RDS*:log-stream:*\"],\"Sid\":\"EnableCreationAndManagementOfRDSCloudwatchLogStreams\",\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\",\"logs:DescribeLogStreams\",\"logs:GetLogEvents\"]}]},\"IsAttachable\":true,\"PolicyName\":\"AmazonRDSEnhancedMonitoringRole\",\"Tags\":null,\"roles\":null,\"AttachmentCount\":1,\"Path\":\"/service-role/\",\"PolicyId\":\"ANPAJV7BS425S4PTSSVGK\",\"UpdateDate\":\"2015-11-11T19:58:29Z\",\"CreateDate\":\"2015-11-11T19:58:29Z\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"Arn\":\"arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole\",\"DefaultVersionId\":\"v1\"},\"id\":[\"arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole\",\"ANPAJV7BS425S4PTSSVGK\"],\"name\":\"AmazonRDSEnhancedMonitoringRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"EnableCreationAndManagementOfRDSCloudwatchLogGroups\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"EnableCreationAndManagementOfRDSCloudwatchLogStreams\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole\",\"ANPAJV7BS425S4PTSSVGK\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonECS_FullAccess\",\"ANPAJ7S7AN6YQPTJC7IFS\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonECS_FullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AmazonECS_FullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/AmazonECS_FullAccess\",\"Description\":null,\"PolicyName\":\"AmazonECS_FullAccess\",\"document\":{\"Statement\":[{\"Resource\":[\"*\"],\"Sid\":\"ECSIntegrationsManagementPolicy\",\"Action\":[\"application-autoscaling:DeleteScalingPolicy\",\"application-autoscaling:DeregisterScalableTarget\",\"application-autoscaling:DescribeScalableTargets\",\"application-autoscaling:DescribeScalingActivities\",\"application-autoscaling:DescribeScalingPolicies\",\"application-autoscaling:PutScalingPolicy\",\"application-autoscaling:RegisterScalableTarget\",\"appmesh:DescribeVirtualGateway\",\"appmesh:DescribeVirtualNode\",\"appmesh:ListMeshes\",\"appmesh:ListVirtualGateways\",\"appmesh:ListVirtualNodes\",\"autoscaling:CreateAutoScalingGroup\",\"autoscaling:CreateLaunchConfiguration\",\"autoscaling:DeleteAutoScalingGroup\",\"autoscaling:DeleteLaunchConfiguration\",\"autoscaling:Describe*\",\"autoscaling:UpdateAutoScalingGroup\",\"cloudformation:CreateStack\",\"cloudformation:DeleteStack\",\"cloudformation:DescribeStack*\",\"cloudformation:UpdateStack\",\"cloudwatch:DeleteAlarms\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:GetMetricStatistics\",\"cloudwatch:PutMetricAlarm\",\"codedeploy:BatchGetApplicationRevisions\",\"codedeploy:BatchGetApplications\",\"codedeploy:BatchGetDeploymentGroups\",\"codedeploy:BatchGetDeployments\",\"codedeploy:ContinueDeployment\",\"codedeploy:CreateApplication\",\"codedeploy:CreateDeployment\",\"codedeploy:CreateDeploymentGroup\",\"codedeploy:GetApplication\",\"codedeploy:GetApplicationRevision\",\"codedeploy:GetDeployment\",\"codedeploy:GetDeploymentConfig\",\"codedeploy:GetDeploymentGroup\",\"codedeploy:GetDeploymentTarget\",\"codedeploy:ListApplicationRevisions\",\"codedeploy:ListApplications\",\"codedeploy:ListDeploymentConfigs\",\"codedeploy:ListDeploymentGroups\",\"codedeploy:ListDeployments\",\"codedeploy:ListDeploymentTargets\",\"codedeploy:RegisterApplicationRevision\",\"codedeploy:StopDeployment\",\"ec2:AssociateRouteTable\",\"ec2:AttachInternetGateway\",\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:CancelSpotFleetRequests\",\"ec2:CreateInternetGateway\",\"ec2:CreateLaunchTemplate\",\"ec2:CreateRoute\",\"ec2:CreateRouteTable\",\"ec2:CreateSecurityGroup\",\"ec2:CreateSubnet\",\"ec2:CreateVpc\",\"ec2:DeleteLaunchTemplate\",\"ec2:DeleteSubnet\",\"ec2:DeleteVpc\",\"ec2:Describe*\",\"ec2:DetachInternetGateway\",\"ec2:DisassociateRouteTable\",\"ec2:ModifySubnetAttribute\",\"ec2:ModifyVpcAttribute\",\"ec2:RequestSpotFleet\",\"ec2:RunInstances\",\"ecs:*\",\"elasticfilesystem:DescribeAccessPoints\",\"elasticfilesystem:DescribeFileSystems\",\"elasticloadbalancing:CreateListener\",\"elasticloadbalancing:CreateLoadBalancer\",\"elasticloadbalancing:CreateRule\",\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:DeleteLoadBalancer\",\"elasticloadbalancing:DeleteRule\",\"elasticloadbalancing:DeleteTargetGroup\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeTargetGroups\",\"events:DeleteRule\",\"events:DescribeRule\",\"events:ListRuleNamesByTarget\",\"events:ListTargetsByRule\",\"events:PutRule\",\"events:PutTargets\",\"events:RemoveTargets\",\"fsx:DescribeFileSystems\",\"iam:ListAttachedRolePolicies\",\"iam:ListInstanceProfiles\",\"iam:ListRoles\",\"lambda:ListFunctions\",\"logs:CreateLogGroup\",\"logs:DescribeLogGroups\",\"logs:FilterLogEvents\",\"route53:CreateHostedZone\",\"route53:DeleteHostedZone\",\"route53:GetHealthCheck\",\"route53:GetHostedZone\",\"route53:ListHostedZonesByName\",\"servicediscovery:CreatePrivateDnsNamespace\",\"servicediscovery:CreateService\",\"servicediscovery:DeleteService\",\"servicediscovery:GetNamespace\",\"servicediscovery:GetOperation\",\"servicediscovery:GetService\",\"servicediscovery:ListNamespaces\",\"servicediscovery:ListServices\",\"servicediscovery:UpdateService\",\"sns:ListTopics\"],\"Effect\":\"Allow\"},{\"Action\":[\"ssm:GetParameter\",\"ssm:GetParameters\",\"ssm:GetParametersByPath\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:*:*:parameter/aws/service/ecs*\",\"Sid\":\"SSMPolicy\"},{\"Sid\":\"ManagedCloudformationResourcesCleanupPolicy\",\"Action\":[\"ec2:DeleteInternetGateway\",\"ec2:DeleteRoute\",\"ec2:DeleteRouteTable\",\"ec2:DeleteSecurityGroup\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/aws:cloudformation:stack-name\":\"EC2ContainerService-*\"}},\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":\"iam:PassRole\",\"Condition\":{\"StringLike\":{\"iam:PassedToService\":\"ecs-tasks.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":[\"*\"],\"Sid\":\"TasksPassRolePolicy\"},{\"Action\":\"iam:PassRole\",\"Condition\":{\"StringEquals\":{\"iam:PassedToService\":\"ecs.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::*:role/ecsInfrastructureRole\"],\"Sid\":\"InfrastructurePassRolePolicy\"},{\"Action\":\"iam:PassRole\",\"Condition\":{\"StringLike\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\",\"ec2.amazonaws.com.cn\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::*:role/ecsInstanceRole*\"],\"Sid\":\"InstancePassRolePolicy\"},{\"Action\":\"iam:PassRole\",\"Condition\":{\"StringLike\":{\"iam:PassedToService\":[\"application-autoscaling.amazonaws.com\",\"application-autoscaling.amazonaws.com.cn\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::*:role/ecsAutoscaleRole*\"],\"Sid\":\"AutoScalingPassRolePolicy\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ServiceLinkedRoleCreationPolicy\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringLike\":{\"iam:AWSServiceName\":[\"ecs.amazonaws.com\",\"autoscaling.amazonaws.com\",\"ecs.application-autoscaling.amazonaws.com\",\"spot.amazonaws.com\",\"spotfleet.amazonaws.com\"]}}},{\"Action\":[\"elasticloadbalancing:AddTags\"],\"Condition\":{\"StringEquals\":{\"elasticloadbalancing:CreateAction\":[\"CreateTargetGroup\",\"CreateRule\",\"CreateListener\",\"CreateLoadBalancer\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ELBTaggingPolicy\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":3,\"DefaultVersionId\":\"v21\",\"Path\":\"/\",\"CreateDate\":\"2017-11-07T21:36:54Z\",\"PolicyId\":\"ANPAJ7S7AN6YQPTJC7IFS\",\"Tags\":null,\"roles\":null,\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2024-08-13T19:39:37Z\"},\"id\":[\"arn:aws:iam::aws:policy/AmazonECS_FullAccess\",\"ANPAJ7S7AN6YQPTJC7IFS\"]},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"ECSIntegrationsManagementPolicy\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"SSMPolicy\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ssm:*:*:parameter/aws/service/ecs*\"]},{\"version\":\"2012-10-17\",\"id\":\"ManagedCloudformationResourcesCleanupPolicy\",\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"ec2:ResourceTag/aws:cloudformation:stack-name\":\"EC2ContainerService-*\"}}},{\"version\":\"2012-10-17\",\"id\":\"TasksPassRolePolicy\",\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"],\"condition\":{\"StringLike\":{\"iam:PassedToService\":\"ecs-tasks.amazonaws.com\"}}},{\"action\":[\"iam:PassRole\"],\"condition\":{\"StringEquals\":{\"iam:PassedToService\":\"ecs.amazonaws.com\"}},\"version\":\"2012-10-17\",\"id\":\"InfrastructurePassRolePolicy\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"],\"condition\":{\"StringLike\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\",\"ec2.amazonaws.com.cn\"]}},\"version\":\"2012-10-17\",\"id\":\"InstancePassRolePolicy\"},{\"version\":\"2012-10-17\",\"id\":\"AutoScalingPassRolePolicy\",\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"],\"condition\":{\"StringLike\":{\"iam:PassedToService\":[\"application-autoscaling.amazonaws.com\",\"application-autoscaling.amazonaws.com.cn\"]}}},{\"condition\":{\"StringLike\":{\"iam:AWSServiceName\":[\"ecs.amazonaws.com\",\"autoscaling.amazonaws.com\",\"ecs.application-autoscaling.amazonaws.com\",\"spot.amazonaws.com\",\"spotfleet.amazonaws.com\"]}},\"version\":\"2012-10-17\",\"id\":\"ServiceLinkedRoleCreationPolicy\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"ELBTaggingPolicy\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"elasticloadbalancing:CreateAction\":[\"CreateTargetGroup\",\"CreateRule\",\"CreateListener\",\"CreateLoadBalancer\"]}}}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\"ANPAIBTLDQMIC6UOIGFWA\"],\"name\":\"AmazonEKSClusterPolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2018-05-27T21:06:14Z\",\"PolicyId\":\"ANPAIBTLDQMIC6UOIGFWA\",\"roles\":null,\"AttachmentCount\":74,\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"UpdateDate\":\"2024-11-01T17:39:00Z\",\"Arn\":\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\"DefaultVersionId\":\"v7\",\"Path\":\"/\",\"Description\":null,\"PolicyName\":\"AmazonEKSClusterPolicy\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"autoscaling:DescribeAutoScalingGroups\",\"autoscaling:UpdateAutoScalingGroup\",\"ec2:AttachVolume\",\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:CreateRoute\",\"ec2:CreateSecurityGroup\",\"ec2:CreateTags\",\"ec2:CreateVolume\",\"ec2:DeleteRoute\",\"ec2:DeleteSecurityGroup\",\"ec2:DeleteVolume\",\"ec2:DescribeInstances\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeVolumes\",\"ec2:DescribeVolumesModifications\",\"ec2:DescribeVpcs\",\"ec2:DescribeDhcpOptions\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeAvailabilityZones\",\"ec2:DetachVolume\",\"ec2:ModifyInstanceAttribute\",\"ec2:ModifyVolume\",\"ec2:RevokeSecurityGroupIngress\",\"ec2:DescribeAccountAttributes\",\"ec2:DescribeAddresses\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeInstanceTopology\",\"elasticloadbalancing:AddTags\",\"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer\",\"elasticloadbalancing:AttachLoadBalancerToSubnets\",\"elasticloadbalancing:ConfigureHealthCheck\",\"elasticloadbalancing:CreateListener\",\"elasticloadbalancing:CreateLoadBalancer\",\"elasticloadbalancing:CreateLoadBalancerListeners\",\"elasticloadbalancing:CreateLoadBalancerPolicy\",\"elasticloadbalancing:CreateTargetGroup\",\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:DeleteLoadBalancer\",\"elasticloadbalancing:DeleteLoadBalancerListeners\",\"elasticloadbalancing:DeleteTargetGroup\",\"elasticloadbalancing:DeregisterInstancesFromLoadBalancer\",\"elasticloadbalancing:DeregisterTargets\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeLoadBalancerPolicies\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticloadbalancing:DetachLoadBalancerFromSubnets\",\"elasticloadbalancing:ModifyListener\",\"elasticloadbalancing:ModifyLoadBalancerAttributes\",\"elasticloadbalancing:ModifyTargetGroup\",\"elasticloadbalancing:ModifyTargetGroupAttributes\",\"elasticloadbalancing:RegisterInstancesWithLoadBalancer\",\"elasticloadbalancing:RegisterTargets\",\"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer\",\"elasticloadbalancing:SetLoadBalancerPoliciesOfListener\",\"kms:DescribeKey\"]},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"elasticloadbalancing.amazonaws.com\"}}}],\"Version\":\"2012-10-17\"}}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"elasticloadbalancing.amazonaws.com\"}}}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\"ANPAIBTLDQMIC6UOIGFWA\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"action\":[\"ecs:TagResource\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"ecs:CreateAction\":[\"CreateCluster\",\"RegisterContainerInstance\"]}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\",\"ANPAJLYJCVHC7TQHCSQDS\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"IsAttachable\":true,\"roles\":null,\"CreateDate\":\"2015-03-19T18:45:18Z\",\"UpdateDate\":\"2023-03-06T22:19:04Z\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:DescribeTags\",\"ecs:CreateCluster\",\"ecs:DeregisterContainerInstance\",\"ecs:DiscoverPollEndpoint\",\"ecs:Poll\",\"ecs:RegisterContainerInstance\",\"ecs:StartTelemetrySession\",\"ecs:UpdateContainerInstancesState\",\"ecs:Submit*\",\"ecr:GetAuthorizationToken\",\"ecr:BatchCheckLayerAvailability\",\"ecr:GetDownloadUrlForLayer\",\"ecr:BatchGetImage\",\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ecs:TagResource\",\"Condition\":{\"StringEquals\":{\"ecs:CreateAction\":[\"CreateCluster\",\"RegisterContainerInstance\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"DefaultVersionId\":\"v7\",\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAJLYJCVHC7TQHCSQDS\",\"Arn\":\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\",\"PolicyName\":\"AmazonEC2ContainerServiceforEC2Role\",\"Tags\":null},\"id\":[\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\",\"ANPAJLYJCVHC7TQHCSQDS\"],\"name\":\"AmazonEC2ContainerServiceforEC2Role\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy\",\"ANPAJNVASSNSIDZIP4X7I\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"CreateDate\":\"2017-11-17T00:42:04Z\",\"PermissionsBoundaryUsageCount\":0,\"roles\":null,\"Description\":null,\"IsAttachable\":true,\"Path\":\"/aws-service-role/\",\"PolicyId\":\"ANPAJNVASSNSIDZIP4X7I\",\"UpdateDate\":\"2017-11-17T00:42:04Z\",\"DefaultVersionId\":\"v1\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy\",\"PolicyName\":\"CloudWatchEventsServiceRolePolicy\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"cloudwatch:DescribeAlarms\",\"ec2:DescribeInstanceStatus\",\"ec2:DescribeInstances\",\"ec2:DescribeSnapshots\",\"ec2:DescribeVolumeStatus\",\"ec2:DescribeVolumes\",\"ec2:RebootInstances\",\"ec2:StopInstances\",\"ec2:TerminateInstances\",\"ec2:CreateSnapshot\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy\",\"ANPAJNVASSNSIDZIP4X7I\"],\"name\":\"CloudWatchEventsServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly\",\"ANPAIFWG3L3WDMR4I7ZJW\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"tags\":null,\"raw\":{\"PolicyName\":\"QuickSightAccessForS3StorageManagementAnalyticsReadOnly\",\"Tags\":null,\"UpdateDate\":\"2019-10-08T23:53:11Z\",\"document\":{\"Statement\":[{\"Resource\":[\"arn:aws:s3:::s3-analytics-export-shared-*\"],\"Action\":[\"s3:GetObject\"],\"Effect\":\"Allow\"},{\"Action\":[\"s3:GetAnalyticsConfiguration\",\"s3:ListAllMyBuckets\",\"s3:GetBucketLocation\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"PolicyId\":\"ANPAIFWG3L3WDMR4I7ZJW\",\"DefaultVersionId\":\"v4\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"roles\":null,\"Description\":null,\"Path\":\"/service-role/\",\"Arn\":\"arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly\",\"CreateDate\":\"2017-06-12T18:18:38Z\"},\"id\":[\"arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly\",\"ANPAIFWG3L3WDMR4I7ZJW\"],\"name\":\"QuickSightAccessForS3StorageManagementAnalyticsReadOnly\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/IAMReadOnlyAccess\",\"ANPAJKSO7NDY4T57MWDSQ\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/IAMReadOnlyAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/IAMReadOnlyAccess\",\"CreateDate\":\"2015-02-06T18:40:39Z\",\"PolicyId\":\"ANPAJKSO7NDY4T57MWDSQ\",\"DefaultVersionId\":\"v4\",\"Description\":null,\"IsAttachable\":true,\"Tags\":null,\"UpdateDate\":\"2018-01-25T19:11:27Z\",\"roles\":null,\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Action\":[\"iam:GenerateCredentialReport\",\"iam:GenerateServiceLastAccessedDetails\",\"iam:Get*\",\"iam:List*\",\"iam:SimulateCustomPolicy\",\"iam:SimulatePrincipalPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"Path\":\"/\",\"PolicyName\":\"IAMReadOnlyAccess\"},\"id\":[\"arn:aws:iam::aws:policy/IAMReadOnlyAccess\",\"ANPAJKSO7NDY4T57MWDSQ\"],\"name\":\"IAMReadOnlyAccess\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Description\":null,\"PolicyId\":\"ANPAIICZJNOJN36GTG6CM\",\"document\":{\"Statement\":[{\"Sid\":\"AmazonVPCReadOnlyAccess\",\"Action\":[\"ec2:DescribeAccountAttributes\",\"ec2:DescribeAddresses\",\"ec2:DescribeCarrierGateways\",\"ec2:DescribeClassicLinkInstances\",\"ec2:DescribeCustomerGateways\",\"ec2:DescribeDhcpOptions\",\"ec2:DescribeEgressOnlyInternetGateways\",\"ec2:DescribeFlowLogs\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeLocalGatewayRouteTables\",\"ec2:DescribeLocalGatewayRouteTableVpcAssociations\",\"ec2:DescribeMovingAddresses\",\"ec2:DescribeNatGateways\",\"ec2:DescribeNetworkAcls\",\"ec2:DescribeNetworkInterfaceAttribute\",\"ec2:DescribeNetworkInterfacePermissions\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribePrefixLists\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSecurityGroupReferences\",\"ec2:DescribeSecurityGroupRules\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeStaleSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeTags\",\"ec2:DescribeVpcAttribute\",\"ec2:DescribeVpcClassicLink\",\"ec2:DescribeVpcClassicLinkDnsSupport\",\"ec2:DescribeVpcEndpoints\",\"ec2:DescribeVpcEndpointConnectionNotifications\",\"ec2:DescribeVpcEndpointConnections\",\"ec2:DescribeVpcEndpointServiceConfigurations\",\"ec2:DescribeVpcEndpointServicePermissions\",\"ec2:DescribeVpcEndpointServices\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpnConnections\",\"ec2:DescribeVpnGateways\",\"ec2:GetSecurityGroupsForVpc\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"PolicyName\":\"AmazonVPCReadOnlyAccess\",\"UpdateDate\":\"2024-02-08T17:08:19Z\",\"CreateDate\":\"2015-02-06T18:41:17Z\",\"DefaultVersionId\":\"v9\",\"IsAttachable\":true,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"Arn\":\"arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess\",\"AttachmentCount\":1,\"Tags\":null,\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess\",\"ANPAIICZJNOJN36GTG6CM\"],\"name\":\"AmazonVPCReadOnlyAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AmazonVPCReadOnlyAccess\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess\",\"ANPAIICZJNOJN36GTG6CM\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"resource_policies\":[{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"aws-glue-service-resource\"]}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\"ANPAIRUJCPEBPMEZFAS32\"],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AWSGlueServiceRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"DefaultVersionId\":\"v5\",\"Tags\":null,\"CreateDate\":\"2017-08-14T13:37:21Z\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAIRUJCPEBPMEZFAS32\",\"roles\":null,\"PolicyName\":\"AWSGlueServiceRole\",\"document\":{\"Statement\":[{\"Action\":[\"glue:*\",\"s3:GetBucketLocation\",\"s3:ListBucket\",\"s3:ListAllMyBuckets\",\"s3:GetBucketAcl\",\"ec2:DescribeVpcEndpoints\",\"ec2:DescribeRouteTables\",\"ec2:CreateNetworkInterface\",\"ec2:DeleteNetworkInterface\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeVpcAttribute\",\"iam:ListRolePolicies\",\"iam:GetRole\",\"iam:GetRolePolicy\",\"cloudwatch:PutMetricData\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"s3:CreateBucket\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::aws-glue-*\"]},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::aws-glue-*/*\",\"arn:aws:s3:::*/*aws-glue-*/*\"],\"Action\":[\"s3:GetObject\",\"s3:PutObject\",\"s3:DeleteObject\"]},{\"Action\":[\"s3:GetObject\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::crawler-public*\",\"arn:aws:s3:::aws-glue-*\"]},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:logs:*:*:*:/aws-glue/*\"],\"Action\":[\"logs:CreateLogGroup\",\"logs:CreateLogStream\",\"logs:PutLogEvents\"]},{\"Action\":[\"ec2:CreateTags\",\"ec2:DeleteTags\"],\"Condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"aws-glue-service-resource\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:network-interface/*\",\"arn:aws:ec2:*:*:security-group/*\",\"arn:aws:ec2:*:*:instance/*\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\"Description\":null,\"IsAttachable\":true,\"Path\":\"/service-role/\",\"UpdateDate\":\"2023-09-11T16:39:47Z\"},\"id\":[\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\"ANPAIRUJCPEBPMEZFAS32\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v4\",\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2022-11-27T13:23:49Z\",\"roles\":null,\"AttachmentCount\":1,\"CreateDate\":\"2015-02-06T18:40:00Z\",\"PolicyName\":\"CloudWatchFullAccess\",\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Action\":[\"autoscaling:Describe*\",\"cloudwatch:*\",\"logs:*\",\"sns:*\",\"iam:GetPolicy\",\"iam:GetPolicyVersion\",\"iam:GetRole\",\"oam:ListSinks\"],\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringLike\":{\"iam:AWSServiceName\":\"events.amazonaws.com\"}}},{\"Action\":[\"oam:ListAttachedLinks\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:oam:*:*:sink/*\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/CloudWatchFullAccess\",\"Description\":null,\"PolicyId\":\"ANPAIKEABORKUXN6DEAZU\",\"IsAttachable\":true,\"Path\":\"/\",\"Tags\":null},\"id\":[\"arn:aws:iam::aws:policy/CloudWatchFullAccess\",\"ANPAIKEABORKUXN6DEAZU\"],\"name\":\"CloudWatchFullAccess\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*\"],\"condition\":{\"StringLike\":{\"iam:AWSServiceName\":\"events.amazonaws.com\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:oam:*:*:sink/*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/CloudWatchFullAccess\",\"ANPAIKEABORKUXN6DEAZU\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/CloudWatchFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole\",\"ANPAJNCQGXC42545SKXIK\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"CreateDate\":\"2015-04-09T15:03:43Z\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"Arn\":\"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole\",\"IsAttachable\":true,\"AttachmentCount\":3,\"document\":{\"Statement\":[{\"Action\":[\"logs:CreateLogGroup\",\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"DefaultVersionId\":\"v1\",\"Path\":\"/service-role/\",\"PolicyId\":\"ANPAJNCQGXC42545SKXIK\",\"PolicyName\":\"AWSLambdaBasicExecutionRole\",\"UpdateDate\":\"2015-04-09T15:03:43Z\",\"Description\":null},\"id\":[\"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole\",\"ANPAJNCQGXC42545SKXIK\"],\"name\":\"AWSLambdaBasicExecutionRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"document\":{\"Statement\":[{\"Action\":[\"access-analyzer:GetAnalyzer\",\"access-analyzer:GetArchiveRule\",\"access-analyzer:ListAnalyzers\",\"access-analyzer:ListArchiveRules\",\"access-analyzer:ListTagsForResource\",\"account:GetAlternateContact\",\"acm-pca:DescribeCertificateAuthority\",\"acm-pca:GetCertificateAuthorityCertificate\",\"acm-pca:GetCertificateAuthorityCsr\",\"acm-pca:ListCertificateAuthorities\",\"acm-pca:ListTags\",\"acm:DescribeCertificate\",\"acm:ListCertificates\",\"acm:ListTagsForCertificate\",\"airflow:GetEnvironment\",\"airflow:ListEnvironments\",\"airflow:ListTagsForResource\",\"amplify:GetApp\",\"amplify:GetBranch\",\"amplify:ListApps\",\"amplify:ListBranches\",\"amplifyuibuilder:ExportThemes\",\"amplifyuibuilder:GetTheme\",\"amplifyuibuilder:ListThemes\",\"aoss:BatchGetCollection\",\"aoss:BatchGetLifecyclePolicy\",\"aoss:BatchGetVpcEndpoint\",\"aoss:GetAccessPolicy\",\"aoss:GetSecurityConfig\",\"aoss:GetSecurityPolicy\",\"aoss:ListAccessPolicies\",\"aoss:ListCollections\",\"aoss:ListLifecyclePolicies\",\"aoss:ListSecurityConfigs\",\"aoss:ListSecurityPolicies\",\"aoss:ListVpcEndpoints\",\"app-integrations:GetApplication\",\"app-integrations:GetEventIntegration\",\"app-integrations:ListApplications\",\"app-integrations:ListEventIntegrationAssociations\",\"app-integrations:ListEventIntegrations\",\"app-integrations:ListTagsForResource\",\"appconfig:GetApplication\",\"appconfig:GetConfigurationProfile\",\"appconfig:GetDeployment\",\"appconfig:GetDeploymentStrategy\",\"appconfig:GetEnvironment\",\"appconfig:GetExtension\",\"appconfig:GetExtensionAssociation\",\"appconfig:GetHostedConfigurationVersion\",\"appconfig:ListApplications\",\"appconfig:ListConfigurationProfiles\",\"appconfig:ListDeployments\",\"appconfig:ListDeploymentStrategies\",\"appconfig:ListEnvironments\",\"appconfig:ListExtensionAssociations\",\"appconfig:ListExtensions\",\"appconfig:ListHostedConfigurationVersions\",\"appconfig:ListTagsForResource\",\"appflow:DescribeConnectorProfiles\",\"appflow:DescribeFlow\",\"appflow:ListFlows\",\"appflow:ListTagsForResource\",\"application-autoscaling:DescribeScalableTargets\",\"application-autoscaling:DescribeScalingPolicies\",\"appmesh:DescribeGatewayRoute\",\"appmesh:DescribeMesh\",\"appmesh:DescribeRoute\",\"appmesh:DescribeVirtualGateway\",\"appmesh:DescribeVirtualNode\",\"appmesh:DescribeVirtualRouter\",\"appmesh:DescribeVirtualService\",\"appmesh:ListGatewayRoutes\",\"appmesh:ListMeshes\",\"appmesh:ListRoutes\",\"appmesh:ListTagsForResource\",\"appmesh:ListVirtualGateways\",\"appmesh:ListVirtualNodes\",\"appmesh:ListVirtualRouters\",\"appmesh:ListVirtualServices\",\"apprunner:DescribeService\",\"apprunner:DescribeVpcConnector\",\"apprunner:ListServices\",\"apprunner:ListTagsForResource\",\"apprunner:ListVpcConnectors\",\"appstream:DescribeAppBlockBuilders\",\"appstream:DescribeApplications\",\"appstream:DescribeDirectoryConfigs\",\"appstream:DescribeFleets\",\"appstream:DescribeStacks\",\"appstream:ListTagsForResource\",\"appsync:GetApiCache\",\"appsync:GetGraphqlApi\",\"appsync:ListGraphqlApis\",\"aps:DescribeAlertManagerDefinition\",\"aps:DescribeLoggingConfiguration\",\"APS:DescribeRuleGroupsNamespace\",\"APS:DescribeWorkspace\",\"aps:ListRuleGroupsNamespaces\",\"aps:ListTagsForResource\",\"APS:ListWorkspaces\",\"athena:GetDataCatalog\",\"athena:GetPreparedStatement\",\"athena:GetWorkGroup\",\"athena:ListDataCatalogs\",\"athena:ListPreparedStatements\",\"athena:ListTagsForResource\",\"athena:ListWorkGroups\",\"auditmanager:GetAccountStatus\",\"auditmanager:GetAssessment\",\"auditmanager:ListAssessments\",\"autoscaling-plans:DescribeScalingPlanResources\",\"autoscaling-plans:DescribeScalingPlans\",\"autoscaling-plans:GetScalingPlanResourceForecastData\",\"autoscaling:DescribeAutoScalingGroups\",\"autoscaling:DescribeLaunchConfigurations\",\"autoscaling:DescribeLifecycleHooks\",\"autoscaling:DescribePolicies\",\"autoscaling:DescribeScheduledActions\",\"autoscaling:DescribeTags\",\"autoscaling:DescribeWarmPool\",\"backup-gateway:ListTagsForResource\",\"backup-gateway:ListVirtualMachines\",\"backup:DescribeBackupVault\",\"backup:DescribeFramework\",\"backup:DescribeProtectedResource\",\"backup:DescribeRecoveryPoint\",\"backup:DescribeReportPlan\",\"backup:GetBackupPlan\",\"backup:GetBackupSelection\",\"backup:GetBackupVaultAccessPolicy\",\"backup:GetBackupVaultNotifications\",\"backup:GetRestoreTestingPlan\",\"backup:GetRestoreTestingSelection\",\"backup:ListBackupPlans\",\"backup:ListBackupSelections\",\"backup:ListBackupVaults\",\"backup:ListFrameworks\",\"backup:ListRecoveryPointsByBackupVault\",\"backup:ListReportPlans\",\"backup:ListRestoreTestingPlans\",\"backup:ListRestoreTestingSelections\",\"backup:ListTags\",\"batch:DescribeComputeEnvironments\",\"batch:DescribeJobQueues\",\"batch:DescribeSchedulingPolicies\",\"batch:ListSchedulingPolicies\",\"batch:ListTagsForResource\",\"billingconductor:ListAccountAssociations\",\"billingconductor:ListBillingGroups\",\"billingconductor:ListCustomLineItems\",\"billingconductor:ListPricingPlans\",\"billingconductor:ListPricingRules\",\"billingconductor:ListPricingRulesAssociatedToPricingPlan\",\"billingconductor:ListTagsForResource\",\"budgets:DescribeBudgetAction\",\"budgets:DescribeBudgetActionsForAccount\",\"budgets:DescribeBudgetActionsForBudget\",\"budgets:ViewBudget\",\"cassandra:Select\",\"ce:GetAnomalyMonitors\",\"ce:GetAnomalySubscriptions\",\"cloud9:DescribeEnvironmentMemberships\",\"cloud9:DescribeEnvironments\",\"cloud9:ListEnvironments\",\"cloud9:ListTagsForResource\",\"cloudformation:DescribeType\",\"cloudformation:GetResource\",\"cloudformation:ListResources\",\"cloudformation:ListStackResources\",\"cloudformation:ListStacks\",\"cloudformation:ListTypes\",\"cloudfront:GetFunction\",\"cloudfront:GetOriginAccessControl\",\"cloudfront:GetResponseHeadersPolicy\",\"cloudfront:ListDistributions\",\"cloudfront:ListFunctions\",\"cloudfront:ListOriginAccessControls\",\"cloudfront:ListResponseHeadersPolicies\",\"cloudfront:ListTagsForResource\",\"cloudtrail:DescribeTrails\",\"cloudTrail:GetChannel\",\"cloudtrail:GetEventDataStore\",\"cloudtrail:GetEventSelectors\",\"cloudtrail:GetInsightSelectors\",\"cloudtrail:GetTrailStatus\",\"cloudTrail:ListChannels\",\"cloudtrail:ListEventDataStores\",\"cloudtrail:ListTags\",\"cloudtrail:ListTrails\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:DescribeAlarmsForMetric\",\"cloudwatch:DescribeAnomalyDetectors\",\"cloudwatch:GetDashboard\",\"cloudwatch:GetMetricStream\",\"cloudwatch:ListDashboards\",\"cloudwatch:ListMetricStreams\",\"cloudwatch:ListTagsForResource\",\"codeartifact:DescribeRepository\",\"codeartifact:GetRepositoryPermissionsPolicy\",\"codeartifact:ListDomains\",\"codeartifact:ListPackages\",\"codeartifact:ListPackageVersions\",\"codeartifact:ListRepositories\",\"codeartifact:ListTagsForResource\",\"codebuild:BatchGetReportGroups\",\"codebuild:ListReportGroups\",\"codecommit:GetRepository\",\"codecommit:GetRepositoryTriggers\",\"codecommit:ListRepositories\",\"codecommit:ListTagsForResource\",\"codedeploy:GetDeploymentConfig\",\"codeguru-profiler:DescribeProfilingGroup\",\"codeguru-profiler:GetNotificationConfiguration\",\"codeguru-profiler:GetPolicy\",\"codeguru-profiler:ListProfilingGroups\",\"codeguru-reviewer:DescribeRepositoryAssociation\",\"codeguru-reviewer:ListRepositoryAssociations\",\"codepipeline:GetPipeline\",\"codepipeline:GetPipelineState\",\"codepipeline:ListPipelines\",\"cognito-identity:DescribeIdentityPool\",\"cognito-identity:GetIdentityPoolRoles\",\"cognito-identity:GetPrincipalTagAttributeMap\",\"cognito-identity:ListIdentityPools\",\"cognito-identity:ListTagsForResource\",\"cognito-idp:DescribeIdentityProvider\",\"cognito-idp:DescribeResourceServer\",\"cognito-idp:DescribeUserPool\",\"cognito-idp:DescribeUserPoolClient\",\"cognito-idp:DescribeUserPoolDomain\",\"cognito-idp:GetGroup\",\"cognito-idp:GetUserPoolMfaConfig\",\"cognito-idp:ListGroups\",\"cognito-idp:ListIdentityProviders\",\"cognito-idp:ListResourceServers\",\"cognito-idp:ListTagsForResource\",\"cognito-idp:ListUserPoolClients\",\"cognito-idp:ListUserPools\",\"config:BatchGet*\",\"config:Describe*\",\"config:Get*\",\"config:List*\",\"config:Put*\",\"config:Select*\",\"connect:DescribeEvaluationForm\",\"connect:DescribeInstance\",\"connect:DescribeInstanceStorageConfig\",\"connect:DescribePhoneNumber\",\"connect:DescribePrompt\",\"connect:DescribeQueue\",\"connect:DescribeQuickConnect\",\"connect:DescribeRoutingProfile\",\"connect:DescribeRule\",\"connect:DescribeSecurityProfile\",\"connect:DescribeUser\",\"connect:GetTaskTemplate\",\"connect:ListApprovedOrigins\",\"connect:ListEvaluationForms\",\"connect:ListInstanceAttributes\",\"connect:ListInstances\",\"connect:ListInstanceStorageConfigs\",\"connect:ListIntegrationAssociations\",\"connect:ListPhoneNumbers\",\"connect:ListPhoneNumbersV2\",\"connect:ListPrompts\",\"connect:ListQueueQuickConnects\",\"connect:ListQueues\",\"connect:ListQuickConnects\",\"connect:ListRoutingProfileQueues\",\"connect:ListRoutingProfiles\",\"connect:ListRules\",\"connect:ListSecurityKeys\",\"connect:ListSecurityProfileApplications\",\"connect:ListSecurityProfilePermissions\",\"connect:ListSecurityProfiles\",\"connect:ListTagsForResource\",\"connect:ListTaskTemplates\",\"connect:ListUsers\",\"connect:SearchAvailablePhoneNumbers\",\"databrew:DescribeDataset\",\"databrew:DescribeJob\",\"databrew:DescribeProject\",\"databrew:DescribeRecipe\",\"databrew:DescribeRuleset\",\"databrew:DescribeSchedule\",\"databrew:ListDatasets\",\"databrew:ListJobs\",\"databrew:ListProjects\",\"databrew:ListRecipes\",\"databrew:ListRecipeVersions\",\"databrew:ListRulesets\",\"databrew:ListSchedules\",\"datasync:DescribeAgent\",\"datasync:DescribeLocationEfs\",\"datasync:DescribeLocationFsxLustre\",\"datasync:DescribeLocationFsxWindows\",\"datasync:DescribeLocationHdfs\",\"datasync:DescribeLocationNfs\",\"datasync:DescribeLocationObjectStorage\",\"datasync:DescribeLocationS3\",\"datasync:DescribeLocationSmb\",\"datasync:DescribeTask\",\"datasync:ListAgents\",\"datasync:ListLocations\",\"datasync:ListTagsForResource\",\"datasync:ListTasks\",\"datazone:GetDomain\",\"datazone:ListDomains\",\"dax:DescribeClusters\",\"dax:DescribeParameterGroups\",\"dax:DescribeParameters\",\"dax:DescribeSubnetGroups\",\"dax:ListTags\",\"detective:ListGraphs\",\"detective:ListTagsForResource\",\"devicefarm:GetInstanceProfile\",\"devicefarm:GetNetworkProfile\",\"devicefarm:GetProject\",\"devicefarm:GetTestGridProject\",\"devicefarm:ListInstanceProfiles\",\"devicefarm:ListNetworkProfiles\",\"devicefarm:ListProjects\",\"devicefarm:ListTagsForResource\",\"devicefarm:ListTestGridProjects\",\"devops-guru:GetResourceCollection\",\"devops-guru:ListNotificationChannels\",\"dms:DescribeCertificates\",\"dms:DescribeEndpoints\",\"dms:DescribeEventSubscriptions\",\"dms:DescribeReplicationInstances\",\"dms:DescribeReplicationSubnetGroups\",\"dms:DescribeReplicationTaskAssessmentRuns\",\"dms:DescribeReplicationTasks\",\"dms:ListTagsForResource\",\"ds:DescribeDirectories\",\"ds:DescribeDomainControllers\",\"ds:DescribeEventTopics\",\"ds:ListLogSubscriptions\",\"ds:ListTagsForResource\",\"dynamodb:DescribeContinuousBackups\",\"dynamodb:DescribeGlobalTable\",\"dynamodb:DescribeGlobalTableSettings\",\"dynamodb:DescribeLimits\",\"dynamodb:DescribeTable\",\"dynamodb:DescribeTableReplicaAutoScaling\",\"dynamodb:DescribeTimeToLive\",\"dynamodb:ListTables\",\"dynamodb:ListTagsOfResource\",\"ec2:Describe*\",\"ec2:DescribeClientVpnAuthorizationRules\",\"ec2:DescribeClientVpnEndpoints\",\"ec2:DescribeDhcpOptions\",\"ec2:DescribeFleets\",\"ec2:DescribeNetworkAcls\",\"ec2:DescribePlacementGroups\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSpotFleetRequests\",\"ec2:DescribeTags\",\"ec2:DescribeTrafficMirrorFilters\",\"ec2:DescribeTrafficMirrorSessions\",\"ec2:DescribeTrafficMirrorTargets\",\"ec2:DescribeVolumeAttribute\",\"ec2:DescribeVolumes\",\"ec2:GetEbsEncryptionByDefault\",\"ec2:GetInstanceTypesFromInstanceRequirements\",\"ec2:GetIpamPoolAllocations\",\"ec2:GetIpamPoolCidrs\",\"ec2:GetManagedPrefixListEntries\",\"ec2:GetNetworkInsightsAccessScopeAnalysisFindings\",\"ec2:GetNetworkInsightsAccessScopeContent\",\"ecr-public:DescribeRepositories\",\"ecr-public:GetRepositoryCatalogData\",\"ecr-public:GetRepositoryPolicy\",\"ecr-public:ListTagsForResource\",\"ecr:BatchGetRepositoryScanningConfiguration\",\"ecr:DescribePullThroughCacheRules\",\"ecr:DescribeRegistry\",\"ecr:DescribeRepositories\",\"ecr:GetLifecyclePolicy\",\"ecr:GetRegistryPolicy\",\"ecr:GetRepositoryPolicy\",\"ecr:ListTagsForResource\",\"ecs:DescribeCapacityProviders\",\"ecs:DescribeClusters\",\"ecs:DescribeServices\",\"ecs:DescribeTaskDefinition\",\"ecs:DescribeTaskSets\",\"ecs:ListClusters\",\"ecs:ListServices\",\"ecs:ListTagsForResource\",\"ecs:ListTaskDefinitionFamilies\",\"ecs:ListTaskDefinitions\",\"eks:DescribeAddon\",\"eks:DescribeCluster\",\"eks:DescribeFargateProfile\",\"eks:DescribeIdentityProviderConfig\",\"eks:DescribeNodegroup\",\"eks:ListAddons\",\"eks:ListClusters\",\"eks:ListFargateProfiles\",\"eks:ListIdentityProviderConfigs\",\"eks:ListNodegroups\",\"eks:ListTagsForResource\",\"elasticache:DescribeCacheClusters\",\"elasticache:DescribeCacheParameterGroups\",\"elasticache:DescribeCacheParameters\",\"elasticache:DescribeCacheSecurityGroups\",\"elasticache:DescribeCacheSubnetGroups\",\"elasticache:DescribeGlobalReplicationGroups\",\"elasticache:DescribeReplicationGroups\",\"elasticache:DescribeSnapshots\",\"elasticache:DescribeUserGroups\",\"elasticache:DescribeUsers\",\"elasticache:ListTagsForResource\",\"elasticbeanstalk:DescribeConfigurationSettings\",\"elasticbeanstalk:DescribeEnvironments\",\"elasticfilesystem:DescribeAccessPoints\",\"elasticfilesystem:DescribeBackupPolicy\",\"elasticfilesystem:DescribeFileSystemPolicy\",\"elasticfilesystem:DescribeFileSystems\",\"elasticfilesystem:DescribeLifecycleConfiguration\",\"elasticfilesystem:DescribeMountTargets\",\"elasticfilesystem:DescribeMountTargetSecurityGroups\",\"elasticfilesystem:DescribeTags\",\"elasticloadbalancing:DescribeListenerCertificates\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeLoadBalancerPolicies\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticmapreduce:DescribeCluster\",\"elasticmapreduce:DescribeSecurityConfiguration\",\"elasticmapreduce:DescribeStep\",\"elasticmapreduce:DescribeStudio\",\"elasticmapreduce:GetBlockPublicAccessConfiguration\",\"elasticmapreduce:GetManagedScalingPolicy\",\"elasticmapreduce:GetStudioSessionMapping\",\"elasticmapreduce:ListClusters\",\"elasticmapreduce:ListInstanceFleets\",\"elasticmapreduce:ListInstanceGroups\",\"elasticmapreduce:ListInstances\",\"elasticmapreduce:ListSecurityConfigurations\",\"elasticmapreduce:ListSteps\",\"elasticmapreduce:ListStudios\",\"elasticmapreduce:ListStudioSessionMappings\",\"emr-containers:DescribeVirtualCluster\",\"emr-containers:ListVirtualClusters\",\"emr-serverless:GetApplication\",\"emr-serverless:ListApplications\",\"es:DescribeDomain\",\"es:DescribeDomains\",\"es:DescribeElasticsearchDomain\",\"es:DescribeElasticsearchDomains\",\"es:GetCompatibleElasticsearchVersions\",\"es:GetCompatibleVersions\",\"es:ListDomainNames\",\"es:ListTags\",\"events:DescribeApiDestination\",\"events:DescribeArchive\",\"events:DescribeConnection\",\"events:DescribeEndpoint\",\"events:DescribeEventBus\",\"events:DescribeRule\",\"events:ListApiDestinations\",\"events:ListArchives\",\"events:ListConnections\",\"events:ListEndpoints\",\"events:ListEventBuses\",\"events:ListRules\",\"events:ListTagsForResource\",\"events:ListTargetsByRule\",\"evidently:GetLaunch\",\"evidently:GetProject\",\"evidently:GetSegment\",\"evidently:ListLaunches\",\"evidently:ListProjects\",\"evidently:ListSegments\",\"evidently:ListTagsForResource\",\"finspace:GetEnvironment\",\"finspace:ListEnvironments\",\"firehose:DescribeDeliveryStream\",\"firehose:ListDeliveryStreams\",\"firehose:ListTagsForDeliveryStream\",\"fis:GetExperimentTemplate\",\"fis:ListExperimentTemplates\",\"fms:GetNotificationChannel\",\"fms:GetPolicy\",\"fms:ListPolicies\",\"fms:ListTagsForResource\",\"forecast:DescribeDataset\",\"forecast:DescribeDatasetGroup\",\"forecast:ListDatasetGroups\",\"forecast:ListDatasets\",\"forecast:ListTagsForResource\",\"frauddetector:GetDetectors\",\"frauddetector:GetDetectorVersion\",\"frauddetector:GetEntityTypes\",\"frauddetector:GetEventTypes\",\"frauddetector:GetExternalModels\",\"frauddetector:GetLabels\",\"frauddetector:GetModels\",\"frauddetector:GetOutcomes\",\"frauddetector:GetRules\",\"frauddetector:GetVariables\",\"frauddetector:ListTagsForResource\",\"fsx:DescribeBackups\",\"fsx:DescribeDataRepositoryAssociations\",\"fsx:DescribeFileSystems\",\"fsx:DescribeSnapshots\",\"fsx:DescribeStorageVirtualMachines\",\"fsx:DescribeVolumes\",\"fsx:ListTagsForResource\",\"gamelift:DescribeAlias\",\"gamelift:DescribeBuild\",\"gamelift:DescribeFleetAttributes\",\"gamelift:DescribeFleetCapacity\",\"gamelift:DescribeFleetLocationAttributes\",\"gamelift:DescribeFleetLocationCapacity\",\"gamelift:DescribeFleetPortSettings\",\"gamelift:DescribeGameServerGroup\",\"gamelift:DescribeGameSessionQueues\",\"gamelift:DescribeMatchmakingConfigurations\",\"gamelift:DescribeMatchmakingRuleSets\",\"gamelift:DescribeRuntimeConfiguration\",\"gamelift:DescribeScript\",\"gamelift:DescribeVpcPeeringAuthorizations\",\"gamelift:DescribeVpcPeeringConnections\",\"gamelift:ListAliases\",\"gamelift:ListBuilds\",\"gamelift:ListFleets\",\"gamelift:ListGameServerGroups\",\"gamelift:ListScripts\",\"gamelift:ListTagsForResource\",\"geo:DescribeGeofenceCollection\",\"geo:DescribeMap\",\"geo:DescribePlaceIndex\",\"geo:DescribeRouteCalculator\",\"geo:DescribeTracker\",\"geo:ListGeofenceCollections\",\"geo:ListMaps\",\"geo:ListPlaceIndexes\",\"geo:ListRouteCalculators\",\"geo:ListTrackerConsumers\",\"geo:ListTrackers\",\"globalaccelerator:DescribeAccelerator\",\"globalaccelerator:DescribeEndpointGroup\",\"globalaccelerator:DescribeListener\",\"globalaccelerator:ListAccelerators\",\"globalaccelerator:ListEndpointGroups\",\"globalaccelerator:ListListeners\",\"globalaccelerator:ListTagsForResource\",\"glue:BatchGetDevEndpoints\",\"glue:BatchGetJobs\",\"glue:BatchGetWorkflows\",\"glue:GetClassifier\",\"glue:GetClassifiers\",\"glue:GetCrawler\",\"glue:GetCrawlers\",\"glue:GetDatabase\",\"glue:GetDatabases\",\"glue:GetDevEndpoint\",\"glue:GetDevEndpoints\",\"glue:GetJob\",\"glue:GetJobs\",\"glue:GetMLTransform\",\"glue:GetMLTransforms\",\"glue:GetPartition\",\"glue:GetPartitions\",\"glue:GetRegistry\",\"glue:GetSecurityConfiguration\",\"glue:GetSecurityConfigurations\",\"glue:GetTable\",\"glue:GetTags\",\"glue:GetTrigger\",\"glue:GetWorkflow\",\"glue:ListCrawlers\",\"glue:ListDevEndpoints\",\"glue:ListJobs\",\"glue:ListMLTransforms\",\"glue:ListRegistries\",\"glue:ListTriggers\",\"glue:ListWorkflows\",\"grafana:DescribeWorkspace\",\"grafana:DescribeWorkspaceAuthentication\",\"grafana:DescribeWorkspaceConfiguration\",\"grafana:ListWorkspaces\",\"greengrass:DescribeComponent\",\"greengrass:GetComponent\",\"greengrass:ListComponents\",\"greengrass:ListComponentVersions\",\"groundstation:GetConfig\",\"groundstation:GetDataflowEndpointGroup\",\"groundstation:GetMissionProfile\",\"groundstation:ListConfigs\",\"groundstation:ListDataflowEndpointGroups\",\"groundstation:ListMissionProfiles\",\"groundstation:ListTagsForResource\",\"guardduty:DescribePublishingDestination\",\"guardduty:GetAdministratorAccount\",\"guardduty:GetDetector\",\"guardduty:GetFilter\",\"guardduty:GetFindings\",\"guardduty:GetIPSet\",\"guardduty:GetMasterAccount\",\"guardduty:GetMemberDetectors\",\"guardduty:GetMembers\",\"guardduty:GetThreatIntelSet\",\"guardduty:ListDetectors\",\"guardduty:ListFilters\",\"guardduty:ListFindings\",\"guardduty:ListIPSets\",\"guardduty:ListMembers\",\"guardduty:ListOrganizationAdminAccounts\",\"guardduty:ListPublishingDestinations\",\"guardduty:ListTagsForResource\",\"guardduty:ListThreatIntelSets\",\"healthlake:DescribeFHIRDatastore\",\"healthlake:ListFHIRDatastores\",\"healthlake:ListTagsForResource\",\"iam:GenerateCredentialReport\",\"iam:GetAccountAuthorizationDetails\",\"iam:GetAccountPasswordPolicy\",\"iam:GetAccountSummary\",\"iam:GetCredentialReport\",\"iam:GetGroup\",\"iam:GetGroupPolicy\",\"iam:GetInstanceProfile\",\"iam:GetOpenIDConnectProvider\",\"iam:GetPolicy\",\"iam:GetPolicyVersion\",\"iam:GetRole\",\"iam:GetRolePolicy\",\"iam:GetSAMLProvider\",\"iam:GetServerCertificate\",\"iam:GetUser\",\"iam:GetUserPolicy\",\"iam:ListAccessKeys\",\"iam:ListAttachedGroupPolicies\",\"iam:ListAttachedRolePolicies\",\"iam:ListAttachedUserPolicies\",\"iam:ListEntitiesForPolicy\",\"iam:ListGroupPolicies\",\"iam:ListGroups\",\"iam:ListGroupsForUser\",\"iam:ListInstanceProfiles\",\"iam:ListInstanceProfilesForRole\",\"iam:ListInstanceProfileTags\",\"iam:ListMFADevices\",\"iam:ListMFADeviceTags\",\"iam:ListOpenIDConnectProviders\",\"iam:ListPolicyVersions\",\"iam:ListRolePolicies\",\"iam:ListRoles\",\"iam:ListSAMLProviders\",\"iam:ListServerCertificates\",\"iam:ListUserPolicies\",\"iam:ListUsers\",\"iam:ListVirtualMFADevices\",\"identitystore:DescribeGroup\",\"identitystore:DescribeGroupMembership\",\"identitystore:ListGroupMemberships\",\"identitystore:ListGroups\",\"imagebuilder:GetComponent\",\"imagebuilder:GetContainerRecipe\",\"imagebuilder:GetDistributionConfiguration\",\"imagebuilder:GetImage\",\"imagebuilder:GetImagePipeline\",\"imagebuilder:GetImageRecipe\",\"imagebuilder:GetInfrastructureConfiguration\",\"imagebuilder:GetLifecyclePolicy\",\"imagebuilder:ListComponentBuildVersions\",\"imagebuilder:ListComponents\",\"imagebuilder:ListContainerRecipes\",\"imagebuilder:ListDistributionConfigurations\",\"imagebuilder:ListImageBuildVersions\",\"imagebuilder:ListImagePipelines\",\"imagebuilder:ListImageRecipes\",\"imagebuilder:ListImages\",\"imagebuilder:ListInfrastructureConfigurations\",\"imagebuilder:ListLifecyclePolicies\",\"inspector2:BatchGetAccountStatus\",\"inspector2:GetDelegatedAdminAccount\",\"inspector2:ListFilters\",\"inspector2:ListMembers\",\"iot:DescribeAccountAuditConfiguration\",\"iot:DescribeAuthorizer\",\"iot:DescribeBillingGroup\",\"iot:DescribeCACertificate\",\"iot:DescribeCertificate\",\"iot:DescribeCustomMetric\",\"iot:DescribeDimension\",\"iot:DescribeDomainConfiguration\",\"iot:DescribeFleetMetric\",\"iot:DescribeJobTemplate\",\"iot:DescribeMitigationAction\",\"iot:DescribeProvisioningTemplate\",\"iot:DescribeRoleAlias\",\"iot:DescribeScheduledAudit\",\"iot:DescribeSecurityProfile\",\"iot:DescribeThingGroup\",\"iot:DescribeThingType\",\"iot:GetPolicy\",\"iot:GetTopicRule\",\"iot:GetTopicRuleDestination\",\"iot:ListAuthorizers\",\"iot:ListBillingGroups\",\"iot:ListCACertificates\",\"iot:ListCertificates\",\"iot:ListCustomMetrics\",\"iot:ListDimensions\",\"iot:ListDomainConfigurations\",\"iot:ListFleetMetrics\",\"iot:ListJobTemplates\",\"iot:ListMitigationActions\",\"iot:ListPolicies\",\"iot:ListProvisioningTemplates\",\"iot:ListRoleAliases\",\"iot:ListScheduledAudits\",\"iot:ListSecurityProfiles\",\"iot:ListSecurityProfilesForTarget\",\"iot:ListTagsForResource\",\"iot:ListTargetsForSecurityProfile\",\"iot:ListThingGroups\",\"iot:ListThingTypes\",\"iot:ListTopicRuleDestinations\",\"iot:ListTopicRules\",\"iot:ListV2LoggingLevels\",\"iot:ValidateSecurityProfileBehaviors\",\"iotanalytics:DescribeChannel\",\"iotanalytics:DescribeDataset\",\"iotanalytics:DescribeDatastore\",\"iotanalytics:DescribePipeline\",\"iotanalytics:ListChannels\",\"iotanalytics:ListDatasets\",\"iotanalytics:ListDatastores\",\"iotanalytics:ListPipelines\",\"iotanalytics:ListTagsForResource\",\"iotevents:DescribeAlarmModel\",\"iotevents:DescribeDetectorModel\",\"iotevents:DescribeInput\",\"iotevents:ListAlarmModels\",\"iotevents:ListDetectorModels\",\"iotevents:ListInputs\",\"iotevents:ListTagsForResource\",\"iotfleetwise:GetDecoderManifest\",\"iotfleetwise:GetFleet\",\"iotfleetwise:GetModelManifest\",\"iotfleetwise:GetSignalCatalog\",\"iotfleetwise:GetVehicle\",\"iotfleetwise:ListDecoderManifestNetworkInterfaces\",\"iotfleetwise:ListDecoderManifests\",\"iotfleetwise:ListDecoderManifestSignals\",\"iotfleetwise:ListFleets\",\"iotfleetwise:ListModelManifestNodes\",\"iotfleetwise:ListModelManifests\",\"iotfleetwise:ListSignalCatalogNodes\",\"iotfleetwise:ListSignalCatalogs\",\"iotfleetwise:ListTagsForResource\",\"iotfleetwise:ListVehicles\",\"iotsitewise:DescribeAccessPolicy\",\"iotsitewise:DescribeAsset\",\"iotsitewise:DescribeAssetModel\",\"iotsitewise:DescribeDashboard\",\"iotsitewise:DescribeGateway\",\"iotsitewise:DescribePortal\",\"iotsitewise:DescribeProject\",\"iotsitewise:ListAccessPolicies\",\"iotsitewise:ListAssetModels\",\"iotsitewise:ListAssets\",\"iotsitewise:ListDashboards\",\"iotsitewise:ListGateways\",\"iotsitewise:ListPortals\",\"iotsitewise:ListProjectAssets\",\"iotsitewise:ListProjects\",\"iotsitewise:ListTagsForResource\",\"iottwinmaker:GetComponentType\",\"iottwinmaker:GetEntity\",\"iottwinmaker:GetScene\",\"iottwinmaker:GetSyncJob\",\"iottwinmaker:GetWorkspace\",\"iottwinmaker:ListComponentTypes\",\"iottwinmaker:ListEntities\",\"iottwinmaker:ListScenes\",\"iottwinmaker:ListSyncJobs\",\"iottwinmaker:ListTagsForResource\",\"iottwinmaker:ListWorkspaces\",\"iotwireless:GetDestination\",\"iotwireless:GetDeviceProfile\",\"iotwireless:GetFuotaTask\",\"iotwireless:GetMulticastGroup\",\"iotwireless:GetServiceProfile\",\"iotwireless:GetWirelessDevice\",\"iotwireless:GetWirelessGateway\",\"iotwireless:GetWirelessGatewayTaskDefinition\",\"iotwireless:ListDestinations\",\"iotwireless:ListDeviceProfiles\",\"iotwireless:ListFuotaTasks\",\"iotwireless:ListMulticastGroups\",\"iotwireless:ListServiceProfiles\",\"iotwireless:ListTagsForResource\",\"iotwireless:ListWirelessDevices\",\"iotwireless:ListWirelessGateways\",\"iotwireless:ListWirelessGatewayTaskDefinitions\",\"ivs:GetChannel\",\"ivs:GetEncoderConfiguration\",\"ivs:GetPlaybackKeyPair\",\"ivs:GetPlaybackRestrictionPolicy\",\"ivs:GetRecordingConfiguration\",\"ivs:GetStage\",\"ivs:GetStorageConfiguration\",\"ivs:GetStreamKey\",\"ivs:ListChannels\",\"ivs:ListEncoderConfigurations\",\"ivs:ListPlaybackKeyPairs\",\"ivs:ListPlaybackRestrictionPolicies\",\"ivs:ListRecordingConfigurations\",\"ivs:ListStages\",\"ivs:ListStorageConfigurations\",\"ivs:ListStreamKeys\",\"ivs:ListTagsForResource\",\"ivschat:GetLoggingConfiguration\",\"ivschat:GetRoom\",\"ivschat:ListLoggingConfigurations\",\"ivschat:ListRooms\",\"ivschat:ListTagsForResource\",\"kafka:DescribeCluster\",\"kafka:DescribeClusterV2\",\"kafka:DescribeConfiguration\",\"kafka:DescribeConfigurationRevision\",\"kafka:DescribeVpcConnection\",\"kafka:GetClusterPolicy\",\"kafka:ListClusters\",\"kafka:ListClustersV2\",\"kafka:ListConfigurations\",\"kafka:ListScramSecrets\",\"kafka:ListTagsForResource\",\"kafka:ListVpcConnections\",\"kafkaconnect:DescribeConnector\",\"kafkaconnect:ListConnectors\",\"kendra:DescribeIndex\",\"kendra:ListIndices\",\"kendra:ListTagsForResource\",\"kinesis:DescribeStreamConsumer\",\"kinesis:DescribeStreamSummary\",\"kinesis:ListStreamConsumers\",\"kinesis:ListStreams\",\"kinesis:ListTagsForStream\",\"kinesisanalytics:DescribeApplication\",\"kinesisanalytics:ListApplications\",\"kinesisanalytics:ListTagsForResource\",\"kinesisvideo:DescribeSignalingChannel\",\"kinesisvideo:DescribeStream\",\"kinesisvideo:ListSignalingChannels\",\"kinesisvideo:ListStreams\",\"kinesisvideo:ListTagsForResource\",\"kinesisvideo:ListTagsForStream\",\"kms:DescribeKey\",\"kms:GetKeyPolicy\",\"kms:GetKeyRotationStatus\",\"kms:ListAliases\",\"kms:ListKeys\",\"kms:ListResourceTags\",\"lakeformation:DescribeResource\",\"lakeformation:GetDataLakeSettings\",\"lakeformation:ListPermissions\",\"lakeformation:ListResources\",\"lambda:GetAlias\",\"lambda:GetCodeSigningConfig\",\"lambda:GetFunction\",\"lambda:GetFunctionCodeSigningConfig\",\"lambda:GetLayerVersion\",\"lambda:GetPolicy\",\"lambda:ListAliases\",\"lambda:ListCodeSigningConfigs\",\"lambda:ListFunctions\",\"lambda:ListLayers\",\"lambda:ListLayerVersions\",\"lambda:ListTags\",\"lambda:ListVersionsByFunction\",\"lex:DescribeBot\",\"lex:DescribeBotAlias\",\"lex:DescribeBotVersion\",\"lex:DescribeResourcePolicy\",\"lex:ListBotAliases\",\"lex:ListBotLocales\",\"lex:ListBots\",\"lex:ListBotVersions\",\"lex:ListTagsForResource\",\"license-manager:GetGrant\",\"license-manager:GetLicense\",\"license-manager:ListDistributedGrants\",\"license-manager:ListLicenses\",\"license-manager:ListReceivedGrants\",\"lightsail:GetAlarms\",\"lightsail:GetBuckets\",\"lightsail:GetCertificates\",\"lightsail:GetContainerServices\",\"lightsail:GetDisk\",\"lightsail:GetDisks\",\"lightsail:GetDistributions\",\"lightsail:GetInstance\",\"lightsail:GetInstances\",\"lightsail:GetKeyPair\",\"lightsail:GetLoadBalancer\",\"lightsail:GetLoadBalancers\",\"lightsail:GetLoadBalancerTlsCertificates\",\"lightsail:GetRelationalDatabase\",\"lightsail:GetRelationalDatabaseParameters\",\"lightsail:GetRelationalDatabases\",\"lightsail:GetStaticIp\",\"lightsail:GetStaticIps\",\"logs:DescribeDestinations\",\"logs:DescribeLogGroups\",\"logs:DescribeMetricFilters\",\"logs:GetDataProtectionPolicy\",\"logs:GetLogAnomalyDetector\",\"logs:GetLogDelivery\",\"logs:ListLogAnomalyDetectors\",\"logs:ListLogDeliveries\",\"logs:ListTagsLogGroup\",\"lookoutequipment:DescribeInferenceScheduler\",\"lookoutequipment:ListTagsForResource\",\"lookoutmetrics:DescribeAlert\",\"lookoutmetrics:DescribeAnomalyDetector\",\"lookoutmetrics:ListAlerts\",\"lookoutmetrics:ListAnomalyDetectors\",\"lookoutmetrics:ListMetricSets\",\"lookoutmetrics:ListTagsForResource\",\"lookoutvision:DescribeProject\",\"lookoutvision:ListProjects\",\"m2:GetEnvironment\",\"m2:ListEnvironments\",\"m2:ListTagsForResource\",\"macie2:DescribeOrganizationConfiguration\",\"macie2:GetAutomatedDiscoveryConfiguration\",\"macie2:GetClassificationExportConfiguration\",\"macie2:GetCustomDataIdentifier\",\"macie2:GetFindingsPublicationConfiguration\",\"macie2:GetMacieSession\",\"macie2:ListCustomDataIdentifiers\",\"macie2:ListTagsForResource\",\"managedblockchain:GetMember\",\"managedblockchain:GetNetwork\",\"managedblockchain:GetNode\",\"managedblockchain:ListInvitations\",\"managedblockchain:ListMembers\",\"managedblockchain:ListNodes\",\"mediaconnect:DescribeBridge\",\"mediaconnect:DescribeFlow\",\"mediaconnect:DescribeGateway\",\"mediaconnect:ListBridges\",\"mediaconnect:ListFlows\",\"mediaconnect:ListGateways\",\"mediaconnect:ListTagsForResource\",\"mediapackage-vod:DescribePackagingConfiguration\",\"mediapackage-vod:DescribePackagingGroup\",\"mediapackage-vod:ListPackagingConfigurations\",\"mediapackage-vod:ListPackagingGroups\",\"mediapackage-vod:ListTagsForResource\",\"mediatailor:DescribeChannel\",\"mediatailor:DescribeLiveSource\",\"mediatailor:DescribeSourceLocation\",\"mediatailor:DescribeVodSource\",\"mediatailor:GetPlaybackConfiguration\",\"mediatailor:ListChannels\",\"mediatailor:ListLiveSources\",\"mediatailor:ListPlaybackConfigurations\",\"mediatailor:ListSourceLocations\",\"mediatailor:ListVodSources\",\"memorydb:DescribeAcls\",\"memorydb:DescribeClusters\",\"memorydb:DescribeParameterGroups\",\"memorydb:DescribeParameters\",\"memorydb:DescribeSubnetGroups\",\"memorydb:DescribeUsers\",\"memorydb:ListTags\",\"mobiletargeting:GetApp\",\"mobiletargeting:GetApplicationSettings\",\"mobiletargeting:GetApps\",\"mobiletargeting:GetCampaign\",\"mobiletargeting:GetCampaigns\",\"mobiletargeting:GetEmailChannel\",\"mobiletargeting:GetEmailTemplate\",\"mobiletargeting:GetEventStream\",\"mobiletargeting:GetInAppTemplate\",\"mobiletargeting:GetSegment\",\"mobiletargeting:GetSegments\",\"mobiletargeting:ListTagsForResource\",\"mobiletargeting:ListTemplates\",\"mq:DescribeBroker\",\"mq:ListBrokers\",\"network-firewall:DescribeLoggingConfiguration\",\"network-firewall:ListFirewalls\",\"networkmanager:DescribeGlobalNetworks\",\"networkmanager:GetConnectPeer\",\"networkmanager:GetCustomerGatewayAssociations\",\"networkmanager:GetDevices\",\"networkmanager:GetLinkAssociations\",\"networkmanager:GetLinks\",\"networkmanager:GetSites\",\"networkmanager:GetTransitGatewayRegistrations\",\"networkmanager:ListConnectPeers\",\"networkmanager:ListTagsForResource\",\"nimble:GetLaunchProfile\",\"nimble:GetLaunchProfileDetails\",\"nimble:GetStreamingImage\",\"nimble:GetStudio\",\"nimble:GetStudioComponent\",\"nimble:ListLaunchProfiles\",\"nimble:ListStreamingImages\",\"nimble:ListStudioComponents\",\"nimble:ListStudios\",\"oam:GetSink\",\"oam:GetSinkPolicy\",\"oam:ListSinks\",\"omics:GetWorkflow\",\"omics:ListWorkflows\",\"opsworks:DescribeInstances\",\"opsworks:DescribeLayers\",\"opsworks:DescribeTimeBasedAutoScaling\",\"opsworks:DescribeVolumes\",\"opsworks:ListTags\",\"organizations:DescribeAccount\",\"organizations:DescribeEffectivePolicy\",\"organizations:DescribeOrganization\",\"organizations:DescribeOrganizationalUnit\",\"organizations:DescribePolicy\",\"organizations:DescribeResourcePolicy\",\"organizations:ListAccounts\",\"organizations:ListAccountsForParent\",\"organizations:ListDelegatedAdministrators\",\"organizations:ListOrganizationalUnitsForParent\",\"organizations:ListParents\",\"organizations:ListPolicies\",\"organizations:ListPoliciesForTarget\",\"organizations:ListRoots\",\"organizations:ListTagsForResource\",\"organizations:ListTargetsForPolicy\",\"panorama:DescribeApplicationInstance\",\"panorama:DescribeApplicationInstanceDetails\",\"panorama:DescribePackage\",\"panorama:DescribePackageVersion\",\"panorama:ListApplicationInstances\",\"panorama:ListNodes\",\"panorama:ListPackages\",\"payment-cryptography:GetAlias\",\"payment-cryptography:GetKey\",\"payment-cryptography:ListAliases\",\"payment-cryptography:ListKeys\",\"payment-cryptography:ListTagsForResource\",\"personalize:DescribeDataset\",\"personalize:DescribeDatasetGroup\",\"personalize:DescribeSchema\",\"personalize:DescribeSolution\",\"personalize:ListDatasetGroups\",\"personalize:ListDatasetImportJobs\",\"personalize:ListDatasets\",\"personalize:ListSchemas\",\"personalize:ListSolutions\",\"personalize:ListTagsForResource\",\"profile:GetDomain\",\"profile:GetIntegration\",\"profile:GetProfileObjectType\",\"profile:ListDomains\",\"profile:ListIntegrations\",\"profile:ListProfileObjectTypes\",\"profile:ListTagsForResource\",\"quicksight:DescribeAccountSubscription\",\"quicksight:DescribeAnalysis\",\"quicksight:DescribeAnalysisPermissions\",\"quicksight:DescribeDashboard\",\"quicksight:DescribeDashboardPermissions\",\"quicksight:DescribeDataSet\",\"quicksight:DescribeDataSetPermissions\",\"quicksight:DescribeDataSetRefreshProperties\",\"quicksight:DescribeDataSource\",\"quicksight:DescribeDataSourcePermissions\",\"quicksight:DescribeTemplate\",\"quicksight:DescribeTemplatePermissions\",\"quicksight:DescribeTheme\",\"quicksight:DescribeThemePermissions\",\"quicksight:ListAnalyses\",\"quicksight:ListDashboards\",\"quicksight:ListDataSets\",\"quicksight:ListDataSources\",\"quicksight:ListTagsForResource\",\"quicksight:ListTemplates\",\"quicksight:ListThemes\",\"ram:GetPermission\",\"ram:GetResourceShareAssociations\",\"ram:GetResourceShares\",\"ram:ListPermissionAssociations\",\"ram:ListPermissions\",\"ram:ListPermissionVersions\",\"ram:ListResources\",\"ram:ListResourceSharePermissions\",\"rds:DescribeDBClusterParameterGroups\",\"rds:DescribeDBClusterParameters\",\"rds:DescribeDBClusters\",\"rds:DescribeDBClusterSnapshotAttributes\",\"rds:DescribeDBClusterSnapshots\",\"rds:DescribeDBEngineVersions\",\"rds:DescribeDBInstances\",\"rds:DescribeDBParameterGroups\",\"rds:DescribeDBParameters\",\"rds:DescribeDBProxies\",\"rds:DescribeDBProxyEndpoints\",\"rds:DescribeDBProxyTargetGroups\",\"rds:DescribeDBProxyTargets\",\"rds:DescribeDBSecurityGroups\",\"rds:DescribeDBSnapshotAttributes\",\"rds:DescribeDBSnapshots\",\"rds:DescribeDBSubnetGroups\",\"rds:DescribeEngineDefaultClusterParameters\",\"rds:DescribeEventSubscriptions\",\"rds:DescribeGlobalClusters\",\"rds:DescribeOptionGroups\",\"rds:ListTagsForResource\",\"redshift-serverless:GetNamespace\",\"redshift-serverless:GetWorkgroup\",\"redshift-serverless:ListNamespaces\",\"redshift-serverless:ListTagsForResource\",\"redshift-serverless:ListWorkgroups\",\"redshift:DescribeClusterParameterGroups\",\"redshift:DescribeClusterParameters\",\"redshift:DescribeClusters\",\"redshift:DescribeClusterSecurityGroups\",\"redshift:DescribeClusterSnapshots\",\"redshift:DescribeClusterSubnetGroups\",\"redshift:DescribeEndpointAccess\",\"redshift:DescribeEndpointAuthorization\",\"redshift:DescribeEventSubscriptions\",\"redshift:DescribeLoggingStatus\",\"redshift:DescribeScheduledActions\",\"redshift:DescribeTags\",\"refactor-spaces:GetEnvironment\",\"refactor-spaces:GetService\",\"refactor-spaces:ListApplications\",\"refactor-spaces:ListEnvironments\",\"refactor-spaces:ListServices\",\"rekognition:DescribeProjects\",\"rekognition:DescribeStreamProcessor\",\"rekognition:ListStreamProcessors\",\"rekognition:ListTagsForResource\",\"resiliencehub:DescribeApp\",\"resiliencehub:DescribeAppVersionTemplate\",\"resiliencehub:DescribeResiliencyPolicy\",\"resiliencehub:ListApps\",\"resiliencehub:ListAppVersionResourceMappings\",\"resiliencehub:ListResiliencyPolicies\",\"resiliencehub:ListTagsForResource\",\"resource-explorer-2:GetIndex\",\"resource-explorer-2:ListIndexes\",\"resource-explorer-2:ListTagsForResource\",\"resource-groups:GetGroup\",\"resource-groups:GetGroupConfiguration\",\"resource-groups:GetGroupQuery\",\"resource-groups:GetTags\",\"resource-groups:ListGroupResources\",\"resource-groups:ListGroups\",\"robomaker:DescribeRobotApplication\",\"robomaker:DescribeSimulationApplication\",\"robomaker:ListRobotApplications\",\"robomaker:ListSimulationApplications\",\"route53-recovery-control-config:DescribeCluster\",\"route53-recovery-control-config:DescribeControlPanel\",\"route53-recovery-control-config:DescribeRoutingControl\",\"route53-recovery-control-config:DescribeSafetyRule\",\"route53-recovery-control-config:ListClusters\",\"route53-recovery-control-config:ListControlPanels\",\"route53-recovery-control-config:ListRoutingControls\",\"route53-recovery-control-config:ListSafetyRules\",\"route53-recovery-control-config:ListTagsForResource\",\"route53-recovery-readiness:GetCell\",\"route53-recovery-readiness:GetReadinessCheck\",\"route53-recovery-readiness:GetRecoveryGroup\",\"route53-recovery-readiness:GetResourceSet\",\"route53-recovery-readiness:ListCells\",\"route53-recovery-readiness:ListReadinessChecks\",\"route53-recovery-readiness:ListRecoveryGroups\",\"route53-recovery-readiness:ListResourceSets\",\"route53:GetChange\",\"route53:GetDNSSEC\",\"route53:GetHealthCheck\",\"route53:GetHostedZone\",\"route53:ListCidrBlocks\",\"route53:ListCidrCollections\",\"route53:ListCidrLocations\",\"route53:ListHealthChecks\",\"route53:ListHostedZones\",\"route53:ListHostedZonesByName\",\"route53:ListQueryLoggingConfigs\",\"route53:ListResourceRecordSets\",\"route53:ListTagsForResource\",\"route53resolver:GetFirewallDomainList\",\"route53resolver:GetFirewallRuleGroup\",\"route53resolver:GetFirewallRuleGroupAssociation\",\"route53resolver:GetResolverDnssecConfig\",\"route53resolver:GetResolverEndpoint\",\"route53resolver:GetResolverQueryLogConfig\",\"route53resolver:GetResolverQueryLogConfigAssociation\",\"route53resolver:GetResolverRule\",\"route53resolver:GetResolverRuleAssociation\",\"route53resolver:ListFirewallDomainLists\",\"route53resolver:ListFirewallDomains\",\"route53resolver:ListFirewallRuleGroupAssociations\",\"route53resolver:ListFirewallRuleGroups\",\"route53resolver:ListFirewallRules\",\"route53resolver:ListResolverDnssecConfigs\",\"route53resolver:ListResolverEndpointIpAddresses\",\"route53resolver:ListResolverEndpoints\",\"route53resolver:ListResolverQueryLogConfigAssociations\",\"route53resolver:ListResolverQueryLogConfigs\",\"route53resolver:ListResolverRuleAssociations\",\"route53resolver:ListResolverRules\",\"route53resolver:ListTagsForResource\",\"rum:GetAppMonitor\",\"rum:GetAppMonitorData\",\"rum:ListAppMonitors\",\"rum:ListTagsForResource\",\"s3-outposts:GetAccessPoint\",\"s3-outposts:GetAccessPointPolicy\",\"s3-outposts:GetBucket\",\"s3-outposts:GetBucketPolicy\",\"s3-outposts:GetBucketTagging\",\"s3-outposts:GetLifecycleConfiguration\",\"s3-outposts:ListAccessPoints\",\"s3-outposts:ListEndpoints\",\"s3-outposts:ListRegionalBuckets\",\"s3:GetAccelerateConfiguration\",\"s3:GetAccessPoint\",\"s3:GetAccessPointForObjectLambda\",\"s3:GetAccessPointPolicy\",\"s3:GetAccessPointPolicyForObjectLambda\",\"s3:GetAccessPointPolicyStatus\",\"s3:GetAccessPointPolicyStatusForObjectLambda\",\"s3:GetAccountPublicAccessBlock\",\"s3:GetBucketAcl\",\"s3:GetBucketCORS\",\"s3:GetBucketLocation\",\"s3:GetBucketLogging\",\"s3:GetBucketNotification\",\"s3:GetBucketObjectLockConfiguration\",\"s3:GetBucketPolicy\",\"s3:GetBucketPolicyStatus\",\"s3:GetBucketPublicAccessBlock\",\"s3:GetBucketRequestPayment\",\"s3:GetBucketTagging\",\"s3:GetBucketVersioning\",\"s3:GetBucketWebsite\",\"s3:GetEncryptionConfiguration\",\"s3:GetLifecycleConfiguration\",\"s3:GetMultiRegionAccessPoint\",\"s3:GetMultiRegionAccessPointPolicy\",\"s3:GetMultiRegionAccessPointPolicyStatus\",\"s3:GetReplicationConfiguration\",\"s3:GetStorageLensConfiguration\",\"s3:GetStorageLensConfigurationTagging\",\"s3:GetStorageLensGroup\",\"s3:ListAccessPoints\",\"s3:ListAccessPointsForObjectLambda\",\"s3:ListAllMyBuckets\",\"s3:ListBucket\",\"s3:ListMultiRegionAccessPoints\",\"s3:ListStorageLensConfigurations\",\"s3:ListStorageLensGroups\",\"s3:ListTagsForResource\",\"s3express:GetBucketPolicy\",\"s3express:ListAllMyDirectoryBuckets\",\"sagemaker:DescribeAppImageConfig\",\"sagemaker:DescribeCodeRepository\",\"sagemaker:DescribeDataQualityJobDefinition\",\"sagemaker:DescribeDeviceFleet\",\"sagemaker:DescribeDomain\",\"sagemaker:DescribeEndpoint\",\"sagemaker:DescribeEndpointConfig\",\"sagemaker:DescribeFeatureGroup\",\"sagemaker:DescribeImage\",\"sagemaker:DescribeImageVersion\",\"sagemaker:DescribeInferenceExperiment\",\"sagemaker:DescribeModel\",\"sagemaker:DescribeModelBiasJobDefinition\",\"sagemaker:DescribeModelExplainabilityJobDefinition\",\"sagemaker:DescribeModelQualityJobDefinition\",\"sagemaker:DescribeMonitoringSchedule\",\"sagemaker:DescribeNotebookInstance\",\"sagemaker:DescribeNotebookInstanceLifecycleConfig\",\"sagemaker:DescribePipeline\",\"sagemaker:DescribeProject\",\"sagemaker:DescribeWorkteam\",\"sagemaker:ListAppImageConfigs\",\"sagemaker:ListCodeRepositories\",\"sagemaker:ListDataQualityJobDefinitions\",\"sagemaker:ListDeviceFleets\",\"sagemaker:ListDomains\",\"sagemaker:ListEndpointConfigs\",\"sagemaker:ListEndpoints\",\"sagemaker:ListFeatureGroups\",\"sagemaker:ListImages\",\"sagemaker:ListImageVersions\",\"sagemaker:ListInferenceExperiments\",\"sagemaker:ListModelBiasJobDefinitions\",\"sagemaker:ListModelExplainabilityJobDefinitions\",\"sagemaker:ListModelQualityJobDefinitions\",\"sagemaker:ListModels\",\"sagemaker:ListMonitoringSchedules\",\"sagemaker:ListNotebookInstanceLifecycleConfigs\",\"sagemaker:ListNotebookInstances\",\"sagemaker:ListPipelines\",\"sagemaker:ListProjects\",\"sagemaker:ListTags\",\"sagemaker:ListWorkteams\",\"scheduler:GetSchedule\",\"scheduler:GetScheduleGroup\",\"scheduler:ListScheduleGroups\",\"scheduler:ListSchedules\",\"scheduler:ListTagsForResource\",\"schemas:DescribeDiscoverer\",\"schemas:DescribeRegistry\",\"schemas:DescribeSchema\",\"schemas:GetResourcePolicy\",\"schemas:ListDiscoverers\",\"schemas:ListRegistries\",\"schemas:ListSchemas\",\"sdb:GetAttributes\",\"sdb:ListDomains\",\"secretsmanager:ListSecrets\",\"secretsmanager:ListSecretVersionIds\",\"securityhub:DescribeHub\",\"serviceCatalog:DescribePortfolioShares\",\"servicediscovery:GetInstance\",\"servicediscovery:GetNamespace\",\"servicediscovery:GetService\",\"servicediscovery:ListInstances\",\"servicediscovery:ListNamespaces\",\"servicediscovery:ListServices\",\"servicediscovery:ListTagsForResource\",\"ses:DescribeReceiptRule\",\"ses:DescribeReceiptRuleSet\",\"ses:GetConfigurationSet\",\"ses:GetConfigurationSetEventDestinations\",\"ses:GetContactList\",\"ses:GetEmailTemplate\",\"ses:GetTemplate\",\"ses:ListConfigurationSets\",\"ses:ListContactLists\",\"ses:ListEmailTemplates\",\"ses:ListReceiptFilters\",\"ses:ListReceiptRuleSets\",\"ses:ListTemplates\",\"shield:DescribeDRTAccess\",\"shield:DescribeProtection\",\"shield:DescribeSubscription\",\"signer:GetSigningProfile\",\"signer:ListProfilePermissions\",\"signer:ListSigningProfiles\",\"sns:GetDataProtectionPolicy\",\"sns:GetSMSSandboxAccountStatus\",\"sns:GetSubscriptionAttributes\",\"sns:GetTopicAttributes\",\"sns:ListSubscriptions\",\"sns:ListSubscriptionsByTopic\",\"sns:ListTagsForResource\",\"sns:ListTopics\",\"sqs:GetQueueAttributes\",\"sqs:ListQueues\",\"sqs:ListQueueTags\",\"ssm-sap:ListTagsForResource\",\"ssm:DescribeAutomationExecutions\",\"ssm:DescribeDocument\",\"ssm:DescribeDocumentPermission\",\"ssm:DescribeParameters\",\"ssm:GetAutomationExecution\",\"ssm:GetDocument\",\"ssm:GetServiceSetting\",\"ssm:ListDocuments\",\"ssm:ListTagsForResource\",\"sso:DescribeInstanceAccessControlAttributeConfiguration\",\"sso:DescribePermissionSet\",\"sso:GetInlinePolicyForPermissionSet\",\"sso:ListManagedPoliciesInPermissionSet\",\"sso:ListPermissionSets\",\"sso:ListTagsForResource\",\"states:DescribeActivity\",\"states:DescribeStateMachine\",\"states:ListActivities\",\"states:ListStateMachines\",\"states:ListTagsForResource\",\"storagegateway:ListGateways\",\"storagegateway:ListTagsForResource\",\"storagegateway:ListVolumes\",\"sts:GetCallerIdentity\",\"support:DescribeCases\",\"synthetics:DescribeCanaries\",\"synthetics:DescribeCanariesLastRun\",\"synthetics:DescribeRuntimeVersions\",\"synthetics:GetCanary\",\"synthetics:GetCanaryRuns\",\"synthetics:GetGroup\",\"synthetics:ListAssociatedGroups\",\"synthetics:ListGroupResources\",\"synthetics:ListGroups\",\"synthetics:ListTagsForResource\",\"tag:GetResources\",\"timestream:DescribeDatabase\",\"timestream:DescribeEndpoints\",\"timestream:DescribeTable\",\"timestream:ListDatabases\",\"timestream:ListTables\",\"timestream:ListTagsForResource\",\"transfer:DescribeAgreement\",\"transfer:DescribeCertificate\",\"transfer:DescribeConnector\",\"transfer:DescribeProfile\",\"transfer:DescribeServer\",\"transfer:DescribeUser\",\"transfer:DescribeWorkflow\",\"transfer:ListAgreements\",\"transfer:ListCertificates\",\"transfer:ListConnectors\",\"transfer:ListProfiles\",\"transfer:ListServers\",\"transfer:ListTagsForResource\",\"transfer:ListUsers\",\"transfer:ListWorkflows\",\"voiceid:DescribeDomain\",\"voiceid:ListTagsForResource\",\"vpc-lattice:GetAccessLogSubscription\",\"vpc-lattice:GetService\",\"vpc-lattice:GetServiceNetwork\",\"vpc-lattice:GetTargetGroup\",\"vpc-lattice:ListAccessLogSubscriptions\",\"vpc-lattice:ListServiceNetworks\",\"vpc-lattice:ListServices\",\"vpc-lattice:ListTagsForResource\",\"vpc-lattice:ListTargetGroups\",\"vpc-lattice:ListTargets\",\"waf-regional:GetLoggingConfiguration\",\"waf-regional:GetWebACL\",\"waf-regional:GetWebACLForResource\",\"waf-regional:ListLoggingConfigurations\",\"waf:GetLoggingConfiguration\",\"waf:GetWebACL\",\"wafv2:GetLoggingConfiguration\",\"wafv2:GetRuleGroup\",\"wafv2:ListRuleGroups\",\"wafv2:ListTagsForResource\",\"workspaces:DescribeConnectionAliases\",\"workspaces:DescribeTags\",\"workspaces:DescribeWorkspaces\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AWSConfigServiceRolePolicyStatementID\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:CreateLogGroup\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/config/*\",\"Sid\":\"AWSConfigSLRLogStatementID\"},{\"Action\":\"logs:PutLogEvents\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*\",\"Sid\":\"AWSConfigSLRLogEventStatementID\"},{\"Sid\":\"AWSConfigSLRApiGatewayStatementID\",\"Action\":[\"apigateway:GET\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:apigateway:*::/apis\",\"arn:aws:apigateway:*::/apis/*\",\"arn:aws:apigateway:*::/apis/*/integrations\",\"arn:aws:apigateway:*::/apis/*/integrations/*\",\"arn:aws:apigateway:*::/domainnames\",\"arn:aws:apigateway:*::/clientcertificates\",\"arn:aws:apigateway:*::/clientcertificates/*\",\"arn:aws:apigateway:*::/restapis\",\"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*\",\"arn:aws:apigateway:*::/restapis/*\",\"arn:aws:apigateway:*::/restapis/*/stages/*\",\"arn:aws:apigateway:*::/restapis/*/stages\",\"arn:aws:apigateway:*::/restapis/*/resources\",\"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration\",\"arn:aws:apigateway:*::/restapis/*/resources/*\",\"arn:aws:apigateway:*::/apis/*/routes/*\",\"arn:aws:apigateway:*::/apis/*/routes\",\"arn:aws:apigateway:*::/v2/apis/*/routes\",\"arn:aws:apigateway:*::/v2/apis/*/routes/*\",\"arn:aws:apigateway:*::/v2/apis\",\"arn:aws:apigateway:*::/v2/apis/*\",\"arn:aws:apigateway:*::/v2/apis/*/integrations\",\"arn:aws:apigateway:*::/v2/apis/*/integrations/*\"]}],\"Version\":\"2012-10-17\"},\"roles\":null,\"CreateDate\":\"2018-05-30T23:31:46Z\",\"PolicyName\":\"AWSConfigServiceRolePolicy\",\"UpdateDate\":\"2024-11-06T23:05:54Z\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"IsAttachable\":true,\"Path\":\"/aws-service-role/\",\"PolicyId\":\"ANPAJUCWFHNZER665LLQQ\",\"Tags\":null,\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy\",\"DefaultVersionId\":\"v53\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy\",\"ANPAJUCWFHNZER665LLQQ\"],\"name\":\"AWSConfigServiceRolePolicy\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"id\":\"AWSConfigServiceRolePolicyStatementID\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigSLRLogStatementID\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/config/*\"]},{\"id\":\"AWSConfigSLRLogEventStatementID\",\"effect\":\"Allow\",\"action\":[\"logs:PutLogEvents\"],\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AWSConfigSLRApiGatewayStatementID\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy\",\"ANPAJUCWFHNZER665LLQQ\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.363+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"name\":\"ViewOnlyAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/job-function/ViewOnlyAccess\",\"Path\":\"/job-function/\",\"PolicyName\":\"ViewOnlyAccess\",\"CreateDate\":\"2016-11-10T17:20:15Z\",\"DefaultVersionId\":\"v21\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"acm:ListCertificates\",\"athena:List*\",\"autoscaling:Describe*\",\"aws-marketplace:ViewSubscriptions\",\"backup:DescribeBackupJob\",\"backup:DescribeBackupVault\",\"backup:DescribeCopyJob\",\"backup:DescribeFramework\",\"backup:DescribeGlobalSettings\",\"backup:DescribeProtectedResource\",\"backup:DescribeRecoveryPoint\",\"backup:DescribeRegionSettings\",\"backup:DescribeReportJob\",\"backup:DescribeReportPlan\",\"backup:DescribeRestoreJob\",\"backup:GetSupportedResourceTypes\",\"backup:ListBackupJobs\",\"backup:ListBackupPlanTemplates\",\"backup:ListBackupPlanVersions\",\"backup:ListBackupPlans\",\"backup:ListBackupSelections\",\"backup:ListBackupVaults\",\"backup:ListCopyJobs\",\"backup:ListFrameworks\",\"backup:ListLegalHolds\",\"backup:ListProtectedResources\",\"backup:ListProtectedResourcesByBackupVault\",\"backup:ListRecoveryPointsByBackupVault\",\"backup:ListRecoveryPointsByLegalHold\",\"backup:ListRecoveryPointsByResource\",\"backup:ListReportJobs\",\"backup:ListReportPlans\",\"backup:ListRestoreJobs\",\"backup:ListTags\",\"batch:ListJobs\",\"bedrock:ListCustomModels\",\"bedrock:ListTagsForResource\",\"clouddirectory:ListAppliedSchemaArns\",\"clouddirectory:ListDevelopmentSchemaArns\",\"clouddirectory:ListDirectories\",\"clouddirectory:ListPublishedSchemaArns\",\"cloudformation:DescribeStacks\",\"cloudformation:List*\",\"cloudfront:List*\",\"cloudsearch:DescribeDomains\",\"cloudsearch:List*\",\"cloudtrail:DescribeTrails\",\"cloudtrail:ListTrails\",\"cloudtrail:LookupEvents\",\"cloudwatch:Get*\",\"cloudwatch:List*\",\"codebuild:ListBuilds*\",\"codebuild:ListProjects\",\"codecommit:List*\",\"codedeploy:BatchGetApplicationRevisions\",\"codedeploy:BatchGetApplications\",\"codedeploy:BatchGetDeploymentGroups\",\"codedeploy:BatchGetDeploymentInstances\",\"codedeploy:BatchGetDeploymentTargets\",\"codedeploy:BatchGetDeployments\",\"codedeploy:BatchGetOnPremisesInstances\",\"codedeploy:Get*\",\"codedeploy:List*\",\"codepipeline:ListPipelines\",\"codestar:List*\",\"cognito-identity:ListIdentities\",\"cognito-identity:ListIdentityPools\",\"cognito-idp:List*\",\"cognito-sync:ListDatasets\",\"comprehend:Describe*\",\"comprehend:List*\",\"config:Describe*\",\"config:List*\",\"connect:List*\",\"cost-optimization-hub:GetPreferences\",\"cost-optimization-hub:GetRecommendation\",\"cost-optimization-hub:ListEnrollmentStatuses\",\"cost-optimization-hub:ListRecommendationSummaries\",\"cost-optimization-hub:ListRecommendations\",\"databrew:ListJobs\",\"databrew:ListProjects\",\"datapipeline:DescribePipelines\",\"datapipeline:GetAccountLimits\",\"datapipeline:ListPipelines\",\"dax:DescribeClusters\",\"dax:DescribeDefaultParameters\",\"dax:DescribeEvents\",\"dax:DescribeParameterGroups\",\"dax:DescribeParameters\",\"dax:DescribeSubnetGroups\",\"dax:ListTags\",\"devicefarm:List*\",\"directconnect:Describe*\",\"discovery:List*\",\"dms:List*\",\"ds:DescribeDirectories\",\"dynamodb:DescribeBackup\",\"dynamodb:DescribeContinuousBackups\",\"dynamodb:DescribeGlobalTable\",\"dynamodb:DescribeGlobalTableSettings\",\"dynamodb:DescribeLimits\",\"dynamodb:DescribeReservedCapacity\",\"dynamodb:DescribeReservedCapacityOfferings\",\"dynamodb:DescribeStream\",\"dynamodb:DescribeTable\",\"dynamodb:DescribeTimeToLive\",\"dynamodb:ListBackups\",\"dynamodb:ListExports\",\"dynamodb:ListGlobalTables\",\"dynamodb:ListStreams\",\"dynamodb:ListTables\",\"dynamodb:ListTagsOfResource\",\"ec2:DescribeAccountAttributes\",\"ec2:DescribeAddresses\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeBundleTasks\",\"ec2:DescribeCarrierGateways\",\"ec2:DescribeClassicLinkInstances\",\"ec2:DescribeConversionTasks\",\"ec2:DescribeCustomerGateways\",\"ec2:DescribeDhcpOptions\",\"ec2:DescribeExportTasks\",\"ec2:DescribeFlowLogs\",\"ec2:DescribeHost*\",\"ec2:DescribeIdFormat\",\"ec2:DescribeIdentityIdFormat\",\"ec2:DescribeImage*\",\"ec2:DescribeImport*\",\"ec2:DescribeInstance*\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeKeyPairs\",\"ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations\",\"ec2:DescribeLocalGatewayRouteTableVpcAssociations\",\"ec2:DescribeLocalGatewayRouteTables\",\"ec2:DescribeLocalGatewayVirtualInterfaceGroups\",\"ec2:DescribeLocalGatewayVirtualInterfaces\",\"ec2:DescribeLocalGateways\",\"ec2:DescribeMovingAddresses\",\"ec2:DescribeNatGateways\",\"ec2:DescribeNetwork*\",\"ec2:DescribePlacementGroups\",\"ec2:DescribePrefixLists\",\"ec2:DescribeRegions\",\"ec2:DescribeReserved*\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSecurityGroupRules\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSnapshot*\",\"ec2:DescribeSpot*\",\"ec2:DescribeSubnets\",\"ec2:DescribeTags\",\"ec2:DescribeVolume*\",\"ec2:DescribeVpc*\",\"ec2:DescribeVpnGateways\",\"ec2:SearchLocalGatewayRoutes\",\"ecr:DescribeRegistry\",\"ecr:DescribeRepositories\",\"ecr:ListImages\",\"ecs:Describe*\",\"ecs:List*\",\"eks:ListTagsForResource\",\"elastic-inference:DescribeAcceleratorOfferings\",\"elastic-inference:DescribeAcceleratorTypes\",\"elastic-inference:DescribeAccelerators\",\"elastic-inference:ListTagsForResource\",\"elasticache:Describe*\",\"elasticbeanstalk:DescribeApplicationVersions\",\"elasticbeanstalk:DescribeApplications\",\"elasticbeanstalk:DescribeEnvironments\",\"elasticbeanstalk:ListAvailableSolutionStacks\",\"elasticfilesystem:DescribeFileSystems\",\"elasticloadbalancing:DescribeInstanceHealth\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticmapreduce:List*\",\"elastictranscoder:List*\",\"emr-serverless:ListApplications\",\"es:DescribeElasticsearchDomain\",\"es:DescribeElasticsearchDomains\",\"es:ListDomainNames\",\"events:ListRuleNamesByTarget\",\"events:ListRules\",\"events:ListTargetsByRule\",\"firehose:DescribeDeliveryStream\",\"firehose:List*\",\"fsx:DescribeFileSystems\",\"gamelift:List*\",\"glacier:List*\",\"glue:GetTags\",\"greengrass:List*\",\"iam:GetAccountSummary\",\"iam:GetLoginProfile\",\"iam:List*\",\"importexport:ListJobs\",\"inspector:List*\",\"iot:List*\",\"kafka:ListClusters\",\"kendra:ListDataSources\",\"kendra:ListTagsForResource\",\"kinesis:ListStreams\",\"kinesisanalytics:ListApplications\",\"kinesisanalytics:ListTagsForResource\",\"kms:ListKeys\",\"kms:ListResourceTags\",\"lambda:List*\",\"lex:GetBotAliases\",\"lex:GetBotChannelAssociations\",\"lex:GetBotVersions\",\"lex:GetBots\",\"lex:GetIntentVersions\",\"lex:GetIntents\",\"lex:GetSlotTypeVersions\",\"lex:GetSlotTypes\",\"lex:GetUtterancesView\",\"lightsail:GetBlueprints\",\"lightsail:GetBundles\",\"lightsail:GetInstanceSnapshots\",\"lightsail:GetInstances\",\"lightsail:GetKeyPair\",\"lightsail:GetRegions\",\"lightsail:GetStaticIps\",\"lightsail:IsVpcPeered\",\"logs:Describe*\",\"logs:ListTagsForResource\",\"lookoutvision:ListModelPackagingJobs\",\"lookoutvision:ListModels\",\"lookoutvision:ListProjects\",\"m2:ListEnvironments\",\"m2:ListApplications\",\"m2:GetEnvironment\",\"m2:GetApplication\",\"m2:ListTagsForResource\",\"machinelearning:Describe*\",\"mediaconnect:ListEntitlements\",\"mediaconnect:ListFlows\",\"mediaconnect:ListOfferings\",\"mediaconnect:ListReservations\",\"mobiletargeting:GetApplicationSettings\",\"mobiletargeting:GetCampaigns\",\"mobiletargeting:GetImportJobs\",\"mobiletargeting:GetSegments\",\"oam:ListAttachedLinks\",\"oam:ListLinks\",\"oam:ListSinks\",\"opsworks-cm:Describe*\",\"opsworks:Describe*\",\"organizations:List*\",\"outposts:GetOutpost\",\"outposts:GetOutpostInstanceTypes\",\"outposts:ListOutposts\",\"outposts:ListSites\",\"outposts:ListTagsForResource\",\"polly:Describe*\",\"polly:List*\",\"profile:ListDomains\",\"profile:ListIntegrations\",\"rds:Describe*\",\"redshift-serverless:ListTagsForResource\",\"redshift-serverless:ListWorkgroups\",\"redshift:DescribeClusters\",\"redshift:DescribeEvents\",\"redshift:ViewQueriesInConsole\",\"resource-explorer-2:GetDefaultView\",\"resource-explorer-2:GetIndex\",\"resource-explorer-2:ListIndexes\",\"resource-explorer-2:ListSupportedResourceTypes\",\"resource-explorer-2:ListTagsForResource\",\"resource-explorer-2:ListViews\",\"route53:Get*\",\"route53:List*\",\"route53domains:List*\",\"route53resolver:Get*\",\"route53resolver:List*\",\"s3:ListAllMyBuckets\",\"s3:ListBucket\",\"s3:ListMultiRegionAccessPoints\",\"sagemaker:Describe*\",\"sagemaker:List*\",\"sdb:List*\",\"servicecatalog:List*\",\"ses:DescribeActiveReceiptRuleSet\",\"ses:List*\",\"ses:ListDedicatedIpPools\",\"shield:List*\",\"sns:List*\",\"sqs:GetQueueAttributes\",\"sqs:GetQueueUrl\",\"sqs:ListDeadLetterSourceQueues\",\"sqs:ListMessageMoveTasks\",\"sqs:ListQueueTags\",\"sqs:ListQueues\",\"ssm:ListAssociations\",\"ssm:ListDocuments\",\"states:ListActivities\",\"states:ListStateMachineAliases\",\"states:ListStateMachineVersions\",\"states:ListStateMachines\",\"storagegateway:ListGateways\",\"storagegateway:ListLocalDisks\",\"storagegateway:ListVolumeRecoveryPoints\",\"storagegateway:ListVolumes\",\"swf:List*\",\"trustedadvisor:Describe*\",\"waf-regional:List*\",\"waf:List*\",\"wafv2:List*\",\"workdocs:DescribeAvailableDirectories\",\"workdocs:DescribeInstances\",\"workmail:Describe*\",\"workspaces:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"GeneralViewOnlyAccessStatement\"},{\"Action\":[\"apigateway:GET\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:apigateway:*::/apis\",\"arn:aws:apigateway:*::/apis/*/authorizers/*\",\"arn:aws:apigateway:*::/apis/*/authorizers\",\"arn:aws:apigateway:*::/apis/*/cors\",\"arn:aws:apigateway:*::/apis/*/deployments/*\",\"arn:aws:apigateway:*::/apis/*/deployments\",\"arn:aws:apigateway:*::/apis/*/exports/*\",\"arn:aws:apigateway:*::/apis/*/integrations/*\",\"arn:aws:apigateway:*::/apis/*/integrations\",\"arn:aws:apigateway:*::/apis/*/models/*\",\"arn:aws:apigateway:*::/apis/*/models\",\"arn:aws:apigateway:*::/apis/*/routes/*\",\"arn:aws:apigateway:*::/apis/*/routes\",\"arn:aws:apigateway:*::/apis/*/stages\",\"arn:aws:apigateway:*::/apis/*/stages/*\",\"arn:aws:apigateway:*::/clientcertificates\",\"arn:aws:apigateway:*::/clientcertificates/*\",\"arn:aws:apigateway:*::/domainnames\",\"arn:aws:apigateway:*::/domainnames/*/apimappings\",\"arn:aws:apigateway:*::/restapis\",\"arn:aws:apigateway:*::/restapis/*/authorizers/*\",\"arn:aws:apigateway:*::/restapis/*/authorizers\",\"arn:aws:apigateway:*::/restapis/*/deployments/*\",\"arn:aws:apigateway:*::/restapis/*/deployments\",\"arn:aws:apigateway:*::/restapis/*/documentation/parts/*\",\"arn:aws:apigateway:*::/restapis/*/documentation/parts\",\"arn:aws:apigateway:*::/restapis/*/documentation/versions/*\",\"arn:aws:apigateway:*::/restapis/*/documentation/versions\",\"arn:aws:apigateway:*::/restapis/*/gatewayresponses/*\",\"arn:aws:apigateway:*::/restapis/*/gatewayresponses\",\"arn:aws:apigateway:*::/restapis/*/models/*\",\"arn:aws:apigateway:*::/restapis/*/models\",\"arn:aws:apigateway:*::/restapis/*/requestvalidators\",\"arn:aws:apigateway:*::/restapis/*/requestvalidators/*\",\"arn:aws:apigateway:*::/restapis/*/resources/*\",\"arn:aws:apigateway:*::/restapis/*/resources\",\"arn:aws:apigateway:*::/restapis/*/stages\",\"arn:aws:apigateway:*::/restapis/*/stages/*\",\"arn:aws:apigateway:*::/tags/*\",\"arn:aws:apigateway:*::/vpclinks\"],\"Sid\":\"APIGatewayAccess\"}]},\"UpdateDate\":\"2024-10-21T14:38:04Z\",\"AttachmentCount\":1,\"Description\":null,\"PolicyId\":\"ANPAID22R6XPJATWOFDK6\",\"Tags\":null,\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/job-function/ViewOnlyAccess\",\"ANPAID22R6XPJATWOFDK6\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"GeneralViewOnlyAccessStatement\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"APIGatewayAccess\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/job-function/ViewOnlyAccess\",\"ANPAID22R6XPJATWOFDK6\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/job-function/ViewOnlyAccess\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonSNSFullAccess\",\"ANPAJWEKLCXXUNT2SOLSG\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonSNSFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2015-02-06T18:41:05Z\",\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/AmazonSNSFullAccess\",\"AttachmentCount\":11,\"DefaultVersionId\":\"v2\",\"Description\":null,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAJWEKLCXXUNT2SOLSG\",\"UpdateDate\":\"2024-09-24T22:32:05Z\",\"IsAttachable\":true,\"PolicyName\":\"AmazonSNSFullAccess\",\"Tags\":null,\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Sid\":\"SNSFullAccess\",\"Action\":\"sns:*\",\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"SMSAccessViaSNS\",\"Action\":[\"sms-voice:DescribeVerifiedDestinationNumbers\",\"sms-voice:CreateVerifiedDestinationNumber\",\"sms-voice:SendDestinationNumberVerificationCode\",\"sms-voice:SendTextMessage\",\"sms-voice:DeleteVerifiedDestinationNumber\",\"sms-voice:VerifyDestinationNumber\",\"sms-voice:DescribeAccountAttributes\",\"sms-voice:DescribeSpendLimits\",\"sms-voice:DescribePhoneNumbers\",\"sms-voice:SetTextMessageSpendLimitOverride\",\"sms-voice:DescribeOptedOutNumbers\",\"sms-voice:DeleteOptedOutNumber\"],\"Condition\":{\"StringEquals\":{\"aws:CalledViaLast\":\"sns.amazonaws.com\"}}}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::aws:policy/AmazonSNSFullAccess\",\"ANPAJWEKLCXXUNT2SOLSG\"],\"name\":\"AmazonSNSFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"action\":[\"sns:*\"],\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"SNSFullAccess\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"SMSAccessViaSNS\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"aws:CalledViaLast\":\"sns.amazonaws.com\"}}}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonSQSFullAccess\",\"ANPAI65L554VRJ33ECQS6\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonSQSFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AmazonSQSFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/AmazonSQSFullAccess\",\"AttachmentCount\":12,\"CreateDate\":\"2015-02-06T18:41:07Z\",\"IsAttachable\":true,\"UpdateDate\":\"2015-02-06T18:41:07Z\",\"DefaultVersionId\":\"v1\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAI65L554VRJ33ECQS6\",\"roles\":null,\"Description\":null,\"document\":{\"Statement\":[{\"Action\":[\"sqs:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Path\":\"/\",\"PolicyName\":\"AmazonSQSFullAccess\",\"Tags\":null},\"id\":[\"arn:aws:iam::aws:policy/AmazonSQSFullAccess\",\"ANPAI65L554VRJ33ECQS6\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\"ANPAJWLAS474LDBXNNTM4\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":98,\"PolicyId\":\"ANPAJWLAS474LDBXNNTM4\",\"PolicyName\":\"AmazonEKS_CNI_Policy\",\"roles\":null,\"Description\":null,\"IsAttachable\":true,\"Tags\":null,\"Arn\":\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\"CreateDate\":\"2018-05-27T21:07:42Z\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AmazonEKSCNIPolicy\",\"Action\":[\"ec2:AssignPrivateIpAddresses\",\"ec2:AttachNetworkInterface\",\"ec2:CreateNetworkInterface\",\"ec2:DeleteNetworkInterface\",\"ec2:DescribeInstances\",\"ec2:DescribeTags\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeSubnets\",\"ec2:DetachNetworkInterface\",\"ec2:ModifyNetworkInterfaceAttribute\",\"ec2:UnassignPrivateIpAddresses\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:CreateTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:network-interface/*\"],\"Sid\":\"AmazonEKSCNIPolicyENITag\"}]},\"DefaultVersionId\":\"v5\",\"UpdateDate\":\"2024-03-04T20:20:55Z\"},\"id\":[\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\"ANPAJWLAS474LDBXNNTM4\"],\"name\":\"AmazonEKS_CNI_Policy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AmazonEKSCNIPolicy\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"AmazonEKSCNIPolicyENITag\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"raw\":{\"DefaultVersionId\":\"v10\",\"PolicyName\":\"AmazonVPCFullAccess\",\"CreateDate\":\"2015-02-06T18:41:16Z\",\"Description\":null,\"PolicyId\":\"ANPAJBWPGNOVKZD3JI2P2\",\"roles\":null,\"AttachmentCount\":1,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ec2:AcceptVpcPeeringConnection\",\"ec2:AcceptVpcEndpointConnections\",\"ec2:AllocateAddress\",\"ec2:AssignIpv6Addresses\",\"ec2:AssignPrivateIpAddresses\",\"ec2:AssociateAddress\",\"ec2:AssociateDhcpOptions\",\"ec2:AssociateRouteTable\",\"ec2:AssociateSubnetCidrBlock\",\"ec2:AssociateVpcCidrBlock\",\"ec2:AttachClassicLinkVpc\",\"ec2:AttachInternetGateway\",\"ec2:AttachNetworkInterface\",\"ec2:AttachVpnGateway\",\"ec2:AuthorizeSecurityGroupEgress\",\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:CreateCarrierGateway\",\"ec2:CreateCustomerGateway\",\"ec2:CreateDefaultSubnet\",\"ec2:CreateDefaultVpc\",\"ec2:CreateDhcpOptions\",\"ec2:CreateEgressOnlyInternetGateway\",\"ec2:CreateFlowLogs\",\"ec2:CreateInternetGateway\",\"ec2:CreateLocalGatewayRouteTableVpcAssociation\",\"ec2:CreateNatGateway\",\"ec2:CreateNetworkAcl\",\"ec2:CreateNetworkAclEntry\",\"ec2:CreateNetworkInterface\",\"ec2:CreateNetworkInterfacePermission\",\"ec2:CreateRoute\",\"ec2:CreateRouteTable\",\"ec2:CreateSecurityGroup\",\"ec2:CreateSubnet\",\"ec2:CreateTags\",\"ec2:CreateVpc\",\"ec2:CreateVpcEndpoint\",\"ec2:CreateVpcEndpointConnectionNotification\",\"ec2:CreateVpcEndpointServiceConfiguration\",\"ec2:CreateVpcPeeringConnection\",\"ec2:CreateVpnConnection\",\"ec2:CreateVpnConnectionRoute\",\"ec2:CreateVpnGateway\",\"ec2:DeleteCarrierGateway\",\"ec2:DeleteCustomerGateway\",\"ec2:DeleteDhcpOptions\",\"ec2:DeleteEgressOnlyInternetGateway\",\"ec2:DeleteFlowLogs\",\"ec2:DeleteInternetGateway\",\"ec2:DeleteLocalGatewayRouteTableVpcAssociation\",\"ec2:DeleteNatGateway\",\"ec2:DeleteNetworkAcl\",\"ec2:DeleteNetworkAclEntry\",\"ec2:DeleteNetworkInterface\",\"ec2:DeleteNetworkInterfacePermission\",\"ec2:DeleteRoute\",\"ec2:DeleteRouteTable\",\"ec2:DeleteSecurityGroup\",\"ec2:DeleteSubnet\",\"ec2:DeleteTags\",\"ec2:DeleteVpc\",\"ec2:DeleteVpcEndpoints\",\"ec2:DeleteVpcEndpointConnectionNotifications\",\"ec2:DeleteVpcEndpointServiceConfigurations\",\"ec2:DeleteVpcPeeringConnection\",\"ec2:DeleteVpnConnection\",\"ec2:DeleteVpnConnectionRoute\",\"ec2:DeleteVpnGateway\",\"ec2:DescribeAccountAttributes\",\"ec2:DescribeAddresses\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeCarrierGateways\",\"ec2:DescribeClassicLinkInstances\",\"ec2:DescribeCustomerGateways\",\"ec2:DescribeDhcpOptions\",\"ec2:DescribeEgressOnlyInternetGateways\",\"ec2:DescribeFlowLogs\",\"ec2:DescribeInstances\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeIpv6Pools\",\"ec2:DescribeLocalGatewayRouteTables\",\"ec2:DescribeLocalGatewayRouteTableVpcAssociations\",\"ec2:DescribeKeyPairs\",\"ec2:DescribeMovingAddresses\",\"ec2:DescribeNatGateways\",\"ec2:DescribeNetworkAcls\",\"ec2:DescribeNetworkInterfaceAttribute\",\"ec2:DescribeNetworkInterfacePermissions\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribePrefixLists\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSecurityGroupReferences\",\"ec2:DescribeSecurityGroupRules\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeStaleSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeTags\",\"ec2:DescribeVpcAttribute\",\"ec2:DescribeVpcClassicLink\",\"ec2:DescribeVpcClassicLinkDnsSupport\",\"ec2:DescribeVpcEndpointConnectionNotifications\",\"ec2:DescribeVpcEndpointConnections\",\"ec2:DescribeVpcEndpoints\",\"ec2:DescribeVpcEndpointServiceConfigurations\",\"ec2:DescribeVpcEndpointServicePermissions\",\"ec2:DescribeVpcEndpointServices\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpnConnections\",\"ec2:DescribeVpnGateways\",\"ec2:DetachClassicLinkVpc\",\"ec2:DetachInternetGateway\",\"ec2:DetachNetworkInterface\",\"ec2:DetachVpnGateway\",\"ec2:DisableVgwRoutePropagation\",\"ec2:DisableVpcClassicLink\",\"ec2:DisableVpcClassicLinkDnsSupport\",\"ec2:DisassociateAddress\",\"ec2:DisassociateRouteTable\",\"ec2:DisassociateSubnetCidrBlock\",\"ec2:DisassociateVpcCidrBlock\",\"ec2:EnableVgwRoutePropagation\",\"ec2:EnableVpcClassicLink\",\"ec2:EnableVpcClassicLinkDnsSupport\",\"ec2:GetSecurityGroupsForVpc\",\"ec2:ModifyNetworkInterfaceAttribute\",\"ec2:ModifySecurityGroupRules\",\"ec2:ModifySubnetAttribute\",\"ec2:ModifyVpcAttribute\",\"ec2:ModifyVpcEndpoint\",\"ec2:ModifyVpcEndpointConnectionNotification\",\"ec2:ModifyVpcEndpointServiceConfiguration\",\"ec2:ModifyVpcEndpointServicePermissions\",\"ec2:ModifyVpcPeeringConnectionOptions\",\"ec2:ModifyVpcTenancy\",\"ec2:MoveAddressToVpc\",\"ec2:RejectVpcEndpointConnections\",\"ec2:RejectVpcPeeringConnection\",\"ec2:ReleaseAddress\",\"ec2:ReplaceNetworkAclAssociation\",\"ec2:ReplaceNetworkAclEntry\",\"ec2:ReplaceRoute\",\"ec2:ReplaceRouteTableAssociation\",\"ec2:ResetNetworkInterfaceAttribute\",\"ec2:RestoreAddressToClassic\",\"ec2:RevokeSecurityGroupEgress\",\"ec2:RevokeSecurityGroupIngress\",\"ec2:UnassignIpv6Addresses\",\"ec2:UnassignPrivateIpAddresses\",\"ec2:UpdateSecurityGroupRuleDescriptionsEgress\",\"ec2:UpdateSecurityGroupRuleDescriptionsIngress\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AmazonVPCFullAccess\"}]},\"Arn\":\"arn:aws:iam::aws:policy/AmazonVPCFullAccess\",\"IsAttachable\":true,\"UpdateDate\":\"2024-02-08T16:03:24Z\"},\"id\":[\"arn:aws:iam::aws:policy/AmazonVPCFullAccess\",\"ANPAJBWPGNOVKZD3JI2P2\"],\"name\":\"AmazonVPCFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AmazonVPCFullAccess\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonVPCFullAccess\",\"ANPAJBWPGNOVKZD3JI2P2\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonVPCFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser\",\"ANPAJNPP7PPPPMJRV2SA4\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser\":{\"type\":\"policy\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2015-02-06T18:40:40Z\",\"IsAttachable\":true,\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"kms:CreateAlias\",\"kms:CreateKey\",\"kms:DeleteAlias\",\"kms:Describe*\",\"kms:GenerateRandom\",\"kms:Get*\",\"kms:List*\",\"kms:TagResource\",\"kms:UntagResource\",\"iam:ListGroups\",\"iam:ListRoles\",\"iam:ListUsers\"]}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAJNPP7PPPPMJRV2SA4\",\"PolicyName\":\"AWSKeyManagementServicePowerUser\",\"roles\":null,\"Path\":\"/\",\"UpdateDate\":\"2017-03-07T00:55:11Z\",\"Arn\":\"arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser\",\"Description\":null,\"Tags\":null,\"DefaultVersionId\":\"v2\"},\"id\":[\"arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser\",\"ANPAJNPP7PPPPMJRV2SA4\"],\"name\":\"AWSKeyManagementServicePowerUser\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\"ANPAIFYZPA37OOHVIH7KQ\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v3\",\"Description\":null,\"IsAttachable\":true,\"Path\":\"/\",\"PolicyName\":\"AmazonEC2ContainerRegistryReadOnly\",\"AttachmentCount\":101,\"Tags\":null,\"UpdateDate\":\"2019-12-10T20:56:32Z\",\"CreateDate\":\"2015-12-21T17:04:15Z\",\"PolicyId\":\"ANPAIFYZPA37OOHVIH7KQ\",\"document\":{\"Statement\":[{\"Action\":[\"ecr:GetAuthorizationToken\",\"ecr:BatchCheckLayerAvailability\",\"ecr:GetDownloadUrlForLayer\",\"ecr:GetRepositoryPolicy\",\"ecr:DescribeRepositories\",\"ecr:ListImages\",\"ecr:DescribeImages\",\"ecr:BatchGetImage\",\"ecr:GetLifecyclePolicy\",\"ecr:GetLifecyclePolicyPreview\",\"ecr:ListTagsForResource\",\"ecr:DescribeImageScanFindings\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\"PermissionsBoundaryUsageCount\":0,\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\"ANPAIFYZPA37OOHVIH7KQ\"],\"name\":\"AmazonEC2ContainerRegistryReadOnly\",\"category\":\"identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2015-02-06T18:41:01Z\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"SecurityAudit\",\"Description\":null,\"DefaultVersionId\":\"v45\",\"IsAttachable\":true,\"UpdateDate\":\"2024-10-30T18:36:49Z\",\"Arn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"AttachmentCount\":55,\"Path\":\"/\",\"PolicyId\":\"ANPAIX2T3QCXHR2OGGCTO\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"a4b:ListSkills\",\"access-analyzer:GetAnalyzedResource\",\"access-analyzer:GetAnalyzer\",\"access-analyzer:GetArchiveRule\",\"access-analyzer:GetFinding\",\"access-analyzer:ListAnalyzedResources\",\"access-analyzer:ListAnalyzers\",\"access-analyzer:ListArchiveRules\",\"access-analyzer:ListFindings\",\"access-analyzer:ListTagsForResource\",\"account:GetAlternateContact\",\"account:GetPrimaryEmail\",\"account:GetRegionOptStatus\",\"acm-pca:DescribeCertificateAuthority\",\"acm-pca:DescribeCertificateAuthorityAuditReport\",\"acm-pca:GetPolicy\",\"acm-pca:ListCertificateAuthorities\",\"acm-pca:ListPermissions\",\"acm-pca:ListTags\",\"acm:Describe*\",\"acm:List*\",\"airflow:GetEnvironment\",\"airflow:ListEnvironments\",\"appflow:ListFlows\",\"appflow:ListTagsForResource\",\"application-autoscaling:Describe*\",\"appmesh:Describe*\",\"appmesh:List*\",\"apprunner:DescribeAutoScalingConfiguration\",\"apprunner:DescribeCustomDomains\",\"apprunner:DescribeObservabilityConfiguration\",\"apprunner:DescribeService\",\"apprunner:DescribeVpcConnector\",\"apprunner:DescribeVpcIngressConnection\",\"apprunner:ListAutoScalingConfigurations\",\"apprunner:ListConnections\",\"apprunner:ListObservabilityConfigurations\",\"apprunner:ListOperations\",\"apprunner:ListServices\",\"apprunner:ListTagsForResource\",\"apprunner:ListVpcConnectors\",\"apprunner:ListVpcIngressConnections\",\"appsync:GetApiCache\",\"appsync:List*\",\"athena:GetWorkGroup\",\"athena:List*\",\"auditmanager:GetAccountStatus\",\"auditmanager:ListAssessmentControlInsightsByControlDomain\",\"auditmanager:ListAssessmentFrameworkShareRequests\",\"auditmanager:ListAssessmentFrameworks\",\"auditmanager:ListAssessmentReports\",\"auditmanager:ListAssessments\",\"auditmanager:ListControlDomainInsights\",\"auditmanager:ListControlDomainInsightsByAssessment\",\"auditmanager:ListControlInsightsByControlDomain\",\"auditmanager:ListControls\",\"auditmanager:ListNotifications\",\"auditmanager:ListTagsForResource\",\"autoscaling-plans:DescribeScalingPlans\",\"autoscaling:Describe*\",\"backup:DescribeGlobalSettings\",\"backup:DescribeRegionSettings\",\"backup:GetBackupVaultAccessPolicy\",\"backup:GetBackupVaultNotifications\",\"backup:ListBackupVaults\",\"backup:ListTags\",\"batch:DescribeComputeEnvironments\",\"batch:DescribeJobDefinitions\",\"bedrock:GetCustomModel\",\"bedrock:GetModelInvocationLoggingConfiguration\",\"bedrock:ListCustomModels\",\"bedrock:ListTagsForResource\",\"braket:SearchJobs\",\"braket:SearchQuantumTasks\",\"chime:List*\",\"cloud9:Describe*\",\"cloud9:ListEnvironments\",\"clouddirectory:ListDirectories\",\"cloudformation:DescribeStack*\",\"cloudformation:GetStackPolicy\",\"cloudformation:GetTemplate\",\"cloudformation:ListStack*\",\"cloudfront:Get*\",\"cloudfront:List*\",\"cloudsearch:DescribeDomainEndpointOptions\",\"cloudsearch:DescribeDomains\",\"cloudsearch:DescribeServiceAccessPolicies\",\"cloudtrail:DescribeTrails\",\"cloudtrail:GetEventSelectors\",\"cloudtrail:GetInsightSelectors\",\"cloudtrail:GetTrail\",\"cloudtrail:GetTrailStatus\",\"cloudtrail:ListTags\",\"cloudtrail:ListTrails\",\"cloudtrail:LookupEvents\",\"cloudwatch:Describe*\",\"cloudwatch:GetDashboard\",\"cloudwatch:ListDashboards\",\"cloudwatch:ListTagsForResource\",\"codeartifact:GetDomainPermissionsPolicy\",\"codeartifact:GetRepositoryPermissionsPolicy\",\"codeartifact:ListRepositories\",\"codebuild:BatchGetProjects\",\"codebuild:GetResourcePolicy\",\"codebuild:ListProjects\",\"codecommit:BatchGetRepositories\",\"codecommit:GetBranch\",\"codecommit:GetObjectIdentifier\",\"codecommit:GetRepository\",\"codecommit:GetRepositoryTriggers\",\"codecommit:List*\",\"codedeploy:Batch*\",\"codedeploy:Get*\",\"codedeploy:List*\",\"codepipeline:GetJobDetails\",\"codepipeline:GetPipeline\",\"codepipeline:GetPipelineExecution\",\"codepipeline:GetPipelineState\",\"codepipeline:ListPipelines\",\"codestar:Describe*\",\"codestar:List*\",\"cognito-identity:Describe*\",\"cognito-identity:GetIdentityPoolRoles\",\"cognito-identity:ListIdentityPools\",\"cognito-identity:ListTagsForResource\",\"cognito-idp:Describe*\",\"cognito-idp:ListDevices\",\"cognito-idp:ListGroups\",\"cognito-idp:ListIdentityProviders\",\"cognito-idp:ListResourceServers\",\"cognito-idp:ListTagsForResource\",\"cognito-idp:ListUserImportJobs\",\"cognito-idp:ListUserPoolClients\",\"cognito-idp:ListUserPools\",\"cognito-idp:ListUsers\",\"cognito-idp:ListUsersInGroup\",\"cognito-sync:Describe*\",\"cognito-sync:List*\",\"comprehend:Describe*\",\"comprehend:List*\",\"comprehendmedical:ListICD10CMInferenceJobs\",\"comprehendmedical:ListPHIDetectionJobs\",\"comprehendmedical:ListRxNormInferenceJobs\",\"comprehendmedical:ListSNOMEDCTInferenceJobs\",\"config:BatchGetAggregateResourceConfig\",\"config:BatchGetResourceConfig\",\"config:Deliver*\",\"config:Describe*\",\"config:Get*\",\"config:List*\",\"config:SelectAggregateResourceConfig\",\"config:SelectResourceConfig\",\"connect:ListApprovedOrigins\",\"connect:ListInstanceAttributes\",\"connect:ListInstanceStorageConfigs\",\"connect:ListInstances\",\"connect:ListIntegrationAssociations\",\"connect:ListLambdaFunctions\",\"connect:ListLexBots\",\"connect:ListSecurityKeys\",\"databrew:DescribeDataset\",\"databrew:DescribeProject\",\"databrew:ListJobs\",\"databrew:ListProjects\",\"dataexchange:ListDataSets\",\"datapipeline:DescribeObjects\",\"datapipeline:DescribePipelines\",\"datapipeline:EvaluateExpression\",\"datapipeline:GetPipelineDefinition\",\"datapipeline:ListPipelines\",\"datapipeline:QueryObjects\",\"datapipeline:ValidatePipelineDefinition\",\"datasync:Describe*\",\"datasync:List*\",\"dax:Describe*\",\"dax:ListTags\",\"deepracer:ListModels\",\"detective:GetGraphIngestState\",\"detective:ListGraphs\",\"detective:ListMembers\",\"devicefarm:ListProjects\",\"directconnect:Describe*\",\"discovery:DescribeAgents\",\"discovery:DescribeConfigurations\",\"discovery:DescribeContinuousExports\",\"discovery:DescribeExportConfigurations\",\"discovery:DescribeExportTasks\",\"discovery:DescribeImportTasks\",\"dms:Describe*\",\"dms:ListTagsForResource\",\"docdb-elastic:ListClusters\",\"ds:DescribeDirectories\",\"dynamodb:DescribeContinuousBackups\",\"dynamodb:DescribeExport\",\"dynamodb:DescribeGlobalTable\",\"dynamodb:DescribeKinesisStreamingDestination\",\"dynamodb:DescribeTable\",\"dynamodb:DescribeTimeToLive\",\"dynamodb:ListBackups\",\"dynamodb:ListExports\",\"dynamodb:ListGlobalTables\",\"dynamodb:ListStreams\",\"dynamodb:ListTables\",\"dynamodb:ListTagsOfResource\",\"ec2:Describe*\",\"ec2:GetEbsEncryptionByDefault\",\"ec2:GetImageBlockPublicAccessState\",\"ec2:GetManagedPrefixListAssociations\",\"ec2:GetManagedPrefixListEntries\",\"ec2:GetNetworkInsightsAccessScopeAnalysisFindings\",\"ec2:GetNetworkInsightsAccessScopeContent\",\"ec2:GetTransitGatewayAttachmentPropagations\",\"ec2:GetTransitGatewayMulticastDomainAssociations\",\"ec2:GetTransitGatewayPrefixListReferences\",\"ec2:GetTransitGatewayRouteTableAssociations\",\"ec2:GetTransitGatewayRouteTablePropagations\",\"ec2:SearchTransitGatewayRoutes\",\"ecr-public:DescribeImageTags\",\"ecr-public:DescribeImages\",\"ecr-public:DescribeRegistries\",\"ecr-public:DescribeRepositories\",\"ecr-public:GetRegistryCatalogData\",\"ecr-public:GetRepositoryCatalogData\",\"ecr-public:GetRepositoryPolicy\",\"ecr-public:ListTagsForResource\",\"ecr:BatchGetRepositoryScanningConfiguration\",\"ecr:DescribeImageScanFindings\",\"ecr:DescribeImages\",\"ecr:DescribeRegistry\",\"ecr:DescribeRepositories\",\"ecr:GetLifecyclePolicy\",\"ecr:GetRegistryPolicy\",\"ecr:GetRegistryScanningConfiguration\",\"ecr:GetRepositoryPolicy\",\"ecr:ListImages\",\"ecr:ListTagsForResource\",\"ecs:Describe*\",\"ecs:List*\",\"eks:DescribeCluster\",\"eks:DescribeFargateProfile\",\"eks:DescribeNodeGroup\",\"eks:ListClusters\",\"eks:ListFargateProfiles\",\"eks:ListNodeGroups\",\"eks:ListTagsForResource\",\"eks:ListUpdates\",\"elastic-inference:DescribeAccelerators\",\"elasticache:Describe*\",\"elasticache:ListTagsForResource\",\"elasticbeanstalk:Describe*\",\"elasticbeanstalk:ListTagsForResource\",\"elasticfilesystem:DescribeAccessPoints\",\"elasticfilesystem:DescribeAccountPreferences\",\"elasticfilesystem:DescribeBackupPolicy\",\"elasticfilesystem:DescribeFileSystemPolicy\",\"elasticfilesystem:DescribeFileSystems\",\"elasticfilesystem:DescribeLifecycleConfiguration\",\"elasticfilesystem:DescribeMountTargetSecurityGroups\",\"elasticfilesystem:DescribeMountTargets\",\"elasticfilesystem:DescribeReplicationConfigurations\",\"elasticfilesystem:DescribeTags\",\"elasticloadbalancing:Describe*\",\"elasticmapreduce:Describe*\",\"elasticmapreduce:GetAutoTerminationPolicy\",\"elasticmapreduce:GetBlockPublicAccessConfiguration\",\"elasticmapreduce:GetManagedScalingPolicy\",\"elasticmapreduce:ListClusters\",\"elasticmapreduce:ListInstances\",\"elasticmapreduce:ListSecurityConfigurations\",\"elastictranscoder:ListPipelines\",\"emr-serverless:GetApplication\",\"emr-serverless:ListApplications\",\"emr-serverless:ListJobRuns\",\"es:Describe*\",\"es:GetCompatibleVersions\",\"es:ListDomainNames\",\"es:ListElasticsearchInstanceTypeDetails\",\"es:ListElasticsearchVersions\",\"es:ListTags\",\"events:Describe*\",\"events:List*\",\"events:TestEventPattern\",\"finspace:ListEnvironments\",\"finspace:ListKxEnvironments\",\"firehose:Describe*\",\"firehose:List*\",\"fms:ListComplianceStatus\",\"fms:ListPolicies\",\"forecast:ListDatasets\",\"frauddetector:GetDetectors\",\"fsx:Describe*\",\"fsx:List*\",\"gamelift:ListBuilds\",\"gamelift:ListFleets\",\"geo:ListMaps\",\"glacier:DescribeVault\",\"glacier:GetDataRetrievalPolicy\",\"glacier:GetVaultAccessPolicy\",\"glacier:GetVaultLock\",\"glacier:ListVaults\",\"globalaccelerator:Describe*\",\"globalaccelerator:List*\",\"glue:GetCrawlers\",\"glue:GetDataCatalogEncryptionSettings\",\"glue:GetDatabases\",\"glue:GetDevEndpoints\",\"glue:GetJobs\",\"glue:GetResourcePolicy\",\"glue:GetSecurityConfiguration\",\"glue:GetSecurityConfigurations\",\"glue:GetTags\",\"grafana:ListWorkspaces\",\"greengrass:List*\",\"guardduty:DescribePublishingDestination\",\"guardduty:Get*\",\"guardduty:List*\",\"health:DescribeAffectedAccountsForOrganization\",\"health:DescribeAffectedEntities\",\"health:DescribeAffectedEntitiesForOrganization\",\"health:DescribeEntityAggregates\",\"health:DescribeEventAggregates\",\"health:DescribeEventDetails\",\"health:DescribeEventDetailsForOrganization\",\"health:DescribeEventTypes\",\"health:DescribeEvents\",\"health:DescribeEventsForOrganization\",\"health:DescribeHealthServiceStatusForOrganization\",\"healthlake:ListFHIRDatastores\",\"honeycode:ListTables\",\"iam:GenerateCredentialReport\",\"iam:GenerateServiceLastAccessedDetails\",\"iam:Get*\",\"iam:List*\",\"iam:SimulateCustomPolicy\",\"iam:SimulatePrincipalPolicy\",\"identitystore:ListGroupMemberships\",\"identitystore:ListGroupMembershipsForMember\",\"identitystore:ListGroups\",\"identitystore:ListUsers\",\"inspector2:BatchGetAccountStatus\",\"inspector2:BatchGetFreeTrialInfo\",\"inspector2:DescribeOrganizationConfiguration\",\"inspector2:GetConfiguration\",\"inspector2:GetDelegatedAdminAccount\",\"inspector2:GetFindingsReportStatus\",\"inspector2:GetMember\",\"inspector2:ListAccountPermissions\",\"inspector2:ListCoverage\",\"inspector2:ListCoverageStatistics\",\"inspector2:ListDelegatedAdminAccounts\",\"inspector2:ListFilters\",\"inspector2:ListFindingAggregations\",\"inspector2:ListFindings\",\"inspector2:ListTagsForResource\",\"inspector2:ListUsageTotals\",\"inspector:Describe*\",\"inspector:Get*\",\"inspector:List*\",\"inspector:Preview*\",\"iot:Describe*\",\"iot:GetPolicy\",\"iot:GetPolicyVersion\",\"iot:List*\",\"iotanalytics:ListChannels\",\"iotevents:ListInputs\",\"iotfleetwise:ListModelManifests\",\"iotsitewise:DescribeGatewayCapabilityConfiguration\",\"iotsitewise:ListAssetModels\",\"iotsitewise:ListGateways\",\"iottwinmaker:ListWorkspaces\",\"kafka-cluster:Describe*\",\"kafka:Describe*\",\"kafka:GetBootstrapBrokers\",\"kafka:GetCompatibleKafkaVersions\",\"kafka:List*\",\"kafkaconnect:Describe*\",\"kafkaconnect:List*\",\"kendra:DescribeIndex\",\"kendra:ListDataSources\",\"kendra:ListIndices\",\"kendra:ListTagsForResource\",\"kinesis:DescribeLimits\",\"kinesis:DescribeStream\",\"kinesis:DescribeStreamConsumer\",\"kinesis:DescribeStreamSummary\",\"kinesis:ListShards\",\"kinesis:ListStreamConsumers\",\"kinesis:ListStreams\",\"kinesis:ListTagsForStream\",\"kinesisanalytics:ListApplications\",\"kinesisanalytics:ListTagsForResource\",\"kinesisvideo:DescribeEdgeConfiguration\",\"kinesisvideo:DescribeMappedResourceConfiguration\",\"kinesisvideo:DescribeMediaStorageConfiguration\",\"kinesisvideo:DescribeNotificationConfiguration\",\"kinesisvideo:DescribeSignalingChannel\",\"kinesisvideo:DescribeStream\",\"kinesisvideo:ListSignalingChannels\",\"kinesisvideo:ListStreams\",\"kinesisvideo:ListTagsForResource\",\"kinesisvideo:ListTagsForStream\",\"kms:Describe*\",\"kms:Get*\",\"kms:List*\",\"lambda:GetAccountSettings\",\"lambda:GetFunctionConfiguration\",\"lambda:GetFunctionEventInvokeConfig\",\"lambda:GetLayerVersionPolicy\",\"lambda:GetPolicy\",\"lambda:List*\",\"lex:DescribeBot\",\"lex:DescribeResourcePolicy\",\"lex:ListBots\",\"license-manager:List*\",\"lightsail:GetBuckets\",\"lightsail:GetContainerServices\",\"lightsail:GetDiskSnapshots\",\"lightsail:GetDisks\",\"lightsail:GetInstances\",\"lightsail:GetLoadBalancers\",\"logs:Describe*\",\"logs:GetLogDelivery\",\"logs:ListLogDeliveries\",\"logs:ListTagsForResource\",\"logs:ListTagsLogGroup\",\"lookoutequipment:ListDatasets\",\"lookoutmetrics:ListAnomalyDetectors\",\"lookoutvision:ListProjects\",\"m2:ListEnvironments\",\"m2:ListApplications\",\"m2:GetEnvironment\",\"m2:GetApplication\",\"m2:ListTagsForResource\",\"machinelearning:DescribeMLModels\",\"macie2:ListFindings\",\"managedblockchain:ListNetworks\",\"mechanicalturk:ListHITs\",\"mediaconnect:Describe*\",\"mediaconnect:List*\",\"medialive:ListChannels\",\"mediapackage-vod:DescribePackagingGroup\",\"mediapackage-vod:ListPackagingGroups\",\"mediapackage:DescribeOriginEndpoint\",\"mediapackage:ListOriginEndpoints\",\"mediastore:GetContainerPolicy\",\"mediastore:GetCorsPolicy\",\"mediastore:ListContainers\",\"memorydb:DescribeClusters\",\"mq:DescribeBroker\",\"mq:DescribeBrokerEngineTypes\",\"mq:DescribeBrokerInstanceOptions\",\"mq:DescribeConfiguration\",\"mq:DescribeConfigurationRevision\",\"mq:DescribeUser\",\"mq:ListBrokers\",\"mq:ListConfigurationRevisions\",\"mq:ListConfigurations\",\"mq:ListTags\",\"mq:ListUsers\",\"network-firewall:DescribeFirewall\",\"network-firewall:DescribeFirewallPolicy\",\"network-firewall:DescribeLoggingConfiguration\",\"network-firewall:DescribeResourcePolicy\",\"network-firewall:DescribeRuleGroup\",\"network-firewall:ListFirewallPolicies\",\"network-firewall:ListFirewalls\",\"network-firewall:ListRuleGroups\",\"networkmanager:DescribeGlobalNetworks\",\"nimble:ListStudios\",\"opsworks-cm:DescribeServers\",\"opsworks:DescribeStacks\",\"organizations:Describe*\",\"organizations:List*\",\"personalize:DescribeDatasetGroup\",\"personalize:ListDatasetGroups\",\"private-networks:ListNetworks\",\"profile:GetDomain\",\"profile:ListDomains\",\"profile:ListIntegrations\",\"qbusiness:ListApplications\",\"qbusiness:ListDataSourceSyncJobs\",\"qbusiness:ListDataSources\",\"qbusiness:ListDocuments\",\"qbusiness:ListGroups\",\"qbusiness:ListIndices\",\"qbusiness:ListPlugins\",\"qbusiness:ListRetrievers\",\"qbusiness:ListSubscriptions\",\"qbusiness:ListTagsForResource\",\"qbusiness:ListWebExperiences\",\"qldb:DescribeJournalS3Export\",\"qldb:DescribeLedger\",\"qldb:ListJournalS3Exports\",\"qldb:ListJournalS3ExportsForLedger\",\"qldb:ListLedgers\",\"quicksight:Describe*\",\"quicksight:List*\",\"ram:GetResourceShares\",\"ram:List*\",\"rds:Describe*\",\"rds:DownloadDBLogFilePortion\",\"rds:ListTagsForResource\",\"redshift-serverless:GetNamespace\",\"redshift-serverless:ListTagsForResource\",\"redshift-serverless:ListWorkgroups\",\"redshift:Describe*\",\"rekognition:Describe*\",\"rekognition:List*\",\"resource-groups:ListGroupResources\",\"robomaker:Describe*\",\"robomaker:List*\",\"route53:Get*\",\"route53:List*\",\"route53domains:GetDomainDetail\",\"route53domains:GetOperationDetail\",\"route53domains:ListDomains\",\"route53domains:ListOperations\",\"route53domains:ListTagsForDomain\",\"route53resolver:Get*\",\"route53resolver:List*\",\"s3-outposts:ListEndpoints\",\"s3-outposts:ListOutpostsWithS3\",\"s3-outposts:ListSharedEndpoints\",\"s3:GetAccelerateConfiguration\",\"s3:GetAccessPoint\",\"s3:GetAccessPointPolicy\",\"s3:GetAccessPointPolicyStatus\",\"s3:GetAccountPublicAccessBlock\",\"s3:GetAnalyticsConfiguration\",\"s3:GetBucket*\",\"s3:GetEncryptionConfiguration\",\"s3:GetInventoryConfiguration\",\"s3:GetLifecycleConfiguration\",\"s3:GetMetricsConfiguration\",\"s3:GetMultiRegionAccessPointPolicy\",\"s3:GetObjectAcl\",\"s3:GetObjectVersionAcl\",\"s3:GetReplicationConfiguration\",\"s3:ListAccessPoints\",\"s3:ListAllMyBuckets\",\"s3:ListMultiRegionAccessPoints\",\"sagemaker:Describe*\",\"sagemaker:List*\",\"schemas:DescribeCodeBinding\",\"schemas:DescribeDiscoverer\",\"schemas:DescribeRegistry\",\"schemas:DescribeSchema\",\"schemas:GetResourcePolicy\",\"schemas:ListDiscoverers\",\"schemas:ListRegistries\",\"schemas:ListSchemaVersions\",\"schemas:ListSchemas\",\"schemas:ListTagsForResource\",\"sdb:DomainMetadata\",\"sdb:ListDomains\",\"secretsmanager:DescribeSecret\",\"secretsmanager:GetResourcePolicy\",\"secretsmanager:ListSecretVersionIds\",\"secretsmanager:ListSecrets\",\"securityhub:Describe*\",\"securityhub:Get*\",\"securityhub:List*\",\"serverlessrepo:GetApplicationPolicy\",\"serverlessrepo:List*\",\"servicequotas:GetAWSDefaultServiceQuota\",\"servicequotas:GetAssociationForServiceQuotaTemplate\",\"servicequotas:GetRequestedServiceQuotaChange\",\"servicequotas:GetServiceQuota\",\"servicequotas:GetServiceQuotaIncreaseRequestFromTemplate\",\"servicequotas:ListAWSDefaultServiceQuotas\",\"servicequotas:ListRequestedServiceQuotaChangeHistory\",\"servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota\",\"servicequotas:ListServiceQuotaIncreaseRequestsInTemplate\",\"servicequotas:ListServiceQuotas\",\"servicequotas:ListServices\",\"servicequotas:ListTagsForResource\",\"ses:Describe*\",\"ses:GetAccount\",\"ses:GetAccountSendingEnabled\",\"ses:GetConfigurationSet\",\"ses:GetConfigurationSetEventDestinations\",\"ses:GetDedicatedIps\",\"ses:GetEmailIdentity\",\"ses:GetIdentityDkimAttributes\",\"ses:GetIdentityPolicies\",\"ses:GetIdentityVerificationAttributes\",\"ses:ListConfigurationSets\",\"ses:ListDedicatedIpPools\",\"ses:ListIdentities\",\"ses:ListIdentityPolicies\",\"ses:ListReceiptFilters\",\"ses:ListReceiptRuleSets\",\"ses:ListVerifiedEmailAddresses\",\"shield:Describe*\",\"shield:GetSubscriptionState\",\"shield:List*\",\"snowball:ListClusters\",\"snowball:ListJobs\",\"sns:GetPlatformApplicationAttributes\",\"sns:GetTopicAttributes\",\"sns:ListSubscriptions\",\"sns:ListSubscriptionsByTopic\",\"sns:ListTagsForResource\",\"sns:ListTopics\",\"sqs:GetQueueAttributes\",\"sqs:ListDeadLetterSourceQueues\",\"sqs:ListQueueTags\",\"sqs:ListQueues\",\"ssm:Describe*\",\"ssm:GetAutomationExecution\",\"ssm:GetServiceSetting\",\"ssm:ListAssociationVersions\",\"ssm:ListAssociations\",\"ssm:ListCommands\",\"ssm:ListComplianceItems\",\"ssm:ListComplianceSummaries\",\"ssm:ListDocumentMetadataHistory\",\"ssm:ListDocumentVersions\",\"ssm:ListDocuments\",\"ssm:ListInventoryEntries\",\"ssm:ListOpsMetadata\",\"ssm:ListResourceComplianceSummaries\",\"ssm:ListResourceDataSync\",\"ssm:ListTagsForResource\",\"sso:DescribeAccountAssignmentCreationStatus\",\"sso:DescribePermissionSet\",\"sso:DescribePermissionsPolicies\",\"sso:List*\",\"states:DescribeStateMachine\",\"states:ListStateMachines\",\"storagegateway:DescribeBandwidthRateLimit\",\"storagegateway:DescribeCache\",\"storagegateway:DescribeCachediSCSIVolumes\",\"storagegateway:DescribeGatewayInformation\",\"storagegateway:DescribeMaintenanceStartTime\",\"storagegateway:DescribeNFSFileShares\",\"storagegateway:DescribeSnapshotSchedule\",\"storagegateway:DescribeStorediSCSIVolumes\",\"storagegateway:DescribeTapeArchives\",\"storagegateway:DescribeTapeRecoveryPoints\",\"storagegateway:DescribeTapes\",\"storagegateway:DescribeUploadBuffer\",\"storagegateway:DescribeVTLDevices\",\"storagegateway:DescribeWorkingStorage\",\"storagegateway:List*\",\"sts:GetAccessKeyInfo\",\"support:DescribeTrustedAdvisorCheckRefreshStatuses\",\"support:DescribeTrustedAdvisorCheckResult\",\"support:DescribeTrustedAdvisorCheckSummaries\",\"support:DescribeTrustedAdvisorChecks\",\"synthetics:DescribeCanaries\",\"synthetics:DescribeCanariesLastRun\",\"synthetics:DescribeRuntimeVersions\",\"synthetics:GetCanary\",\"synthetics:GetCanaryRuns\",\"synthetics:GetGroup\",\"synthetics:ListAssociatedGroups\",\"synthetics:ListGroupResources\",\"synthetics:ListGroups\",\"synthetics:ListTagsForResource\",\"tag:GetResources\",\"tag:GetTagKeys\",\"transcribe:GetCallAnalyticsCategory\",\"transcribe:GetMedicalVocabulary\",\"transcribe:GetVocabulary\",\"transcribe:GetVocabularyFilter\",\"transcribe:ListCallAnalyticsCategories\",\"transcribe:ListCallAnalyticsJobs\",\"transcribe:ListLanguageModels\",\"transcribe:ListMedicalTranscriptionJobs\",\"transcribe:ListMedicalVocabularies\",\"transcribe:ListTagsForResource\",\"transcribe:ListTranscriptionJobs\",\"transcribe:ListVocabularies\",\"transcribe:ListVocabularyFilters\",\"transfer:Describe*\",\"transfer:List*\",\"translate:List*\",\"trustedadvisor:Describe*\",\"voiceid:DescribeDomain\",\"waf-regional:GetWebACL\",\"waf-regional:ListResourcesForWebACL\",\"waf-regional:ListTagsForResource\",\"waf-regional:ListWebACLs\",\"waf:GetWebACL\",\"waf:ListTagsForResource\",\"waf:ListWebACLs\",\"wafv2:GetLoggingConfiguration\",\"wafv2:GetWebACL\",\"wafv2:GetWebACLForResource\",\"wafv2:ListAvailableManagedRuleGroups\",\"wafv2:ListIPSets\",\"wafv2:ListLoggingConfigurations\",\"wafv2:ListRegexPatternSets\",\"wafv2:ListResourcesForWebACL\",\"wafv2:ListRuleGroups\",\"wafv2:ListTagsForResource\",\"wafv2:ListWebACLs\",\"wisdom:GetAssistant\",\"workdocs:DescribeResourcePermissions\",\"workspaces:Describe*\",\"xray:GetEncryptionConfig\",\"xray:GetGroup\",\"xray:GetGroups\",\"xray:GetSamplingRules\",\"xray:GetSamplingTargets\",\"xray:GetTraceSummaries\",\"xray:ListTagsForResource\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"BaseSecurityAuditStatement\"},{\"Action\":[\"apigateway:GET\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:apigateway:*::/apis\",\"arn:aws:apigateway:*::/apis/*/authorizers/*\",\"arn:aws:apigateway:*::/apis/*/authorizers\",\"arn:aws:apigateway:*::/apis/*/cors\",\"arn:aws:apigateway:*::/apis/*/deployments/*\",\"arn:aws:apigateway:*::/apis/*/deployments\",\"arn:aws:apigateway:*::/apis/*/exports/*\",\"arn:aws:apigateway:*::/apis/*/integrations/*\",\"arn:aws:apigateway:*::/apis/*/integrations\",\"arn:aws:apigateway:*::/apis/*/models/*\",\"arn:aws:apigateway:*::/apis/*/models\",\"arn:aws:apigateway:*::/apis/*/routes/*\",\"arn:aws:apigateway:*::/apis/*/routes\",\"arn:aws:apigateway:*::/apis/*/stages\",\"arn:aws:apigateway:*::/apis/*/stages/*\",\"arn:aws:apigateway:*::/clientcertificates\",\"arn:aws:apigateway:*::/clientcertificates/*\",\"arn:aws:apigateway:*::/domainnames\",\"arn:aws:apigateway:*::/domainnames/*/apimappings\",\"arn:aws:apigateway:*::/restapis\",\"arn:aws:apigateway:*::/restapis/*/authorizers/*\",\"arn:aws:apigateway:*::/restapis/*/authorizers\",\"arn:aws:apigateway:*::/restapis/*/deployments/*\",\"arn:aws:apigateway:*::/restapis/*/deployments\",\"arn:aws:apigateway:*::/restapis/*/documentation/parts/*\",\"arn:aws:apigateway:*::/restapis/*/documentation/parts\",\"arn:aws:apigateway:*::/restapis/*/documentation/versions/*\",\"arn:aws:apigateway:*::/restapis/*/documentation/versions\",\"arn:aws:apigateway:*::/restapis/*/gatewayresponses/*\",\"arn:aws:apigateway:*::/restapis/*/gatewayresponses\",\"arn:aws:apigateway:*::/restapis/*/models/*\",\"arn:aws:apigateway:*::/restapis/*/models\",\"arn:aws:apigateway:*::/restapis/*/requestvalidators\",\"arn:aws:apigateway:*::/restapis/*/requestvalidators/*\",\"arn:aws:apigateway:*::/restapis/*/resources/*\",\"arn:aws:apigateway:*::/restapis/*/resources\",\"arn:aws:apigateway:*::/restapis/*/stages\",\"arn:aws:apigateway:*::/restapis/*/stages/*\",\"arn:aws:apigateway:*::/tags/*\",\"arn:aws:apigateway:*::/vpclinks\"],\"Sid\":\"APIGatewayAccess\"}],\"Version\":\"2012-10-17\"},\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/SecurityAudit\",\"ANPAIX2T3QCXHR2OGGCTO\"],\"name\":\"SecurityAudit\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"BaseSecurityAuditStatement\",\"effect\":\"Allow\"},{\"id\":\"APIGatewayAccess\",\"effect\":\"Allow\",\"version\":\"2012-10-17\"}],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"related.entity\":[\"arn:aws:iam::aws:policy/SecurityAudit\",\"ANPAIX2T3QCXHR2OGGCTO\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/SecurityAudit\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess\",\"ANPAJIZNDRUTKCN5HLZOE\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Action\":[\"iotanalytics:ListDatasets\",\"iotanalytics:DescribeDataset\",\"iotanalytics:GetDatasetContent\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"CreateDate\":\"2017-11-29T17:00:54Z\",\"IsAttachable\":true,\"PolicyId\":\"ANPAJIZNDRUTKCN5HLZOE\",\"PolicyName\":\"AWSQuickSightIoTAnalyticsAccess\",\"Tags\":null,\"Path\":\"/\",\"UpdateDate\":\"2017-11-29T17:00:54Z\",\"roles\":null,\"DefaultVersionId\":\"v1\"},\"id\":[\"arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess\",\"ANPAJIZNDRUTKCN5HLZOE\"],\"name\":\"AWSQuickSightIoTAnalyticsAccess\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"ANPAJ4L4MM2A7QIEB56MS\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/IAMUserChangePassword\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"ANPAJ4L4MM2A7QIEB56MS\"],\"name\":\"IAMUserChangePassword\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PolicyId\":\"ANPAJ4L4MM2A7QIEB56MS\",\"PolicyName\":\"IAMUserChangePassword\",\"UpdateDate\":\"2016-11-15T23:18:55Z\",\"PermissionsBoundaryUsageCount\":0,\"Arn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"AttachmentCount\":35,\"DefaultVersionId\":\"v2\",\"IsAttachable\":true,\"roles\":null,\"CreateDate\":\"2016-11-15T00:25:16Z\",\"Description\":null,\"Path\":\"/\",\"Tags\":null,\"document\":{\"Statement\":[{\"Resource\":[\"arn:aws:iam::*:user/${aws:username}\"],\"Action\":[\"iam:ChangePassword\"],\"Effect\":\"Allow\"},{\"Action\":[\"iam:GetAccountPasswordPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*::snapshot/*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:events:*:*:rule/AwsDataLifecycleRule.managed-cwe.*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole\",\"ANPAIZRLOKFUFE7YXQOJS\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole\",\"ANPAIZRLOKFUFE7YXQOJS\"],\"name\":\"AWSDataLifecycleManagerServiceRole\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":2,\"DefaultVersionId\":\"v7\",\"Tags\":null,\"UpdateDate\":\"2022-09-19T17:34:08Z\",\"roles\":null,\"Description\":null,\"IsAttachable\":true,\"Arn\":\"arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole\",\"CreateDate\":\"2018-07-06T19:34:16Z\",\"PolicyId\":\"ANPAIZRLOKFUFE7YXQOJS\",\"PolicyName\":\"AWSDataLifecycleManagerServiceRole\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:CreateSnapshot\",\"ec2:CreateSnapshots\",\"ec2:DeleteSnapshot\",\"ec2:DescribeInstances\",\"ec2:DescribeVolumes\",\"ec2:DescribeSnapshots\",\"ec2:EnableFastSnapshotRestores\",\"ec2:DescribeFastSnapshotRestores\",\"ec2:DisableFastSnapshotRestores\",\"ec2:CopySnapshot\",\"ec2:ModifySnapshotAttribute\",\"ec2:DescribeSnapshotAttribute\",\"ec2:DescribeSnapshotTierStatus\",\"ec2:ModifySnapshotTier\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Resource\":\"arn:aws:ec2:*::snapshot/*\",\"Action\":[\"ec2:CreateTags\"],\"Effect\":\"Allow\"},{\"Action\":[\"events:PutRule\",\"events:DeleteRule\",\"events:DescribeRule\",\"events:EnableRule\",\"events:DisableRule\",\"events:ListTargetsByRule\",\"events:PutTargets\",\"events:RemoveTargets\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:events:*:*:rule/AwsDataLifecycleRule.managed-cwe.*\"}],\"Version\":\"2012-10-17\"},\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess\",\"ANPAJ2YIYDYSNNEHK3VKW\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:StartQuery\",\"logs:StopQuery\",\"logs:TestMetricFilter\",\"logs:FilterLogEvents\",\"logs:StartLiveTail\",\"logs:StopLiveTail\",\"cloudwatch:GenerateQuery\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudWatchLogsReadOnlyAccess\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess\",\"AttachmentCount\":2,\"DefaultVersionId\":\"v6\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"CloudWatchLogsReadOnlyAccess\",\"Path\":\"/\",\"roles\":null,\"CreateDate\":\"2015-02-06T18:40:03Z\",\"IsAttachable\":true,\"PolicyId\":\"ANPAJ2YIYDYSNNEHK3VKW\",\"UpdateDate\":\"2023-11-26T18:11:33Z\"},\"id\":[\"arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess\",\"ANPAJ2YIYDYSNNEHK3VKW\"],\"name\":\"CloudWatchLogsReadOnlyAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"CloudWatchLogsReadOnlyAccess\",\"effect\":\"Allow\",\"resource\":[\"*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\",\"ANPAIZTJ4DXE7G6AGAE6M\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\",\"PolicyId\":\"ANPAIZTJ4DXE7G6AGAE6M\",\"document\":{\"Statement\":[{\"Action\":[\"s3:Get*\",\"s3:List*\",\"s3:Describe*\",\"s3-object-lambda:Get*\",\"s3-object-lambda:List*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"UpdateDate\":\"2023-08-10T21:31:39Z\",\"roles\":null,\"Path\":\"/\",\"PolicyName\":\"AmazonS3ReadOnlyAccess\",\"Tags\":null,\"AttachmentCount\":1,\"Description\":null,\"IsAttachable\":true,\"CreateDate\":\"2015-02-06T18:40:59Z\",\"DefaultVersionId\":\"v3\",\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\",\"ANPAIZTJ4DXE7G6AGAE6M\"],\"name\":\"AmazonS3ReadOnlyAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"CloudTrailFullAccess\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"id\":\"AwsOrgsAccess\",\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"condition\":{\"StringEquals\":{\"organizations:ServicePrincipal\":[\"cloudtrail.amazonaws.com\"]}},\"version\":\"2012-10-17\",\"id\":\"AwsOrgsDelegatedAdminAccess\",\"effect\":\"Allow\",\"action\":[\"organizations:ListDelegatedAdministrators\"],\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"action\":[\"glue:DeleteTable\"],\"condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"version\":\"2012-10-17\",\"id\":\"DeleteTableAccess\"},{\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"version\":\"2012-10-17\",\"id\":\"DeregisterResourceAccess\",\"effect\":\"Allow\",\"action\":[\"lakeformation:DeregisterResource\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy\",\"ANPAJXQJ45EGU6U7NQBW4\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"UpdateDate\":\"2023-11-27T01:18:10Z\",\"CreateDate\":\"2018-10-24T21:21:44Z\",\"Path\":\"/aws-service-role/\",\"PolicyName\":\"CloudTrailServiceRolePolicy\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy\",\"Description\":null,\"Tags\":null,\"roles\":null,\"AttachmentCount\":1,\"DefaultVersionId\":\"v3\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAJXQJ45EGU6U7NQBW4\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudTrailFullAccess\",\"Action\":[\"cloudtrail:*\"]},{\"Action\":[\"organizations:DescribeAccount\",\"organizations:DescribeOrganization\",\"organizations:ListAccounts\",\"organizations:ListAWSServiceAccessForOrganization\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"],\"Sid\":\"AwsOrgsAccess\"},{\"Action\":\"organizations:ListDelegatedAdministrators\",\"Condition\":{\"StringEquals\":{\"organizations:ServicePrincipal\":[\"cloudtrail.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AwsOrgsDelegatedAdminAccess\"},{\"Sid\":\"DeleteTableAccess\",\"Action\":\"glue:DeleteTable\",\"Condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:*:glue:*:*:catalog\",\"arn:*:glue:*:*:database/aws:cloudtrail\",\"arn:*:glue:*:*:table/aws:cloudtrail/*\"]},{\"Resource\":\"*\",\"Sid\":\"DeregisterResourceAccess\",\"Action\":\"lakeformation:DeregisterResource\",\"Condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy\",\"ANPAJXQJ45EGU6U7NQBW4\"],\"name\":\"CloudTrailServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"ANPAINUGF2JSOSUY76KYA\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":11,\"DefaultVersionId\":\"v15\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"dynamodb:*\",\"dax:*\",\"application-autoscaling:DeleteScalingPolicy\",\"application-autoscaling:DeregisterScalableTarget\",\"application-autoscaling:DescribeScalableTargets\",\"application-autoscaling:DescribeScalingActivities\",\"application-autoscaling:DescribeScalingPolicies\",\"application-autoscaling:PutScalingPolicy\",\"application-autoscaling:RegisterScalableTarget\",\"cloudwatch:DeleteAlarms\",\"cloudwatch:DescribeAlarmHistory\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:DescribeAlarmsForMetric\",\"cloudwatch:GetMetricStatistics\",\"cloudwatch:ListMetrics\",\"cloudwatch:PutMetricAlarm\",\"cloudwatch:GetMetricData\",\"datapipeline:ActivatePipeline\",\"datapipeline:CreatePipeline\",\"datapipeline:DeletePipeline\",\"datapipeline:DescribeObjects\",\"datapipeline:DescribePipelines\",\"datapipeline:GetPipelineDefinition\",\"datapipeline:ListPipelines\",\"datapipeline:PutPipelineDefinition\",\"datapipeline:QueryObjects\",\"ec2:DescribeVpcs\",\"ec2:DescribeSubnets\",\"ec2:DescribeSecurityGroups\",\"iam:GetRole\",\"iam:ListRoles\",\"kms:DescribeKey\",\"kms:ListAliases\",\"sns:CreateTopic\",\"sns:DeleteTopic\",\"sns:ListSubscriptions\",\"sns:ListSubscriptionsByTopic\",\"sns:ListTopics\",\"sns:Subscribe\",\"sns:Unsubscribe\",\"sns:SetTopicAttributes\",\"lambda:CreateFunction\",\"lambda:ListFunctions\",\"lambda:ListEventSourceMappings\",\"lambda:CreateEventSourceMapping\",\"lambda:DeleteEventSourceMapping\",\"lambda:GetFunctionConfiguration\",\"lambda:DeleteFunction\",\"resource-groups:ListGroups\",\"resource-groups:ListGroupResources\",\"resource-groups:GetGroup\",\"resource-groups:GetGroupQuery\",\"resource-groups:DeleteGroup\",\"resource-groups:CreateGroup\",\"tag:GetResources\",\"kinesis:ListStreams\",\"kinesis:DescribeStream\",\"kinesis:DescribeStreamSummary\"]},{\"Action\":\"cloudwatch:GetInsightRuleReport\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*\"},{\"Action\":[\"iam:PassRole\"],\"Condition\":{\"StringLike\":{\"iam:PassedToService\":[\"application-autoscaling.amazonaws.com\",\"application-autoscaling.amazonaws.com.cn\",\"dax.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"iam:CreateServiceLinkedRole\"],\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"replication.dynamodb.amazonaws.com\",\"dax.amazonaws.com\",\"dynamodb.application-autoscaling.amazonaws.com\",\"contributorinsights.dynamodb.amazonaws.com\",\"kinesisreplication.dynamodb.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"IsAttachable\":true,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AmazonDynamoDBFullAccess\",\"Description\":null,\"Tags\":null,\"UpdateDate\":\"2021-01-29T17:38:30Z\",\"CreateDate\":\"2015-02-06T18:40:11Z\",\"PolicyId\":\"ANPAINUGF2JSOSUY76KYA\"},\"id\":[\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"ANPAINUGF2JSOSUY76KYA\"],\"name\":\"AmazonDynamoDBFullAccess\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"action\":[\"cloudwatch:GetInsightRuleReport\"],\"resource\":[\"arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"iam:PassedToService\":[\"application-autoscaling.amazonaws.com\",\"application-autoscaling.amazonaws.com.cn\",\"dax.amazonaws.com\"]}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"replication.dynamodb.amazonaws.com\",\"dax.amazonaws.com\",\"dynamodb.application-autoscaling.amazonaws.com\",\"contributorinsights.dynamodb.amazonaws.com\",\"kinesisreplication.dynamodb.amazonaws.com\"]}}}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"raw\":{\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2021-07-07T20:09:06Z\",\"document\":{\"Statement\":[{\"Action\":[\"athena:BatchGetQueryExecution\",\"athena:CancelQueryExecution\",\"athena:GetCatalogs\",\"athena:GetExecutionEngine\",\"athena:GetExecutionEngines\",\"athena:GetNamespace\",\"athena:GetNamespaces\",\"athena:GetQueryExecution\",\"athena:GetQueryExecutions\",\"athena:GetQueryResults\",\"athena:GetQueryResultsStream\",\"athena:GetTable\",\"athena:GetTables\",\"athena:ListQueryExecutions\",\"athena:RunQuery\",\"athena:StartQueryExecution\",\"athena:StopQueryExecution\",\"athena:ListWorkGroups\",\"athena:ListEngineVersions\",\"athena:GetWorkGroup\",\"athena:GetDataCatalog\",\"athena:GetDatabase\",\"athena:GetTableMetadata\",\"athena:ListDataCatalogs\",\"athena:ListDatabases\",\"athena:ListTableMetadata\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"glue:CreateDatabase\",\"glue:DeleteDatabase\",\"glue:GetDatabase\",\"glue:GetDatabases\",\"glue:UpdateDatabase\",\"glue:CreateTable\",\"glue:DeleteTable\",\"glue:BatchDeleteTable\",\"glue:UpdateTable\",\"glue:GetTable\",\"glue:GetTables\",\"glue:BatchCreatePartition\",\"glue:CreatePartition\",\"glue:DeletePartition\",\"glue:BatchDeletePartition\",\"glue:UpdatePartition\",\"glue:GetPartition\",\"glue:GetPartitions\",\"glue:BatchGetPartition\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"s3:GetBucketLocation\",\"s3:GetObject\",\"s3:ListBucket\",\"s3:ListBucketMultipartUploads\",\"s3:ListMultipartUploadParts\",\"s3:AbortMultipartUpload\",\"s3:CreateBucket\",\"s3:PutObject\",\"s3:PutBucketPublicAccessBlock\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::aws-athena-query-results-*\"]},{\"Action\":[\"lakeformation:GetDataAccess\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess\",\"Path\":\"/service-role/\",\"roles\":null,\"CreateDate\":\"2016-12-09T02:31:03Z\",\"Description\":null,\"Tags\":null,\"AttachmentCount\":1,\"IsAttachable\":true,\"PolicyId\":\"ANPAI4JB77JXFQXDWNRPM\",\"PolicyName\":\"AWSQuicksightAthenaAccess\",\"DefaultVersionId\":\"v10\"},\"id\":[\"arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess\",\"ANPAI4JB77JXFQXDWNRPM\"],\"name\":\"AWSQuicksightAthenaAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess\",\"ANPAI4JB77JXFQXDWNRPM\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\"ANPAIBVMOY52IPQ6HD3PO\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AmazonEKSWorkerNodePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"IsAttachable\":true,\"PolicyName\":\"AmazonEKSWorkerNodePolicy\",\"UpdateDate\":\"2023-11-27T00:06:13Z\",\"Arn\":\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\"PolicyId\":\"ANPAIBVMOY52IPQ6HD3PO\",\"Tags\":null,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"roles\":null,\"AttachmentCount\":99,\"DefaultVersionId\":\"v3\",\"Description\":null,\"CreateDate\":\"2018-05-27T21:09:01Z\",\"document\":{\"Statement\":[{\"Sid\":\"WorkerNodePermissions\",\"Action\":[\"ec2:DescribeInstances\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeVolumes\",\"ec2:DescribeVolumesModifications\",\"ec2:DescribeVpcs\",\"eks:DescribeCluster\",\"eks-auth:AssumeRoleForPodIdentity\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\"ANPAIBVMOY52IPQ6HD3PO\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"WorkerNodePermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"AttachmentCount\":8,\"PolicyId\":\"ANPAJFCNXU6HPGCIVXYDI\",\"DefaultVersionId\":\"v7\",\"UpdateDate\":\"2024-10-14T21:12:40Z\",\"IsAttachable\":true,\"Path\":\"/\",\"PolicyName\":\"AmazonEKSServicePolicy\",\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/AmazonEKSServicePolicy\",\"Description\":null,\"document\":{\"Statement\":[{\"Action\":[\"ec2:CreateNetworkInterface\",\"ec2:CreateNetworkInterfacePermission\",\"ec2:DeleteNetworkInterface\",\"ec2:DescribeInstances\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DetachNetworkInterface\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeVpcs\",\"ec2:ModifyNetworkInterfaceAttribute\",\"iam:ListAttachedRolePolicies\",\"eks:UpdateClusterVersion\",\"ec2:GetSecurityGroupsForVpc\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:CreateTags\",\"ec2:DeleteTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:vpc/*\",\"arn:aws:ec2:*:*:subnet/*\"]},{\"Action\":[\"ec2:CreateTags\"],\"Condition\":{\"StringLike\":{\"aws:RequestTag/Name\":\"eks-cluster-*\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:network-interface/*\"]},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":\"route53:AssociateVPCWithHostedZone\"},{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:DescribeLogStreams\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/eks/*:*\"},{\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/eks/*:*:*\",\"Action\":\"logs:PutLogEvents\",\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringLike\":{\"iam:AWSServiceName\":\"eks.amazonaws.com\"}}}],\"Version\":\"2012-10-17\"},\"CreateDate\":\"2018-05-27T21:08:21Z\",\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::aws:policy/AmazonEKSServicePolicy\",\"ANPAJFCNXU6HPGCIVXYDI\"],\"name\":\"AmazonEKSServicePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"aws:RequestTag/Name\":\"eks-cluster-*\"}}},{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"route53:AssociateVPCWithHostedZone\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"logs:CreateLogGroup\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/eks/*:*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"logs:PutLogEvents\"],\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/eks/*:*:*\"]},{\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"arn:aws:iam::*:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS\"],\"condition\":{\"StringLike\":{\"iam:AWSServiceName\":\"eks.amazonaws.com\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonEKSServicePolicy\",\"ANPAJFCNXU6HPGCIVXYDI\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonEKSServicePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonS3FullAccess\",\"ANPAIFIR6V6BVTRAHWINE\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonS3FullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":15,\"PolicyName\":\"AmazonS3FullAccess\",\"UpdateDate\":\"2021-09-27T20:16:37Z\",\"DefaultVersionId\":\"v2\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAIFIR6V6BVTRAHWINE\",\"document\":{\"Statement\":[{\"Action\":[\"s3:*\",\"s3-object-lambda:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/AmazonS3FullAccess\",\"CreateDate\":\"2015-02-06T18:40:58Z\",\"Path\":\"/\",\"Tags\":null,\"Description\":null},\"id\":[\"arn:aws:iam::aws:policy/AmazonS3FullAccess\",\"ANPAIFIR6V6BVTRAHWINE\"],\"name\":\"AmazonS3FullAccess\",\"category\":\"identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"IsAttachable\":true,\"Path\":\"/aws-service-role/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4BCH3IIJPN\",\"Tags\":null,\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy\",\"AttachmentCount\":1,\"Description\":null,\"PolicyName\":\"ConfigConformsServiceRolePolicy\",\"CreateDate\":\"2019-07-25T21:38:05Z\",\"UpdateDate\":\"2023-01-12T04:17:34Z\",\"roles\":null,\"DefaultVersionId\":\"v6\",\"document\":{\"Statement\":[{\"Action\":[\"config:PutConfigRule\",\"config:DeleteConfigRule\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.amazonaws.com*\"},{\"Action\":[\"config:DescribeConfigRules\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Resource\":\"arn:aws:config:*:*:remediation-configuration/aws-service-remediation-configuration/config-conforms.amazonaws.com*\",\"Action\":[\"config:DescribeRemediationConfigurations\",\"config:DeleteRemediationConfiguration\",\"config:PutRemediationConfigurations\"],\"Effect\":\"Allow\"},{\"Action\":[\"iam:GetRole\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/*\"},{\"Action\":[\"iam:GetRole\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringLike\":{\"iam:AWSServiceName\":\"remediation.config.amazonaws.com\"}}},{\"Action\":\"iam:PassRole\",\"Condition\":{\"StringEquals\":{\"iam:PassedToService\":\"ssm.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ssm:DescribeDocument\",\"ssm:GetDocument\"]},{\"Action\":[\"s3:PutObject\",\"s3:PutObjectAcl\",\"s3:GetObject\",\"s3:GetBucketAcl\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::awsconfigconforms*\"},{\"Action\":[\"cloudformation:CreateStack\",\"cloudformation:DeleteStack\",\"cloudformation:DescribeStackEvents\",\"cloudformation:DescribeStackResource\",\"cloudformation:DescribeStackResources\",\"cloudformation:DescribeStacks\",\"cloudformation:GetStackPolicy\",\"cloudformation:SetStackPolicy\",\"cloudformation:UpdateStack\",\"cloudformation:UpdateTerminationProtection\",\"cloudformation:ValidateTemplate\",\"cloudformation:ListStackResources\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:cloudformation:*:*:stack/awsconfigconforms-*\"},{\"Action\":[\"cloudwatch:PutMetricData\"],\"Condition\":{\"StringEquals\":{\"cloudwatch:namespace\":\"AWS/Config\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy\",\"ANPAZKAPJZG4BCH3IIJPN\"],\"name\":\"ConfigConformsServiceRolePolicy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"resource\":[\"arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.amazonaws.com*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:config:*:*:remediation-configuration/aws-service-remediation-configuration/config-conforms.amazonaws.com*\"],\"version\":\"2012-10-17\"},{\"resource\":[\"arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation\"],\"condition\":{\"StringLike\":{\"iam:AWSServiceName\":\"remediation.config.amazonaws.com\"}}},{\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:PassedToService\":\"ssm.amazonaws.com\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:s3:::awsconfigconforms*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:cloudformation:*:*:stack/awsconfigconforms-*\"]},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"cloudwatch:namespace\":\"AWS/Config\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy\",\"ANPAZKAPJZG4BCH3IIJPN\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"CreateDate\":\"2020-02-21T20:10:47Z\",\"Path\":\"/aws-service-role/\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4KZBLSP26Y\",\"UpdateDate\":\"2024-11-16T17:42:18Z\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ec2:CreateNetworkInterface\",\"ec2:DeleteNetworkInterface\",\"ec2:DetachNetworkInterface\",\"ec2:ModifyNetworkInterfaceAttribute\",\"ec2:CreateSecurityGroup\",\"ec2:CreateNetworkInterfacePermission\"]},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ec2:DescribeAccountAttributes\",\"ec2:DescribeAddresses\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeCoipPools\",\"ec2:DescribeInstances\",\"ec2:DescribeInstanceTypeOfferings\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeLaunchTemplates\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSnapshots\",\"ec2:DescribeSpotPriceHistory\",\"ec2:DescribeSubnets\",\"ec2:DescribeTags\",\"ec2:DescribeVolumes\",\"ec2:DescribeVolumesModifications\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeVpcs\",\"ec2:GetCoipPoolUsage\",\"ec2:GetSecurityGroupsForVpc\",\"eks:DescribeCluster\",\"elasticloadbalancing:DescribeListenerAttributes\",\"elasticloadbalancing:DescribeListenerCertificates\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeSSLPolicies\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetHealth\",\"elasticloadbalancing:DescribeTrustStores\",\"iam:ListAttachedRolePolicies\",\"pricing:GetProducts\",\"shield:GetSubscriptionState\",\"tag:GetResources\"]},{\"Action\":[\"ec2:DeleteSecurityGroup\",\"ec2:RevokeSecurityGroupIngress\",\"ec2:AuthorizeSecurityGroupIngress\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/Name\":\"eks-cluster-sg*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:security-group/*\"},{\"Action\":[\"ec2:CreateTags\",\"ec2:DeleteTags\"],\"Condition\":{\"ForAnyValue:StringLike\":{\"aws:TagKeys\":[\"kubernetes.io/cluster/*\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:vpc/*\",\"arn:aws:ec2:*:*:subnet/*\",\"arn:aws:ec2:*:*:network-interface/*\",\"arn:aws:ec2:*:*:security-group/*\"]},{\"Action\":[\"ec2:CreateTags\",\"ec2:DeleteTags\"],\"Condition\":{\"StringLike\":{\"aws:RequestTag/Name\":\"eks-cluster-*\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:security-group/*\",\"arn:aws:ec2:*:*:network-interface/*\"]},{\"Action\":\"route53:AssociateVPCWithHostedZone\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:route53:::hostedzone/*\"},{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/eks/*\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:DescribeLogStreams\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/eks/*:*\"},{\"Action\":\"logs:PutLogEvents\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/eks/*:*:*\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":\"cloudwatch:PutMetricData\",\"Condition\":{\"StringLike\":{\"cloudwatch:namespace\":\"AWS/EKS\"}}},{\"Action\":[\"eks:CreateAccessEntry\",\"eks:DeleteAccessEntry\"],\"Condition\":{\"StringEquals\":{\"eks:accessEntryType\":\"STANDARD\"},\"ArnLike\":{\"eks:principalArn\":\"arn:aws:iam::*:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"eks:ListAssociatedAccessPolicies\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:eks:*:*:access-entry/*/role/${aws:PrincipalAccount}/AWSServiceRoleForAmazonEKS/*\"},{\"Action\":[\"eks:AssociateAccessPolicy\",\"eks:DisassociateAccessPolicy\"],\"Condition\":{\"StringEquals\":{\"eks:policyArn\":[\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSComputePolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSComputeClusterPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSNetworkingPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSNetworkingClusterPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSLoadBalancingPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSLoadBalancingClusterPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSBlockStoragePolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSBlockStorageClusterPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSHybridPolicy\"]}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:eks:*:*:access-entry/*/role/${aws:PrincipalAccount}/AWSServiceRoleForAmazonEKS/*\"},{\"Resource\":\"*\",\"Action\":[\"ec2:DeleteNetworkInterface\"],\"Condition\":{\"StringLike\":{\"aws:ResourceTag/eks:eks-cluster-name\":\"*\"}},\"Effect\":\"Allow\"},{\"Action\":\"eks:DescribeAccessEntry\",\"Condition\":{\"StringEquals\":{\"eks:accessEntryType\":\"EC2\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"events:PutRule\",\"Condition\":{\"ForAllValues:StringEquals\":{\"events:source\":[\"aws.ec2\",\"aws.health\"]},\"StringEquals\":{\"events:ManagedBy\":[\"eks.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:events:*:*:rule/EKS*\"},{\"Action\":\"events:PutTargets\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:events:*:*:rule/EKS*\"},{\"Action\":[\"iam:GetInstanceProfile\",\"iam:CreateInstanceProfile\",\"iam:DeleteInstanceProfile\",\"iam:RemoveRoleFromInstanceProfile\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:instance-profile/eks*\"},{\"Action\":[\"ec2:DeleteLaunchTemplate\",\"ec2:TerminateInstances\"],\"Condition\":{\"StringLike\":{\"aws:ResourceTag/eks:eks-cluster-name\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ec2:DeleteVolume\"],\"Condition\":{\"StringLike\":{\"aws:ResourceTag/eks:eks-cluster-name\":\"*\"}}},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ec2:DeleteSnapshot\"],\"Condition\":{\"StringLike\":{\"aws:ResourceTag/eks:eks-cluster-name\":\"*\"}}},{\"Resource\":\"*\",\"Action\":[\"elasticloadbalancing:DeleteListener\",\"elasticloadbalancing:DeleteRule\",\"elasticloadbalancing:DeregisterTargets\",\"elasticloadbalancing:DeleteLoadBalancer\",\"elasticloadbalancing:DeleteTargetGroup\",\"ec2:DeleteSecurityGroup\",\"shield:DescribeProtection\"],\"Condition\":{\"StringLike\":{\"aws:ResourceTag/eks:eks-cluster-name\":\"*\"}},\"Effect\":\"Allow\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"DefaultVersionId\":\"v5\",\"Description\":null,\"Tags\":null,\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy\",\"PolicyName\":\"AmazonEKSServiceRolePolicy\",\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy\",\"ANPAZKAPJZG4KZBLSP26Y\"],\"name\":\"AmazonEKSServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:security-group/*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/Name\":\"eks-cluster-sg*\"}},\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"condition\":{\"ForAnyValue:StringLike\":{\"aws:TagKeys\":[\"kubernetes.io/cluster/*\"]}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"aws:RequestTag/Name\":\"eks-cluster-*\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"route53:AssociateVPCWithHostedZone\"],\"resource\":[\"arn:aws:route53:::hostedzone/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"logs:CreateLogGroup\"],\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/eks/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/eks/*:*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"logs:PutLogEvents\"],\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/eks/*:*:*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"cloudwatch:PutMetricData\"],\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"cloudwatch:namespace\":\"AWS/EKS\"}}},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"ArnLike\":{\"eks:principalArn\":\"arn:aws:iam::*:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS\"},\"StringEquals\":{\"eks:accessEntryType\":\"STANDARD\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:eks:*:*:access-entry/*/role/${aws:PrincipalAccount}/AWSServiceRoleForAmazonEKS/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:eks:*:*:access-entry/*/role/${aws:PrincipalAccount}/AWSServiceRoleForAmazonEKS/*\"],\"condition\":{\"StringEquals\":{\"eks:policyArn\":[\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSComputePolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSComputeClusterPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSNetworkingPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSNetworkingClusterPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSLoadBalancingPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSLoadBalancingClusterPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSBlockStoragePolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSBlockStorageClusterPolicy\",\"arn:aws:eks::aws:cluster-access-policy/AmazonEKSHybridPolicy\"]}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"aws:ResourceTag/eks:eks-cluster-name\":\"*\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"eks:DescribeAccessEntry\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"eks:accessEntryType\":\"EC2\"}}},{\"action\":[\"events:PutRule\"],\"resource\":[\"arn:aws:events:*:*:rule/EKS*\"],\"condition\":{\"ForAllValues:StringEquals\":{\"events:source\":[\"aws.ec2\",\"aws.health\"]},\"StringEquals\":{\"events:ManagedBy\":[\"eks.amazonaws.com\"]}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"events:PutTargets\"],\"resource\":[\"arn:aws:events:*:*:rule/EKS*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:iam::*:instance-profile/eks*\"],\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"aws:ResourceTag/eks:eks-cluster-name\":\"*\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"aws:ResourceTag/eks:eks-cluster-name\":\"*\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"aws:ResourceTag/eks:eks-cluster-name\":\"*\"}}},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"aws:ResourceTag/eks:eks-cluster-name\":\"*\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy\",\"ANPAZKAPJZG4KZBLSP26Y\"],\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy\",\"ANPAZKAPJZG4FCG7EVJIR\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Path\":\"/aws-service-role/\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"support:*\"]}],\"Version\":\"2012-10-17\"},\"roles\":null,\"AttachmentCount\":1,\"CreateDate\":\"2019-05-22T20:44:17Z\",\"UpdateDate\":\"2019-06-24T14:52:56Z\",\"IsAttachable\":true,\"Tags\":null,\"PolicyName\":\"ServiceQuotasServiceRolePolicy\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy\",\"PolicyId\":\"ANPAZKAPJZG4FCG7EVJIR\",\"PermissionsBoundaryUsageCount\":0,\"DefaultVersionId\":\"v2\",\"Description\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy\",\"ANPAZKAPJZG4FCG7EVJIR\"],\"name\":\"ServiceQuotasServiceRolePolicy\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"DescribeAndListPermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"resource\":[\"arn:aws:ec2:*:*:volume/*\"],\"condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyExcluded\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"CreateSnapshotVolumeConditionalStatement\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateSnapshot\"]},{\"version\":\"2012-10-17\",\"id\":\"CreateSnapshotConditionalStatement\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateSnapshot\"],\"resource\":[\"arn:aws:ec2:*:*:snapshot/*\"],\"condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyScanId\"}}},{\"id\":\"CreateTagsPermission\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateTags\"],\"resource\":[\"arn:aws:ec2:*:*:*/*\"],\"condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"CreateSnapshot\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AddTagsToSnapshotPermission\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateTags\"],\"resource\":[\"arn:aws:ec2:*:*:snapshot/*\"],\"condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"GuardDutyExcluded\",\"GuardDutyFindingDetected\"]},\"StringLike\":{\"ec2:ResourceTag/GuardDutyScanId\":\"*\"}}},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:snapshot/*\"],\"condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyExcluded\":\"true\"},\"StringLike\":{\"ec2:ResourceTag/GuardDutyScanId\":\"*\"}},\"version\":\"2012-10-17\",\"id\":\"DeleteAndShareSnapshotPermission\"},{\"version\":\"2012-10-17\",\"id\":\"PreventPublicAccessToSnapshotPermission\",\"effect\":\"Deny\",\"resource\":[\"arn:aws:ec2:*:*:snapshot/*\"],\"condition\":{\"StringEquals\":{\"ec2:Add/group\":\"all\"}}},{\"version\":\"2012-10-17\",\"id\":\"CreateGrantPermission\",\"effect\":\"Allow\",\"action\":[\"kms:CreateGrant\"],\"resource\":[\"arn:aws:kms:*:*:key/*\"],\"condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyExcluded\":\"true\"},\"StringLike\":{\"kms:EncryptionContext:aws:ebs:id\":\"snap-*\"},\"Bool\":{\"kms:GrantIsForAWSResource\":\"true\"},\"ForAllValues:StringEquals\":{\"kms:GrantOperations\":[\"Decrypt\",\"CreateGrant\",\"GenerateDataKeyWithoutPlaintext\",\"ReEncryptFrom\",\"ReEncryptTo\",\"RetireGrant\",\"DescribeKey\"]}}},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:kms:*:*:key/*\"],\"condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyExcluded\":\"true\"},\"StringLike\":{\"kms:ViaService\":\"ec2.*.amazonaws.com\"}},\"version\":\"2012-10-17\",\"id\":\"ShareSnapshotKMSPermission\"},{\"version\":\"2012-10-17\",\"id\":\"DescribeKeyPermission\",\"effect\":\"Allow\",\"action\":[\"kms:DescribeKey\"],\"resource\":[\"arn:aws:kms:*:*:key/*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/guardduty/*\"],\"version\":\"2012-10-17\",\"id\":\"GuardDutyLogGroupPermission\"},{\"version\":\"2012-10-17\",\"id\":\"GuardDutyLogStreamPermission\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/guardduty/*:log-stream:*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:snapshot/*\"],\"condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyExcluded\":\"true\"},\"StringLike\":{\"aws:ResourceTag/GuardDutyScanId\":\"*\"}},\"version\":\"2012-10-17\",\"id\":\"EBSDirectAPIPermissions\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy\",\"ANPAZKAPJZG4DYKRPKYEO\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v2\",\"Description\":null,\"Path\":\"/aws-service-role/\",\"PolicyName\":\"AmazonGuardDutyMalwareProtectionServiceRolePolicy\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy\",\"AttachmentCount\":1,\"CreateDate\":\"2022-07-19T19:06:53Z\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2024-01-25T22:24:00Z\",\"document\":{\"Statement\":[{\"Sid\":\"DescribeAndListPermissions\",\"Action\":[\"ec2:DescribeInstances\",\"ec2:DescribeVolumes\",\"ec2:DescribeSnapshots\",\"ecs:ListClusters\",\"ecs:ListContainerInstances\",\"ecs:ListTasks\",\"ecs:DescribeTasks\",\"eks:DescribeCluster\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ec2:CreateSnapshot\",\"Condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyExcluded\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:volume/*\",\"Sid\":\"CreateSnapshotVolumeConditionalStatement\"},{\"Condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":\"GuardDutyScanId\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Sid\":\"CreateSnapshotConditionalStatement\",\"Action\":\"ec2:CreateSnapshot\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:*/*\",\"Sid\":\"CreateTagsPermission\",\"Action\":\"ec2:CreateTags\",\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"CreateSnapshot\"}}},{\"Action\":\"ec2:CreateTags\",\"Condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"GuardDutyExcluded\",\"GuardDutyFindingDetected\"]},\"StringLike\":{\"ec2:ResourceTag/GuardDutyScanId\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Sid\":\"AddTagsToSnapshotPermission\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Sid\":\"DeleteAndShareSnapshotPermission\",\"Action\":[\"ec2:DeleteSnapshot\",\"ec2:ModifySnapshotAttribute\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/GuardDutyScanId\":\"*\"},\"Null\":{\"aws:ResourceTag/GuardDutyExcluded\":\"true\"}}},{\"Action\":[\"ec2:ModifySnapshotAttribute\"],\"Condition\":{\"StringEquals\":{\"ec2:Add/group\":\"all\"}},\"Effect\":\"Deny\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Sid\":\"PreventPublicAccessToSnapshotPermission\"},{\"Action\":\"kms:CreateGrant\",\"Condition\":{\"ForAllValues:StringEquals\":{\"kms:GrantOperations\":[\"Decrypt\",\"CreateGrant\",\"GenerateDataKeyWithoutPlaintext\",\"ReEncryptFrom\",\"ReEncryptTo\",\"RetireGrant\",\"DescribeKey\"]},\"Null\":{\"aws:ResourceTag/GuardDutyExcluded\":\"true\"},\"StringLike\":{\"kms:EncryptionContext:aws:ebs:id\":\"snap-*\"},\"Bool\":{\"kms:GrantIsForAWSResource\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:kms:*:*:key/*\",\"Sid\":\"CreateGrantPermission\"},{\"Action\":[\"kms:ReEncryptTo\",\"kms:ReEncryptFrom\"],\"Condition\":{\"StringLike\":{\"kms:ViaService\":\"ec2.*.amazonaws.com\"},\"Null\":{\"aws:ResourceTag/GuardDutyExcluded\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:kms:*:*:key/*\",\"Sid\":\"ShareSnapshotKMSPermission\"},{\"Action\":\"kms:DescribeKey\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:kms:*:*:key/*\",\"Sid\":\"DescribeKeyPermission\"},{\"Action\":[\"logs:DescribeLogGroups\",\"logs:CreateLogGroup\",\"logs:PutRetentionPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/guardduty/*\",\"Sid\":\"GuardDutyLogGroupPermission\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\",\"logs:DescribeLogStreams\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/guardduty/*:log-stream:*\",\"Sid\":\"GuardDutyLogStreamPermission\"},{\"Action\":[\"ebs:GetSnapshotBlock\",\"ebs:ListSnapshotBlocks\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/GuardDutyExcluded\":\"true\"},\"StringLike\":{\"aws:ResourceTag/GuardDutyScanId\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:snapshot/*\",\"Sid\":\"EBSDirectAPIPermissions\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"PolicyId\":\"ANPAZKAPJZG4DYKRPKYEO\",\"Tags\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy\",\"ANPAZKAPJZG4DYKRPKYEO\"],\"name\":\"AmazonGuardDutyMalwareProtectionServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess\",\"ANPAZKAPJZG4F2SFMTI3G\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess\",\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"ecr-public:*\",\"sts:GetServiceBearerToken\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Description\":null,\"IsAttachable\":true,\"PolicyId\":\"ANPAZKAPJZG4F2SFMTI3G\",\"AttachmentCount\":1,\"DefaultVersionId\":\"v1\",\"PolicyName\":\"AmazonElasticContainerRegistryPublicFullAccess\",\"UpdateDate\":\"2020-12-01T17:25:52Z\",\"CreateDate\":\"2020-12-01T17:25:52Z\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess\",\"ANPAZKAPJZG4F2SFMTI3G\"],\"name\":\"AmazonElasticContainerRegistryPublicFullAccess\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:kms:*:*:key/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"backup.amazonaws.com\"]}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"iam:PassedToService\":\"backup.amazonaws.com\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy\",\"ANPAZKAPJZG4FXCJYWBN7\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2019-11-05T16:52:41Z\",\"PolicyId\":\"ANPAZKAPJZG4FXCJYWBN7\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"document\":{\"Statement\":[{\"Action\":[\"backup-storage:MountCapsule\",\"ec2:CreateNetworkInterface\",\"ec2:DeleteNetworkInterface\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeNetworkInterfaceAttribute\",\"ec2:ModifyNetworkInterfaceAttribute\",\"tag:GetResources\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"kms:DescribeKey\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:kms:*:*:key/*\"},{\"Resource\":[\"arn:aws:backup:*:*:backup-vault:aws/efs/automatic-backup-vault\"],\"Action\":[\"backup:CreateBackupVault\",\"backup:PutBackupVaultAccessPolicy\"],\"Effect\":\"Allow\"},{\"Action\":[\"backup:CreateBackupPlan\",\"backup:CreateBackupSelection\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:backup:*:*:backup-plan:*\"]},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"iam:CreateServiceLinkedRole\"],\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"backup.amazonaws.com\"]}}},{\"Action\":[\"iam:PassRole\"],\"Condition\":{\"StringLike\":{\"iam:PassedToService\":\"backup.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::*:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup\"]},{\"Action\":[\"elasticfilesystem:DescribeFileSystems\",\"elasticfilesystem:CreateReplicationConfiguration\",\"elasticfilesystem:DescribeReplicationConfigurations\",\"elasticfilesystem:DeleteReplicationConfiguration\",\"elasticfilesystem:ReplicationRead\",\"elasticfilesystem:ReplicationWrite\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"DefaultVersionId\":\"v5\",\"Description\":null,\"Path\":\"/aws-service-role/\",\"PolicyName\":\"AmazonElasticFileSystemServiceRolePolicy\",\"UpdateDate\":\"2024-11-07T19:19:50Z\",\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy\",\"ANPAZKAPJZG4FXCJYWBN7\"],\"name\":\"AmazonElasticFileSystemServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"EC2Action1\",\"effect\":\"Allow\"},{\"id\":\"EC2Action2\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"ec2:ResourceTag/AWSServiceName\":\"GlobalAccelerator\"}},\"version\":\"2012-10-17\"},{\"id\":\"EC2Action3\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"ElbAction1\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"action\":[\"ec2:CreateTags\"],\"version\":\"2012-10-17\",\"id\":\"EC2Action4\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy\",\"ANPAZKAPJZG4EJ5ZEQR2C\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"UpdateDate\":\"2024-10-29T18:23:36Z\",\"CreateDate\":\"2019-04-05T19:39:13Z\",\"DefaultVersionId\":\"v9\",\"Path\":\"/aws-service-role/\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy\",\"Description\":null,\"IsAttachable\":true,\"AttachmentCount\":1,\"PolicyName\":\"AWSGlobalAcceleratorSLRPolicy\",\"document\":{\"Statement\":[{\"Sid\":\"EC2Action1\",\"Action\":[\"ec2:CreateNetworkInterface\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeInstances\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeSubnets\",\"ec2:DescribeRegions\",\"ec2:ModifyNetworkInterfaceAttribute\",\"ec2:DeleteNetworkInterface\",\"ec2:DescribeAddresses\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Sid\":\"EC2Action2\",\"Action\":[\"ec2:DeleteSecurityGroup\",\"ec2:AssignIpv6Addresses\",\"ec2:UnassignIpv6Addresses\"],\"Condition\":{\"StringEquals\":{\"ec2:ResourceTag/AWSServiceName\":\"GlobalAccelerator\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:CreateSecurityGroup\",\"ec2:DescribeSecurityGroups\",\"ec2:GetSecurityGroupsForVpc\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2Action3\"},{\"Action\":[\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeTargetGroups\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ElbAction1\"},{\"Action\":\"ec2:CreateTags\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:security-group/*\",\"arn:aws:ec2:*:*:network-interface/*\"],\"Sid\":\"EC2Action4\"}],\"Version\":\"2012-10-17\"},\"PolicyId\":\"ANPAZKAPJZG4EJ5ZEQR2C\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy\",\"ANPAZKAPJZG4EJ5ZEQR2C\"],\"name\":\"AWSGlobalAcceleratorSLRPolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"es:ListDomainNames\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy\",\"ANPAZKAPJZG4BLUM3JVIN\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"roles\":null,\"PolicyId\":\"ANPAZKAPJZG4BLUM3JVIN\",\"DefaultVersionId\":\"v3\",\"Description\":null,\"IsAttachable\":true,\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"CreateDate\":\"2020-09-09T17:27:19Z\",\"AttachmentCount\":1,\"PolicyName\":\"AWSQuickSightElasticsearchPolicy\",\"UpdateDate\":\"2021-09-07T23:25:55Z\",\"document\":{\"Statement\":[{\"Action\":[\"es:ESHttpGet\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:es:*:*:domain/*/\",\"arn:aws:es:*:*:domain/*/_cluster/settings\",\"arn:aws:es:*:*:domain/*/_cat/indices\"]},{\"Resource\":\"*\",\"Action\":\"es:ListDomainNames\",\"Effect\":\"Allow\"},{\"Action\":[\"es:DescribeElasticsearchDomain\",\"es:DescribeDomain\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:es:*:*:domain/*\"]},{\"Action\":[\"es:ESHttpPost\",\"es:ESHttpGet\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:es:*:*:domain/*/_opendistro/_sql\",\"arn:aws:es:*:*:domain/*/_plugin/_sql\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy\"},\"id\":[\"arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy\",\"ANPAZKAPJZG4BLUM3JVIN\"],\"name\":\"AWSQuickSightElasticsearchPolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.365+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess\",\"ANPAZKAPJZG4BUM4GCASI\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess\":{\"type\":\"policy\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v4\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4BUM4GCASI\",\"document\":{\"Statement\":[{\"Action\":[\"events:*\",\"schemas:*\",\"scheduler:*\",\"pipes:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EventBridgeActions\"},{\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"apidestinations.events.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy\",\"Sid\":\"IAMCreateServiceLinkedRoleForApiDestinations\"},{\"Resource\":\"arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas\",\"Sid\":\"IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"schemas.amazonaws.com\"}},\"Effect\":\"Allow\"},{\"Action\":[\"secretsmanager:CreateSecret\",\"secretsmanager:UpdateSecret\",\"secretsmanager:DeleteSecret\",\"secretsmanager:GetSecretValue\",\"secretsmanager:PutSecretValue\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:secretsmanager:*:*:secret:events!*\",\"Sid\":\"SecretsManagerAccessForApiDestinations\"},{\"Condition\":{\"StringLike\":{\"iam:PassedToService\":\"events.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/*\",\"Sid\":\"IAMPassRoleAccessForEventBridge\",\"Action\":\"iam:PassRole\"},{\"Condition\":{\"StringLike\":{\"iam:PassedToService\":\"scheduler.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/*\",\"Sid\":\"IAMPassRoleAccessForScheduler\",\"Action\":\"iam:PassRole\"},{\"Sid\":\"IAMPassRoleAccessForPipes\",\"Action\":\"iam:PassRole\",\"Condition\":{\"StringLike\":{\"iam:PassedToService\":\"pipes.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"CreateDate\":\"2019-07-11T14:08:55Z\",\"IsAttachable\":true,\"PolicyName\":\"AmazonEventBridgeFullAccess\",\"UpdateDate\":\"2022-12-01T17:00:46Z\",\"Arn\":\"arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess\",\"Path\":\"/\",\"roles\":null,\"Tags\":null},\"id\":[\"arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess\",\"ANPAZKAPJZG4BUM4GCASI\"],\"name\":\"AmazonEventBridgeFullAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"EventBridgeActions\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"IAMCreateServiceLinkedRoleForApiDestinations\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"arn:aws:iam::*:role/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"apidestinations.events.amazonaws.com\"}}},{\"resource\":[\"arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"schemas.amazonaws.com\"}},\"version\":\"2012-10-17\",\"id\":\"IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"]},{\"version\":\"2012-10-17\",\"id\":\"SecretsManagerAccessForApiDestinations\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:secretsmanager:*:*:secret:events!*\"]},{\"action\":[\"iam:PassRole\"],\"resource\":[\"arn:aws:iam::*:role/*\"],\"condition\":{\"StringLike\":{\"iam:PassedToService\":\"events.amazonaws.com\"}},\"version\":\"2012-10-17\",\"id\":\"IAMPassRoleAccessForEventBridge\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"IAMPassRoleAccessForScheduler\",\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"],\"resource\":[\"arn:aws:iam::*:role/*\"],\"condition\":{\"StringLike\":{\"iam:PassedToService\":\"scheduler.amazonaws.com\"}}},{\"version\":\"2012-10-17\",\"id\":\"IAMPassRoleAccessForPipes\",\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"],\"resource\":[\"arn:aws:iam::*:role/*\"],\"condition\":{\"StringLike\":{\"iam:PassedToService\":\"pipes.amazonaws.com\"}}}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AllowSSMAgentPermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"AllowSSMChannelMessaging\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"AllowSSMLegacyMessaging\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonSSMManagedEC2InstanceDefaultPolicy\",\"ANPAZKAPJZG4LVDRKUQFG\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonSSMManagedEC2InstanceDefaultPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v2\",\"Description\":null,\"IsAttachable\":true,\"Tags\":null,\"UpdateDate\":\"2024-07-16T18:14:07Z\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowSSMAgentPermissions\",\"Action\":[\"ssm:DescribeAssociation\",\"ssm:GetDeployablePatchSnapshotForInstance\",\"ssm:GetDocument\",\"ssm:DescribeDocument\",\"ssm:GetManifest\",\"ssm:ListAssociations\",\"ssm:ListInstanceAssociations\",\"ssm:PutInventory\",\"ssm:PutComplianceItems\",\"ssm:PutConfigurePackageResult\",\"ssm:UpdateAssociationStatus\",\"ssm:UpdateInstanceAssociationStatus\",\"ssm:UpdateInstanceInformation\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Resource\":\"*\",\"Sid\":\"AllowSSMChannelMessaging\",\"Action\":[\"ssmmessages:CreateControlChannel\",\"ssmmessages:CreateDataChannel\",\"ssmmessages:OpenControlChannel\",\"ssmmessages:OpenDataChannel\"],\"Effect\":\"Allow\"},{\"Action\":[\"ec2messages:AcknowledgeMessage\",\"ec2messages:DeleteMessage\",\"ec2messages:FailMessage\",\"ec2messages:GetEndpoint\",\"ec2messages:GetMessages\",\"ec2messages:SendReply\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowSSMLegacyMessaging\"}]},\"Arn\":\"arn:aws:iam::aws:policy/AmazonSSMManagedEC2InstanceDefaultPolicy\",\"AttachmentCount\":1,\"roles\":null,\"Path\":\"/\",\"PolicyId\":\"ANPAZKAPJZG4LVDRKUQFG\",\"PolicyName\":\"AmazonSSMManagedEC2InstanceDefaultPolicy\",\"CreateDate\":\"2022-08-30T20:54:27Z\",\"PermissionsBoundaryUsageCount\":0},\"id\":[\"arn:aws:iam::aws:policy/AmazonSSMManagedEC2InstanceDefaultPolicy\",\"ANPAZKAPJZG4LVDRKUQFG\"],\"name\":\"AmazonSSMManagedEC2InstanceDefaultPolicy\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"raw\":{\"roles\":null,\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"CreateDate\":\"2019-11-22T04:36:25Z\",\"Description\":null,\"Path\":\"/aws-service-role/\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy\",\"UpdateDate\":\"2019-11-22T04:36:25Z\",\"PolicyName\":\"AmazonEKSForFargateServiceRolePolicy\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ec2:CreateNetworkInterface\",\"ec2:CreateNetworkInterfacePermission\",\"ec2:DeleteNetworkInterface\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeVpcs\",\"ec2:DescribeDhcpOptions\",\"ec2:DescribeRouteTables\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}]},\"AttachmentCount\":1,\"DefaultVersionId\":\"v1\",\"PolicyId\":\"ANPAZKAPJZG4JAUTVFICB\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy\",\"ANPAZKAPJZG4JAUTVFICB\"],\"name\":\"AmazonEKSForFargateServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy\",\"ANPAZKAPJZG4JAUTVFICB\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"DescribeInstanceInfo\",\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"ec2:SourceInstanceARN\":\"*${ec2:InstanceId}\"}}},{\"version\":\"2012-10-17\",\"id\":\"CreateSnapshotsWithTag\",\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"aws:RequestTag/AwsVssConfig\":\"*\"}}},{\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"ec2:SourceInstanceARN\":\"*${ec2:InstanceId}\"}},\"version\":\"2012-10-17\",\"id\":\"CreateSnapshotsAccessInstance\"},{\"id\":\"CreateSnapshotsAccessVolume\",\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"id\":\"CreateImageWithTag\",\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"aws:RequestTag/AwsVssConfig\":\"*\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"CreateImageAccessInstance\",\"effect\":\"Allow\",\"condition\":{\"StringLike\":{\"ec2:SourceInstanceARN\":\"*${ec2:InstanceId}\"}}},{\"condition\":{\"StringEquals\":{\"ec2:CreateAction\":[\"CreateImage\",\"CreateSnapshots\"]}},\"version\":\"2012-10-17\",\"id\":\"CreateTagsOnResourceCreation\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateTags\"]},{\"version\":\"2012-10-17\",\"id\":\"CreateTagsAfterResourceCreation\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateTags\"],\"condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"AppConsistent\",\"Device\"]},\"StringLike\":{\"ec2:ResourceTag/AwsVssConfig\":\"*\"}}},{\"version\":\"2012-10-17\",\"id\":\"DescribeImagesAndSnapshots\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AWSEC2VssSnapshotPolicy\",\"ANPAZKAPJZG4KEG6SNTSF\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AWSEC2VssSnapshotPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"UpdateDate\":\"2024-03-27T16:32:53Z\",\"roles\":null,\"AttachmentCount\":1,\"PermissionsBoundaryUsageCount\":0,\"Path\":\"/\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:DescribeInstanceAttribute\"],\"Condition\":{\"StringLike\":{\"ec2:SourceInstanceARN\":\"*${ec2:InstanceId}\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:instance/*\"],\"Sid\":\"DescribeInstanceInfo\"},{\"Action\":[\"ec2:CreateSnapshots\"],\"Condition\":{\"StringLike\":{\"aws:RequestTag/AwsVssConfig\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:snapshot/*\"],\"Sid\":\"CreateSnapshotsWithTag\"},{\"Action\":[\"ec2:CreateSnapshots\"],\"Condition\":{\"StringLike\":{\"ec2:SourceInstanceARN\":\"*${ec2:InstanceId}\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:instance/*\"],\"Sid\":\"CreateSnapshotsAccessInstance\"},{\"Sid\":\"CreateSnapshotsAccessVolume\",\"Action\":[\"ec2:CreateSnapshots\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\"]},{\"Resource\":[\"arn:aws:ec2:*:*:snapshot/*\",\"arn:aws:ec2:*:*:image/*\"],\"Sid\":\"CreateImageWithTag\",\"Action\":[\"ec2:CreateImage\"],\"Condition\":{\"StringLike\":{\"aws:RequestTag/AwsVssConfig\":\"*\"}},\"Effect\":\"Allow\"},{\"Resource\":[\"arn:aws:ec2:*:*:instance/*\"],\"Sid\":\"CreateImageAccessInstance\",\"Action\":[\"ec2:CreateImage\"],\"Condition\":{\"StringLike\":{\"ec2:SourceInstanceARN\":\"*${ec2:InstanceId}\"}},\"Effect\":\"Allow\"},{\"Sid\":\"CreateTagsOnResourceCreation\",\"Action\":\"ec2:CreateTags\",\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":[\"CreateImage\",\"CreateSnapshots\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:snapshot/*\",\"arn:aws:ec2:*:*:image/*\"]},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:snapshot/*\",\"arn:aws:ec2:*:*:image/*\"],\"Sid\":\"CreateTagsAfterResourceCreation\",\"Action\":\"ec2:CreateTags\",\"Condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"AppConsistent\",\"Device\"]},\"StringLike\":{\"ec2:ResourceTag/AwsVssConfig\":\"*\"}}},{\"Action\":[\"ec2:DescribeImages\",\"ec2:DescribeSnapshots\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"DescribeImagesAndSnapshots\"}],\"Version\":\"2012-10-17\"},\"IsAttachable\":true,\"DefaultVersionId\":\"v1\",\"Description\":null,\"PolicyId\":\"ANPAZKAPJZG4KEG6SNTSF\",\"PolicyName\":\"AWSEC2VssSnapshotPolicy\",\"Tags\":null,\"Arn\":\"arn:aws:iam::aws:policy/AWSEC2VssSnapshotPolicy\",\"CreateDate\":\"2024-03-27T16:32:53Z\"},\"id\":[\"arn:aws:iam::aws:policy/AWSEC2VssSnapshotPolicy\",\"ANPAZKAPJZG4KEG6SNTSF\"],\"name\":\"AWSEC2VssSnapshotPolicy\",\"category\":\"identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder\",\"AttachmentCount\":1,\"Description\":null,\"IsAttachable\":true,\"CreateDate\":\"2019-11-29T22:02:13Z\",\"DefaultVersionId\":\"v19\",\"PolicyId\":\"ANPAZKAPJZG4NE22WISEW\",\"UpdateDate\":\"2023-10-19T21:30:10Z\",\"Path\":\"/aws-service-role/\",\"PolicyName\":\"AWSServiceRoleForImageBuilder\",\"Tags\":null,\"roles\":null,\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Action\":[\"ec2:RunInstances\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*::image/*\",\"arn:aws:ec2:*::snapshot/*\",\"arn:aws:ec2:*:*:subnet/*\",\"arn:aws:ec2:*:*:network-interface/*\",\"arn:aws:ec2:*:*:security-group/*\",\"arn:aws:ec2:*:*:key-pair/*\",\"arn:aws:ec2:*:*:launch-template/*\",\"arn:aws:license-manager:*:*:license-configuration:*\"]},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:instance/*\"],\"Action\":[\"ec2:RunInstances\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/CreatedBy\":[\"EC2 Image Builder\",\"EC2 Fast Launch\"]}}},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":\"iam:PassRole\",\"Condition\":{\"StringEquals\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\",\"ec2.amazonaws.com.cn\",\"vmie.amazonaws.com\"]}}},{\"Resource\":\"*\",\"Action\":[\"ec2:StopInstances\",\"ec2:StartInstances\",\"ec2:TerminateInstances\"],\"Condition\":{\"StringEquals\":{\"ec2:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}},\"Effect\":\"Allow\"},{\"Action\":[\"ec2:CopyImage\",\"ec2:CreateImage\",\"ec2:CreateLaunchTemplate\",\"ec2:DeregisterImage\",\"ec2:DescribeImages\",\"ec2:DescribeInstanceAttribute\",\"ec2:DescribeInstanceStatus\",\"ec2:DescribeInstances\",\"ec2:DescribeInstanceTypeOfferings\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeSubnets\",\"ec2:DescribeTags\",\"ec2:ModifyImageAttribute\",\"ec2:DescribeImportImageTasks\",\"ec2:DescribeExportImageTasks\",\"ec2:DescribeSnapshots\",\"ec2:DescribeHosts\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:ModifySnapshotAttribute\"],\"Condition\":{\"StringEquals\":{\"ec2:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*::snapshot/*\"},{\"Condition\":{\"StringEquals\":{\"aws:RequestTag/CreatedBy\":[\"EC2 Image Builder\",\"EC2 Fast Launch\"],\"ec2:CreateAction\":[\"RunInstances\",\"CreateImage\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ec2:CreateTags\"]},{\"Action\":[\"ec2:CreateTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*::image/*\",\"arn:aws:ec2:*:*:export-image-task/*\"]},{\"Action\":[\"ec2:CreateTags\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/CreatedBy\":[\"EC2 Image Builder\",\"EC2 Fast Launch\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*::snapshot/*\",\"arn:aws:ec2:*:*:launch-template/*\"]},{\"Action\":[\"license-manager:UpdateLicenseSpecificationsForResource\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"sns:Publish\"]},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ssm:ListCommands\",\"ssm:ListCommandInvocations\",\"ssm:AddTagsToResource\",\"ssm:DescribeInstanceInformation\",\"ssm:GetAutomationExecution\",\"ssm:StopAutomationExecution\",\"ssm:ListInventoryEntries\",\"ssm:SendAutomationSignal\",\"ssm:DescribeInstanceAssociationsStatus\",\"ssm:DescribeAssociationExecutions\",\"ssm:GetCommandInvocation\"]},{\"Action\":\"ssm:SendCommand\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ssm:*:*:document/AWS-RunPowerShellScript\",\"arn:aws:ssm:*:*:document/AWS-RunShellScript\",\"arn:aws:ssm:*:*:document/AWSEC2-RunSysprep\",\"arn:aws:s3:::*\"]},{\"Action\":[\"ssm:SendCommand\"],\"Condition\":{\"StringEquals\":{\"ssm:resourceTag/CreatedBy\":[\"EC2 Image Builder\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:instance/*\"]},{\"Action\":\"ssm:StartAutomationExecution\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:*:*:automation-definition/ImageBuilder*\"},{\"Resource\":[\"arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory\",\"arn:aws:ssm:*:*:association/*\",\"arn:aws:ec2:*:*:instance/*\"],\"Action\":[\"ssm:CreateAssociation\",\"ssm:DeleteAssociation\"],\"Effect\":\"Allow\"},{\"Action\":[\"kms:Encrypt\",\"kms:Decrypt\",\"kms:ReEncryptFrom\",\"kms:ReEncryptTo\",\"kms:GenerateDataKeyWithoutPlaintext\"],\"Condition\":{\"ForAllValues:StringEquals\":{\"kms:EncryptionContextKeys\":[\"aws:ebs:id\"]},\"StringLike\":{\"kms:ViaService\":[\"ec2.*.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Resource\":\"*\",\"Action\":[\"kms:DescribeKey\"],\"Condition\":{\"StringLike\":{\"kms:ViaService\":[\"ec2.*.amazonaws.com\"]}},\"Effect\":\"Allow\"},{\"Action\":\"kms:CreateGrant\",\"Condition\":{\"Bool\":{\"kms:GrantIsForAWSResource\":true},\"StringLike\":{\"kms:ViaService\":[\"ec2.*.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*\",\"Action\":[\"logs:CreateLogStream\",\"logs:CreateLogGroup\",\"logs:PutLogEvents\"]},{\"Action\":[\"ec2:CreateLaunchTemplateVersion\",\"ec2:DescribeLaunchTemplates\",\"ec2:ModifyLaunchTemplate\",\"ec2:DescribeLaunchTemplateVersions\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Condition\":{\"StringEquals\":{\"ec2:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*::image/*\",\"Action\":[\"ec2:ExportImage\"]},{\"Action\":[\"ec2:ExportImage\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:export-image-task/*\"},{\"Action\":[\"ec2:CancelExportTask\"],\"Condition\":{\"StringEquals\":{\"ec2:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:export-image-task/*\"},{\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"ssm.amazonaws.com\",\"ec2fastlaunch.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:EnableFastLaunch\"],\"Condition\":{\"StringEquals\":{\"ec2:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*::image/*\",\"arn:aws:ec2:*:*:launch-template/*\"]},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"inspector2:ListCoverage\",\"inspector2:ListFindings\"]},{\"Action\":[\"ecr:CreateRepository\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/CreatedBy\":\"EC2 Image Builder\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ecr:TagResource\"],\"Condition\":{\"StringEquals\":{\"aws:RequestTag/CreatedBy\":\"EC2 Image Builder\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ecr:*:*:repository/image-builder-*\"},{\"Resource\":\"arn:aws:ecr:*:*:repository/image-builder-*\",\"Action\":[\"ecr:BatchDeleteImage\"],\"Condition\":{\"StringEquals\":{\"ecr:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}},\"Effect\":\"Allow\"},{\"Action\":[\"events:DeleteRule\",\"events:DescribeRule\",\"events:PutRule\",\"events:PutTargets\",\"events:RemoveTargets\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:events:*:*:rule/ImageBuilder-*\"]}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder\",\"ANPAZKAPJZG4NE22WISEW\"],\"name\":\"AWSServiceRoleForImageBuilder\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"aws:RequestTag/CreatedBy\":[\"EC2 Image Builder\",\"EC2 Fast Launch\"]}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\",\"ec2.amazonaws.com.cn\",\"vmie.amazonaws.com\"]}}},{\"condition\":{\"StringEquals\":{\"ec2:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*::snapshot/*\"],\"condition\":{\"StringEquals\":{\"ec2:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}}},{\"condition\":{\"StringEquals\":{\"aws:RequestTag/CreatedBy\":[\"EC2 Image Builder\",\"EC2 Fast Launch\"],\"ec2:CreateAction\":[\"RunInstances\",\"CreateImage\"]}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"aws:RequestTag/CreatedBy\":[\"EC2 Image Builder\",\"EC2 Fast Launch\"]}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"ssm:SendCommand\"]},{\"condition\":{\"StringEquals\":{\"ssm:resourceTag/CreatedBy\":[\"EC2 Image Builder\"]}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"action\":[\"ssm:StartAutomationExecution\"],\"resource\":[\"arn:aws:ssm:*:*:automation-definition/ImageBuilder*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"ForAllValues:StringEquals\":{\"kms:EncryptionContextKeys\":[\"aws:ebs:id\"]},\"StringLike\":{\"kms:ViaService\":[\"ec2.*.amazonaws.com\"]}},\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"kms:ViaService\":[\"ec2.*.amazonaws.com\"]}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"kms:CreateGrant\"],\"resource\":[\"*\"],\"condition\":{\"Bool\":{\"kms:GrantIsForAWSResource\":true},\"StringLike\":{\"kms:ViaService\":[\"ec2.*.amazonaws.com\"]}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"sts:AssumeRole\"],\"resource\":[\"arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole\"]},{\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"resource\":[\"arn:aws:ec2:*::image/*\"],\"condition\":{\"StringEquals\":{\"ec2:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:export-image-task/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:export-image-task/*\"],\"condition\":{\"StringEquals\":{\"ec2:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}}},{\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":[\"ssm.amazonaws.com\",\"ec2fastlaunch.amazonaws.com\"]}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"ec2:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}}},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"aws:RequestTag/CreatedBy\":\"EC2 Image Builder\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ecr:*:*:repository/image-builder-*\"],\"condition\":{\"StringEquals\":{\"aws:RequestTag/CreatedBy\":\"EC2 Image Builder\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ecr:*:*:repository/image-builder-*\"],\"condition\":{\"StringEquals\":{\"ecr:ResourceTag/CreatedBy\":\"EC2 Image Builder\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder\",\"ANPAZKAPJZG4NE22WISEW\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973134\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973145\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"id\":\"Stmt1480452973144\",\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973165\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973149\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:network-interface/*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:network-interface/*\"],\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973150\"},{\"id\":\"Stmt1480452973154\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973164\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973174\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973184\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973194\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973195\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973196\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"cloudwatch:namespace\":[\"AWS/ES\",\"AWS/OpenSearch\"]}},\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973197\",\"effect\":\"Allow\",\"action\":[\"cloudwatch:PutMetricData\"]},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973198\",\"effect\":\"Allow\"},{\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"StringEquals\":{\"aws:RequestTag/OpenSearchManaged\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973199\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateVpcEndpoint\"]},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973200\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"StringEquals\":{\"aws:ResourceTag/OpenSearchManaged\":\"true\"}}},{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973201\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"Stmt1480452973202\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:vpc-endpoint/*\"],\"condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"CreateVpcEndpoint\"}}}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServiceRolePolicy\",\"ANPAZKAPJZG4NHHCOTRP6\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"asset\":{\"name\":\"AmazonOpenSearchServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"roles\":null,\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"IsAttachable\":true,\"PolicyId\":\"ANPAZKAPJZG4NHHCOTRP6\",\"Tags\":null,\"UpdateDate\":\"2024-08-20T22:57:07Z\",\"AttachmentCount\":1,\"DefaultVersionId\":\"v8\",\"Path\":\"/aws-service-role/\",\"PolicyName\":\"AmazonOpenSearchServiceRolePolicy\",\"document\":{\"Statement\":[{\"Action\":[\"ec2:CreateNetworkInterface\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:network-interface/*\",\"arn:aws:ec2:*:*:subnet/*\",\"arn:aws:ec2:*:*:security-group/*\"],\"Sid\":\"Stmt1480452973134\"},{\"Action\":[\"ec2:DescribeNetworkInterfaces\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Stmt1480452973145\"},{\"Resource\":[\"arn:aws:ec2:*:*:network-interface/*\"],\"Sid\":\"Stmt1480452973144\",\"Action\":[\"ec2:DeleteNetworkInterface\"],\"Effect\":\"Allow\"},{\"Action\":[\"ec2:ModifyNetworkInterfaceAttribute\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:network-interface/*\",\"arn:aws:ec2:*:*:security-group/*\"],\"Sid\":\"Stmt1480452973165\"},{\"Resource\":\"arn:aws:ec2:*:*:network-interface/*\",\"Sid\":\"Stmt1480452973149\",\"Action\":[\"ec2:AssignIpv6Addresses\"],\"Effect\":\"Allow\"},{\"Action\":[\"ec2:UnAssignIpv6Addresses\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:network-interface/*\",\"Sid\":\"Stmt1480452973150\"},{\"Action\":[\"ec2:DescribeSecurityGroups\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Stmt1480452973154\"},{\"Action\":[\"ec2:DescribeSubnets\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Stmt1480452973164\"},{\"Action\":[\"ec2:DescribeVpcs\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Stmt1480452973174\"},{\"Action\":[\"elasticloadbalancing:AddListenerCertificates\",\"elasticloadbalancing:RemoveListenerCertificates\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:elasticloadbalancing:*:*:listener/*\"],\"Sid\":\"Stmt1480452973184\"},{\"Sid\":\"Stmt1480452973194\",\"Action\":[\"ec2:CreateTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:network-interface/*\"]},{\"Sid\":\"Stmt1480452973195\",\"Action\":[\"ec2:DescribeTags\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"acm:DescribeCertificate\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Stmt1480452973196\"},{\"Condition\":{\"StringEquals\":{\"cloudwatch:namespace\":[\"AWS/ES\",\"AWS/OpenSearch\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Stmt1480452973197\",\"Action\":\"cloudwatch:PutMetricData\"},{\"Action\":[\"ec2:CreateVpcEndpoint\",\"ec2:ModifyVpcEndpoint\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:vpc/*\",\"arn:aws:ec2:*:*:security-group/*\",\"arn:aws:ec2:*:*:subnet/*\",\"arn:aws:ec2:*:*:route-table/*\"],\"Sid\":\"Stmt1480452973198\"},{\"Action\":\"ec2:CreateVpcEndpoint\",\"Condition\":{\"StringEquals\":{\"aws:RequestTag/OpenSearchManaged\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\",\"Sid\":\"Stmt1480452973199\"},{\"Sid\":\"Stmt1480452973200\",\"Action\":[\"ec2:ModifyVpcEndpoint\",\"ec2:DeleteVpcEndpoints\"],\"Condition\":{\"StringEquals\":{\"aws:ResourceTag/OpenSearchManaged\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\"},{\"Action\":[\"ec2:DescribeVpcEndpoints\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"Stmt1480452973201\"},{\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"CreateVpcEndpoint\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:vpc-endpoint/*\",\"Sid\":\"Stmt1480452973202\",\"Action\":[\"ec2:CreateTags\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServiceRolePolicy\",\"CreateDate\":\"2021-08-26T09:27:09Z\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServiceRolePolicy\",\"ANPAZKAPJZG4NHHCOTRP6\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"cloudwatch:namespace\":[\"AWS/RolesAnywhere\",\"AWS/Usage\"]}}},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:acm-pca:*:*:*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSRolesAnywhereServicePolicy\",\"ANPAZKAPJZG4L542JDEGK\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSRolesAnywhereServicePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"AttachmentCount\":1,\"Description\":null,\"roles\":null,\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"Path\":\"/aws-service-role/\",\"PolicyId\":\"ANPAZKAPJZG4L542JDEGK\",\"PolicyName\":\"AWSRolesAnywhereServicePolicy\",\"document\":{\"Statement\":[{\"Resource\":\"*\",\"Action\":[\"cloudwatch:PutMetricData\"],\"Condition\":{\"StringEquals\":{\"cloudwatch:namespace\":[\"AWS/RolesAnywhere\",\"AWS/Usage\"]}},\"Effect\":\"Allow\"},{\"Action\":[\"acm-pca:GetCertificateAuthorityCertificate\",\"acm-pca:DescribeCertificateAuthority\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:acm-pca:*:*:*\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSRolesAnywhereServicePolicy\",\"CreateDate\":\"2022-07-05T15:26:11Z\",\"UpdateDate\":\"2022-07-05T15:26:11Z\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSRolesAnywhereServicePolicy\",\"ANPAZKAPJZG4L542JDEGK\"],\"name\":\"AWSRolesAnywhereServicePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"CloudTrailEventsAccess\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*\"]},{\"version\":\"2012-10-17\",\"id\":\"ApiGatewayAccess\",\"effect\":\"Allow\",\"action\":[\"apigateway:GET\"]},{\"version\":\"2012-10-17\",\"id\":\"ResourceInventoryAccess\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy\",\"ANPAZKAPJZG4K2H54PAUL\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"roles\":null,\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4K2H54PAUL\",\"PolicyName\":\"AWSResourceExplorerServiceRolePolicy\",\"UpdateDate\":\"2024-11-14T17:22:13Z\",\"AttachmentCount\":1,\"DefaultVersionId\":\"v10\",\"document\":{\"Statement\":[{\"Action\":[\"cloudtrail:CreateServiceLinkedChannel\",\"cloudtrail:GetServiceLinkedChannel\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*\",\"Sid\":\"CloudTrailEventsAccess\"},{\"Action\":\"apigateway:GET\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:apigateway:*::/restapis\",\"arn:aws:apigateway:*::/restapis/*/deployments\"],\"Sid\":\"ApiGatewayAccess\"},{\"Action\":[\"access-analyzer:ListAnalyzers\",\"acm-pca:ListCertificateAuthorities\",\"acm:ListCertificates\",\"airflow:ListEnvironments\",\"amplify:ListApps\",\"amplify:ListBackendEnvironments\",\"amplify:ListBranches\",\"amplify:ListDomainAssociations\",\"amplifyuibuilder:ListComponents\",\"amplifyuibuilder:ListThemes\",\"app-integrations:ListEventIntegrations\",\"appflow:ListFlows\",\"appmesh:ListMeshes\",\"appmesh:ListVirtualNodes\",\"appmesh:ListVirtualServices\",\"apprunner:ListServices\",\"apprunner:ListVpcConnectors\",\"appstream:DescribeAppBlocks\",\"appstream:DescribeApplications\",\"appstream:DescribeFleets\",\"appstream:DescribeImageBuilders\",\"appstream:DescribeStacks\",\"appsync:ListGraphqlApis\",\"aps:ListRuleGroupsNamespaces\",\"aps:ListWorkspaces\",\"athena:ListDataCatalogs\",\"athena:ListWorkGroups\",\"auditmanager:GetAccountStatus\",\"auditmanager:ListAssessments\",\"autoscaling:DescribeAutoScalingGroups\",\"backup:ListBackupPlans\",\"backup:ListBackupVaults\",\"backup:ListReportPlans\",\"batch:DescribeComputeEnvironments\",\"batch:DescribeJobQueues\",\"batch:ListSchedulingPolicies\",\"cloudformation:ListStackSets\",\"cloudformation:ListStacks\",\"cloudfront:ListCachePolicies\",\"cloudfront:ListCloudFrontOriginAccessIdentities\",\"cloudfront:ListDistributions\",\"cloudfront:ListFieldLevelEncryptionConfigs\",\"cloudfront:ListFieldLevelEncryptionProfiles\",\"cloudfront:ListFunctions\",\"cloudfront:ListOriginAccessControls\",\"cloudfront:ListOriginRequestPolicies\",\"cloudfront:ListRealtimeLogConfigs\",\"cloudfront:ListResponseHeadersPolicies\",\"cloudtrail:ListTrails\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:DescribeInsightRules\",\"cloudwatch:ListDashboards\",\"cloudwatch:ListMetricStreams\",\"codeartifact:ListDomains\",\"codeartifact:ListRepositories\",\"codebuild:ListProjects\",\"codecommit:ListRepositories\",\"codeguru-profiler:ListProfilingGroups\",\"codeguru-reviewer:ListRepositoryAssociations\",\"codepipeline:ListPipelines\",\"codepipeline:ListWebhooks\",\"codestar-connections:ListConnections\",\"cognito-identity:ListIdentityPools\",\"cognito-idp:ListUserPools\",\"comprehend:ListDocumentClassifiers\",\"comprehend:ListEntityRecognizers\",\"connect:ListInstances\",\"connect:ListQuickConnects\",\"connect:ListUsers\",\"databrew:ListDatasets\",\"databrew:ListJobs\",\"databrew:ListProjects\",\"databrew:ListRecipes\",\"databrew:ListRulesets\",\"databrew:ListSchedules\",\"dataexchange:ListDataSets\",\"datasync:ListLocations\",\"datasync:ListTasks\",\"detective:ListGraphs\",\"dms:DescribeEndpoints\",\"dms:DescribeEventSubscriptions\",\"dms:DescribeReplicationInstances\",\"dms:DescribeReplicationSubnetGroups\",\"dms:DescribeReplicationTasks\",\"ds:DescribeDirectories\",\"dynamodb:ListStreams\",\"dynamodb:ListTables\",\"ec2:DescribeAddresses\",\"ec2:DescribeCapacityReservationFleets\",\"ec2:DescribeCapacityReservations\",\"ec2:DescribeCarrierGateways\",\"ec2:DescribeClientVpnEndpoints\",\"ec2:DescribeCustomerGateways\",\"ec2:DescribeDhcpOptions\",\"ec2:DescribeEgressOnlyInternetGateways\",\"ec2:DescribeElasticGpus\",\"ec2:DescribeExportImageTasks\",\"ec2:DescribeExportTasks\",\"ec2:DescribeFleets\",\"ec2:DescribeFlowLogs\",\"ec2:DescribeFpgaImages\",\"ec2:DescribeHostReservations\",\"ec2:DescribeHosts\",\"ec2:DescribeImages\",\"ec2:DescribeImportImageTasks\",\"ec2:DescribeImportSnapshotTasks\",\"ec2:DescribeInstanceEventWindows\",\"ec2:DescribeInstances\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeIpamPools\",\"ec2:DescribeIpamScopes\",\"ec2:DescribeIpams\",\"ec2:DescribeKeyPairs\",\"ec2:DescribeLaunchTemplates\",\"ec2:DescribeManagedPrefixLists\",\"ec2:DescribeNatGateways\",\"ec2:DescribeNetworkAcls\",\"ec2:DescribeNetworkInsightsAccessScopeAnalyses\",\"ec2:DescribeNetworkInsightsAccessScopes\",\"ec2:DescribeNetworkInsightsAnalyses\",\"ec2:DescribeNetworkInsightsPaths\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribePlacementGroups\",\"ec2:DescribePublicIpv4Pools\",\"ec2:DescribeReservedInstances\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSecurityGroupRules\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSnapshots\",\"ec2:DescribeSpotFleetRequests\",\"ec2:DescribeSpotInstanceRequests\",\"ec2:DescribeSubnets\",\"ec2:DescribeTrafficMirrorFilters\",\"ec2:DescribeTrafficMirrorSessions\",\"ec2:DescribeTrafficMirrorTargets\",\"ec2:DescribeTransitGatewayAttachments\",\"ec2:DescribeTransitGatewayConnectPeers\",\"ec2:DescribeTransitGatewayMulticastDomains\",\"ec2:DescribeTransitGatewayPolicyTables\",\"ec2:DescribeTransitGatewayRouteTableAnnouncements\",\"ec2:DescribeTransitGatewayRouteTables\",\"ec2:DescribeTransitGateways\",\"ec2:DescribeVerifiedAccessEndpoints\",\"ec2:DescribeVerifiedAccessGroups\",\"ec2:DescribeVerifiedAccessInstances\",\"ec2:DescribeVerifiedAccessTrustProviders\",\"ec2:DescribeVolumes\",\"ec2:DescribeVpcEndpointServices\",\"ec2:DescribeVpcEndpoints\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpnConnections\",\"ec2:DescribeVpnGateways\",\"ec2:GetSubnetCidrReservations\",\"ecr-public:DescribeRepositories\",\"ecr:DescribeRepositories\",\"ecs:DescribeCapacityProviders\",\"ecs:DescribeServices\",\"ecs:ListClusters\",\"ecs:ListContainerInstances\",\"ecs:ListServices\",\"ecs:ListTaskDefinitions\",\"ecs:ListTasks\",\"eks:ListClusters\",\"elasticache:DescribeCacheClusters\",\"elasticache:DescribeCacheParameterGroups\",\"elasticache:DescribeCacheSecurityGroups\",\"elasticache:DescribeCacheSubnetGroups\",\"elasticache:DescribeGlobalReplicationGroups\",\"elasticache:DescribeReplicationGroups\",\"elasticache:DescribeReservedCacheNodes\",\"elasticache:DescribeSnapshots\",\"elasticache:DescribeUserGroups\",\"elasticache:DescribeUsers\",\"elasticbeanstalk:DescribeApplicationVersions\",\"elasticbeanstalk:DescribeApplications\",\"elasticbeanstalk:DescribeEnvironments\",\"elasticfilesystem:DescribeAccessPoints\",\"elasticfilesystem:DescribeFileSystems\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticmapreduce:ListClusters\",\"emr-containers:ListVirtualClusters\",\"emr-serverless:ListApplications\",\"es:ListDomainNames\",\"events:ListEventBuses\",\"events:ListRules\",\"evidently:ListExperiments\",\"evidently:ListFeatures\",\"evidently:ListLaunches\",\"evidently:ListProjects\",\"finspace:ListEnvironments\",\"firehose:ListDeliveryStreams\",\"fis:ListExperimentTemplates\",\"forecast:ListDatasetGroups\",\"forecast:ListDatasets\",\"frauddetector:GetDetectors\",\"frauddetector:GetEntityTypes\",\"frauddetector:GetEventTypes\",\"frauddetector:GetExternalModels\",\"frauddetector:GetLabels\",\"frauddetector:GetModels\",\"frauddetector:GetOutcomes\",\"frauddetector:GetVariables\",\"fsx:DescribeFileSystems\",\"gamelift:DescribeGameSessionQueues\",\"gamelift:DescribeMatchmakingConfigurations\",\"gamelift:DescribeMatchmakingRuleSets\",\"gamelift:ListAliases\",\"gamelift:ListBuilds\",\"geo:ListPlaceIndexes\",\"geo:ListTrackers\",\"glacier:ListVaults\",\"globalaccelerator:ListAccelerators\",\"globalaccelerator:ListEndpointGroups\",\"globalaccelerator:ListListeners\",\"glue:GetCrawlers\",\"glue:GetDatabases\",\"glue:GetJobs\",\"glue:GetTables\",\"glue:GetTriggers\",\"glue:ListMLTransforms\",\"greengrass:ListComponentVersions\",\"greengrass:ListComponents\",\"greengrass:ListConnectorDefinitions\",\"greengrass:ListCoreDefinitions\",\"greengrass:ListDeviceDefinitions\",\"greengrass:ListFunctionDefinitions\",\"greengrass:ListGroups\",\"greengrass:ListLoggerDefinitions\",\"greengrass:ListResourceDefinitions\",\"greengrass:ListSubscriptionDefinitions\",\"groundstation:ListConfigs\",\"guardduty:ListDetectors\",\"guardduty:ListFilters\",\"guardduty:ListIPSets\",\"guardduty:ListThreatIntelSets\",\"healthlake:ListFHIRDatastores\",\"iam:ListGroups\",\"iam:ListInstanceProfiles\",\"iam:ListOpenIDConnectProviders\",\"iam:ListPolicies\",\"iam:ListRoles\",\"iam:ListSAMLProviders\",\"iam:ListServerCertificates\",\"iam:ListUsers\",\"iam:ListVirtualMFADevices\",\"imagebuilder:ListComponentBuildVersions\",\"imagebuilder:ListComponents\",\"imagebuilder:ListContainerRecipes\",\"imagebuilder:ListDistributionConfigurations\",\"imagebuilder:ListImageBuildVersions\",\"imagebuilder:ListImagePipelines\",\"imagebuilder:ListImageRecipes\",\"imagebuilder:ListImages\",\"imagebuilder:ListInfrastructureConfigurations\",\"iot:ListAuthorizers\",\"iot:ListJobTemplates\",\"iot:ListMitigationActions\",\"iot:ListPolicies\",\"iot:ListProvisioningTemplates\",\"iot:ListRoleAliases\",\"iot:ListSecurityProfiles\",\"iot:ListThings\",\"iot:ListTopicRuleDestinations\",\"iot:ListTopicRules\",\"iotanalytics:ListChannels\",\"iotanalytics:ListDatasets\",\"iotanalytics:ListDatastores\",\"iotanalytics:ListPipelines\",\"iotevents:ListAlarmModels\",\"iotevents:ListDetectorModels\",\"iotevents:ListInputs\",\"iotsitewise:ListAssetModels\",\"iotsitewise:ListAssets\",\"iotsitewise:ListDashboards\",\"iotsitewise:ListGateways\",\"iotsitewise:ListPortals\",\"iotsitewise:ListProjects\",\"iottwinmaker:ListComponentTypes\",\"iottwinmaker:ListEntities\",\"iottwinmaker:ListScenes\",\"iottwinmaker:ListWorkspaces\",\"iotwireless:ListServiceProfiles\",\"ivs:ListChannels\",\"ivs:ListRecordingConfigurations\",\"ivs:ListStreamKeys\",\"kafka:ListClusters\",\"kafka:ListConfigurations\",\"kendra:ListIndices\",\"kinesis:ListStreamConsumers\",\"kinesis:ListStreams\",\"kinesisanalytics:ListApplications\",\"kinesisvideo:ListStreams\",\"kms:ListKeys\",\"lambda:ListAliases\",\"lambda:ListCodeSigningConfigs\",\"lambda:ListEventSourceMappings\",\"lambda:ListFunctions\",\"lambda:ListLayerVersions\",\"lambda:ListLayers\",\"lex:ListBotAliases\",\"lex:ListBots\",\"logs:DescribeDestinations\",\"logs:DescribeLogGroups\",\"logs:DescribeLogStreams\",\"lookoutmetrics:ListAlerts\",\"lookoutvision:ListProjects\",\"macie2:ListCustomDataIdentifiers\",\"macie2:ListFindingsFilters\",\"mediapackage-vod:ListPackagingConfigurations\",\"mediapackage-vod:ListPackagingGroups\",\"mediapackage:ListChannels\",\"mediapackage:ListOriginEndpoints\",\"mediatailor:ListPlaybackConfigurations\",\"memorydb:DescribeACLs\",\"memorydb:DescribeClusters\",\"memorydb:DescribeParameterGroups\",\"memorydb:DescribeSubnetGroups\",\"memorydb:DescribeUsers\",\"mobiletargeting:GetApps\",\"mobiletargeting:GetCampaigns\",\"mobiletargeting:GetSegments\",\"mobiletargeting:ListTemplates\",\"mq:ListBrokers\",\"network-firewall:ListFirewallPolicies\",\"network-firewall:ListFirewalls\",\"networkmanager:DescribeGlobalNetworks\",\"networkmanager:GetDevices\",\"networkmanager:GetLinks\",\"networkmanager:ListAttachments\",\"networkmanager:ListCoreNetworks\",\"organizations:DescribeAccount\",\"organizations:DescribeOrganization\",\"organizations:ListAWSServiceAccessForOrganization\",\"organizations:ListAccounts\",\"organizations:ListDelegatedAdministrators\",\"panorama:ListPackages\",\"personalize:ListDatasetGroups\",\"personalize:ListDatasets\",\"personalize:ListSchemas\",\"proton:ListEnvironmentAccountConnections\",\"qldb:ListJournalKinesisStreamsForLedger\",\"qldb:ListLedgers\",\"quicksight:DescribeAccountSubscription\",\"quicksight:ListDataSets\",\"quicksight:ListDataSources\",\"quicksight:ListTemplates\",\"ram:GetResourceShares\",\"rds:DescribeBlueGreenDeployments\",\"rds:DescribeDBClusterEndpoints\",\"rds:DescribeDBClusterParameterGroups\",\"rds:DescribeDBClusterSnapshots\",\"rds:DescribeDBClusters\",\"rds:DescribeDBEngineVersions\",\"rds:DescribeDBInstanceAutomatedBackups\",\"rds:DescribeDBInstances\",\"rds:DescribeDBParameterGroups\",\"rds:DescribeDBProxies\",\"rds:DescribeDBProxyEndpoints\",\"rds:DescribeDBSecurityGroups\",\"rds:DescribeDBSnapshots\",\"rds:DescribeDBSubnetGroups\",\"rds:DescribeEventSubscriptions\",\"rds:DescribeGlobalClusters\",\"rds:DescribeOptionGroups\",\"rds:DescribeReservedDBInstances\",\"redshift:DescribeClusterParameterGroups\",\"redshift:DescribeClusterSnapshots\",\"redshift:DescribeClusterSubnetGroups\",\"redshift:DescribeClusters\",\"redshift:DescribeEventSubscriptions\",\"redshift:DescribeSnapshotCopyGrants\",\"redshift:DescribeSnapshotSchedules\",\"redshift:DescribeUsageLimits\",\"refactor-spaces:ListApplications\",\"refactor-spaces:ListEnvironments\",\"refactor-spaces:ListRoutes\",\"refactor-spaces:ListServices\",\"rekognition:DescribeProjects\",\"resiliencehub:ListApps\",\"resiliencehub:ListResiliencyPolicies\",\"resource-explorer-2:GetIndex\",\"resource-explorer-2:ListIndexes\",\"resource-explorer-2:ListViews\",\"resource-groups:ListGroups\",\"robomaker:ListRobotApplications\",\"robomaker:ListSimulationApplications\",\"route53-recovery-readiness:ListRecoveryGroups\",\"route53-recovery-readiness:ListResourceSets\",\"route53:ListHealthChecks\",\"route53:ListHostedZones\",\"route53domains:ListDomains\",\"route53resolver:ListFirewallDomainLists\",\"route53resolver:ListFirewallRuleGroups\",\"route53resolver:ListResolverEndpoints\",\"route53resolver:ListResolverQueryLogConfigs\",\"route53resolver:ListResolverRules\",\"s3:GetBucketLocation\",\"s3:ListAccessPoints\",\"s3:ListAllMyBuckets\",\"s3:ListBucket\",\"s3:ListStorageLensConfigurations\",\"sagemaker:ListDomains\",\"sagemaker:ListEndpoints\",\"sagemaker:ListFeatureGroups\",\"sagemaker:ListImages\",\"sagemaker:ListModels\",\"sagemaker:ListNotebookInstances\",\"sagemaker:ListPipelines\",\"secretsmanager:ListSecrets\",\"servicecatalog:ListApplications\",\"servicecatalog:ListAttributeGroups\",\"ses:ListConfigurationSets\",\"ses:ListContactLists\",\"ses:ListEmailIdentities\",\"signer:ListSigningProfiles\",\"sns:ListTopics\",\"sqs:ListQueues\",\"ssm-incidents:ListResponsePlans\",\"ssm:DescribeAutomationExecutions\",\"ssm:DescribeInstanceInformation\",\"ssm:DescribeMaintenanceWindowTargets\",\"ssm:DescribeMaintenanceWindowTasks\",\"ssm:DescribeMaintenanceWindows\",\"ssm:DescribeParameters\",\"ssm:DescribePatchBaselines\",\"ssm:ListAssociations\",\"ssm:ListDocuments\",\"ssm:ListInventoryEntries\",\"ssm:ListResourceDataSync\",\"states:ListActivities\",\"states:ListStateMachines\",\"storagegateway:ListGateways\",\"timestream:ListDatabases\",\"transfer:ListWorkflows\",\"wisdom:ListAssistants\",\"wisdom:listAssistantAssociations\",\"wisdom:listKnowledgeBases\",\"workspaces:DescribeWorkspaces\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"ResourceInventoryAccess\"}],\"Version\":\"2012-10-17\"},\"CreateDate\":\"2022-10-25T20:35:29Z\",\"Tags\":null,\"Path\":\"/aws-service-role/\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy\",\"IsAttachable\":true},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy\",\"ANPAZKAPJZG4K2H54PAUL\"],\"name\":\"AWSResourceExplorerServiceRolePolicy\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"name\":\"AmazonSSMPatchAssociation\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"CreateDate\":\"2020-05-13T16:00:42Z\",\"DefaultVersionId\":\"v1\",\"Description\":null,\"Tags\":null,\"UpdateDate\":\"2020-05-13T16:00:42Z\",\"roles\":null,\"document\":{\"Statement\":[{\"Action\":\"ssm:DescribeEffectivePatchesForPatchBaseline\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:*:*:patchbaseline/*\"},{\"Action\":\"ssm:GetPatchBaseline\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:*:*:patchbaseline/*\"},{\"Action\":\"tag:GetResources\",\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":\"ssm:DescribePatchBaselines\",\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"IsAttachable\":true,\"Path\":\"/\",\"PolicyName\":\"AmazonSSMPatchAssociation\",\"Arn\":\"arn:aws:iam::aws:policy/AmazonSSMPatchAssociation\",\"AttachmentCount\":1,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4EWLEL5ZX7\"},\"id\":[\"arn:aws:iam::aws:policy/AmazonSSMPatchAssociation\",\"ANPAZKAPJZG4EWLEL5ZX7\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"resource\":[\"arn:aws:ssm:*:*:patchbaseline/*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"ssm:DescribeEffectivePatchesForPatchBaseline\"]},{\"effect\":\"Allow\",\"action\":[\"ssm:GetPatchBaseline\"],\"resource\":[\"arn:aws:ssm:*:*:patchbaseline/*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"tag:GetResources\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"ssm:DescribePatchBaselines\"],\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonSSMPatchAssociation\",\"ANPAZKAPJZG4EWLEL5ZX7\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonSSMPatchAssociation\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"entity.metadata\":{\"arn:aws:iam::aws:policy/AWSCloudFormationFullAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PolicyId\":\"ANPAZKAPJZG4CRR3ZS723\",\"Arn\":\"arn:aws:iam::aws:policy/AWSCloudFormationFullAccess\",\"DefaultVersionId\":\"v1\",\"PolicyName\":\"AWSCloudFormationFullAccess\",\"Tags\":null,\"roles\":null,\"AttachmentCount\":1,\"CreateDate\":\"2019-07-26T21:50:35Z\",\"Description\":null,\"IsAttachable\":true,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"UpdateDate\":\"2019-07-26T21:50:35Z\",\"document\":{\"Statement\":[{\"Action\":[\"cloudformation:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::aws:policy/AWSCloudFormationFullAccess\",\"ANPAZKAPJZG4CRR3ZS723\"],\"name\":\"AWSCloudFormationFullAccess\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/AWSCloudFormationFullAccess\",\"ANPAZKAPJZG4CRR3ZS723\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"Description\":null,\"IsAttachable\":true,\"DefaultVersionId\":\"v1\",\"Path\":\"/aws-service-role/\",\"PolicyId\":\"ANPAZKAPJZG4PP6VJFZS6\",\"PolicyName\":\"Ec2InstanceConnectEndpoint\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/Ec2InstanceConnectEndpoint\",\"AttachmentCount\":1,\"document\":{\"Statement\":[{\"Action\":[\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribeAvailabilityZones\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:subnet/*\",\"Action\":[\"ec2:CreateNetworkInterface\"]},{\"Resource\":\"arn:aws:ec2:*:*:network-interface/*\",\"Action\":[\"ec2:CreateNetworkInterface\"],\"Condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"InstanceConnectEndpointId\"]},\"Null\":{\"aws:RequestTag/InstanceConnectEndpointId\":\"false\"}},\"Effect\":\"Allow\"},{\"Action\":[\"ec2:ModifyNetworkInterfaceAttribute\"],\"Condition\":{\"Null\":{\"aws:ResourceTag/InstanceConnectEndpointId\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:network-interface/*\"},{\"Action\":[\"ec2:CreateTags\"],\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"CreateNetworkInterface\"},\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"InstanceConnectEndpointId\"]},\"Null\":{\"aws:RequestTag/InstanceConnectEndpointId\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*:*:network-interface/*\"},{\"Action\":[\"ec2:DeleteNetworkInterface\"],\"Condition\":{\"StringLike\":{\"aws:ResourceTag/InstanceConnectEndpointId\":[\"eice-*\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"CreateDate\":\"2023-01-24T20:19:21Z\",\"UpdateDate\":\"2023-01-24T20:19:21Z\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/Ec2InstanceConnectEndpoint\",\"ANPAZKAPJZG4PP6VJFZS6\"],\"name\":\"Ec2InstanceConnectEndpoint\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:subnet/*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:network-interface/*\"],\"condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"InstanceConnectEndpointId\"]},\"Null\":{\"aws:RequestTag/InstanceConnectEndpointId\":\"false\"}}},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:ec2:*:*:network-interface/*\"],\"condition\":{\"Null\":{\"aws:ResourceTag/InstanceConnectEndpointId\":\"false\"}},\"version\":\"2012-10-17\"},{\"resource\":[\"arn:aws:ec2:*:*:network-interface/*\"],\"condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"InstanceConnectEndpointId\"]},\"Null\":{\"aws:RequestTag/InstanceConnectEndpointId\":\"false\"},\"StringEquals\":{\"ec2:CreateAction\":\"CreateNetworkInterface\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"aws:ResourceTag/InstanceConnectEndpointId\":[\"eice-*\"]}}}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/Ec2InstanceConnectEndpoint\",\"ANPAZKAPJZG4PP6VJFZS6\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/Ec2InstanceConnectEndpoint\":{\"type\":\"policy\",\"category\":\"identity\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/eks\":\"*\"}},\"version\":\"2012-10-17\",\"id\":\"SharedSecurityGroupRelatedPermissions\"},{\"version\":\"2012-10-17\",\"id\":\"EKSCreatedSecurityGroupRelatedPermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/eks:nodegroup-name\":\"*\"}}},{\"id\":\"LaunchTemplateRelatedPermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/eks:nodegroup-name\":\"*\"}},\"version\":\"2012-10-17\"},{\"id\":\"AutoscalingRelatedPermissions\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AllowAutoscalingToCreateSLR\",\"effect\":\"Allow\",\"action\":[\"iam:CreateServiceLinkedRole\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"autoscaling.amazonaws.com\"}}},{\"version\":\"2012-10-17\",\"id\":\"AllowASGCreationByEKS\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":[\"eks\",\"eks:cluster-name\",\"eks:nodegroup-name\"]}}},{\"id\":\"AllowPassRoleToAutoscaling\",\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"],\"resource\":[\"*\"],\"condition\":{\"StringEquals\":{\"iam:PassedToService\":\"autoscaling.amazonaws.com\"}},\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"action\":[\"iam:PassRole\"],\"resource\":[\"*\"],\"condition\":{\"StringEqualsIfExists\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\"]}},\"version\":\"2012-10-17\",\"id\":\"AllowPassRoleToEC2\"},{\"version\":\"2012-10-17\",\"id\":\"PermissionsToManageResourcesForNodegroups\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"resource\":[\"arn:aws:iam::*:instance-profile/eks-*\"],\"version\":\"2012-10-17\",\"id\":\"PermissionsToCreateAndManageInstanceProfiles\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"PermissionsToManageEKSAndKubernetesTags\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"ForAnyValue:StringLike\":{\"aws:TagKeys\":[\"eks\",\"eks:cluster-name\",\"eks:nodegroup-name\",\"kubernetes.io/cluster/*\"]}}}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup\",\"ANPAZKAPJZG4KH2AAMJJG\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v9\",\"PolicyName\":\"AWSServiceRoleForAmazonEKSNodegroup\",\"UpdateDate\":\"2024-08-21T15:51:37Z\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup\",\"AttachmentCount\":1,\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"document\":{\"Statement\":[{\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/eks\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"SharedSecurityGroupRelatedPermissions\",\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:AuthorizeSecurityGroupEgress\",\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:DescribeInstances\",\"ec2:RevokeSecurityGroupEgress\",\"ec2:DeleteSecurityGroup\"]},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EKSCreatedSecurityGroupRelatedPermissions\",\"Action\":[\"ec2:RevokeSecurityGroupIngress\",\"ec2:AuthorizeSecurityGroupEgress\",\"ec2:AuthorizeSecurityGroupIngress\",\"ec2:DescribeInstances\",\"ec2:RevokeSecurityGroupEgress\",\"ec2:DeleteSecurityGroup\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/eks:nodegroup-name\":\"*\"}}},{\"Action\":[\"ec2:DeleteLaunchTemplate\",\"ec2:CreateLaunchTemplateVersion\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/eks:nodegroup-name\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"LaunchTemplateRelatedPermissions\"},{\"Resource\":\"arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*\",\"Sid\":\"AutoscalingRelatedPermissions\",\"Action\":[\"autoscaling:UpdateAutoScalingGroup\",\"autoscaling:DeleteAutoScalingGroup\",\"autoscaling:TerminateInstanceInAutoScalingGroup\",\"autoscaling:CompleteLifecycleAction\",\"autoscaling:PutLifecycleHook\",\"autoscaling:PutNotificationConfiguration\",\"autoscaling:EnableMetricsCollection\",\"autoscaling:PutScheduledUpdateGroupAction\",\"autoscaling:ResumeProcesses\",\"autoscaling:SuspendProcesses\"],\"Effect\":\"Allow\"},{\"Sid\":\"AllowAutoscalingToCreateSLR\",\"Action\":\"iam:CreateServiceLinkedRole\",\"Condition\":{\"StringEquals\":{\"iam:AWSServiceName\":\"autoscaling.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"autoscaling:CreateOrUpdateTags\",\"autoscaling:CreateAutoScalingGroup\"],\"Condition\":{\"ForAnyValue:StringEquals\":{\"aws:TagKeys\":[\"eks\",\"eks:cluster-name\",\"eks:nodegroup-name\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowASGCreationByEKS\"},{\"Action\":\"iam:PassRole\",\"Condition\":{\"StringEquals\":{\"iam:PassedToService\":\"autoscaling.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowPassRoleToAutoscaling\"},{\"Condition\":{\"StringEqualsIfExists\":{\"iam:PassedToService\":[\"ec2.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowPassRoleToEC2\",\"Action\":\"iam:PassRole\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"PermissionsToManageResourcesForNodegroups\",\"Action\":[\"iam:GetRole\",\"ec2:CreateLaunchTemplate\",\"ec2:DescribeInstances\",\"iam:GetInstanceProfile\",\"ec2:DescribeLaunchTemplates\",\"autoscaling:DescribeAutoScalingGroups\",\"ec2:CreateSecurityGroup\",\"ec2:DescribeLaunchTemplateVersions\",\"ec2:RunInstances\",\"ec2:DescribeSecurityGroups\",\"ec2:GetConsoleOutput\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSubnets\",\"ec2:DescribeCapacityReservations\"]},{\"Action\":[\"iam:CreateInstanceProfile\",\"iam:DeleteInstanceProfile\",\"iam:RemoveRoleFromInstanceProfile\",\"iam:AddRoleToInstanceProfile\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:iam::*:instance-profile/eks-*\",\"Sid\":\"PermissionsToCreateAndManageInstanceProfiles\"},{\"Sid\":\"PermissionsToManageEKSAndKubernetesTags\",\"Action\":[\"ec2:CreateTags\",\"ec2:DeleteTags\"],\"Condition\":{\"ForAnyValue:StringLike\":{\"aws:TagKeys\":[\"eks\",\"eks:cluster-name\",\"eks:nodegroup-name\",\"kubernetes.io/cluster/*\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"CreateDate\":\"2019-11-07T01:34:26Z\",\"Description\":null,\"Path\":\"/aws-service-role/\",\"Tags\":null,\"PolicyId\":\"ANPAZKAPJZG4KH2AAMJJG\",\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup\",\"ANPAZKAPJZG4KH2AAMJJG\"],\"name\":\"AWSServiceRoleForAmazonEKSNodegroup\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"TirosPolicy\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"PackageVulnerabilityScanning\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"LambdaPackageVulnerabilityScanning\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"id\":\"GatherInventory\",\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"DataSyncCleanup\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"ManagedRules\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"LambdaCodeVulnerabilityScanning\",\"effect\":\"Allow\"},{\"id\":\"CodeGuruCodeVulnerabilityScanning\",\"effect\":\"Allow\",\"condition\":{\"ForAnyValue:StringEquals\":{\"aws:CalledVia\":[\"codeguru-security.amazonaws.com\"]}},\"version\":\"2012-10-17\"},{\"condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"version\":\"2012-10-17\",\"id\":\"Ec2DeepInspection\",\"effect\":\"Allow\"},{\"id\":\"AllowManagementOfServiceLinkedChannel\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"version\":\"2012-10-17\"},{\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"version\":\"2012-10-17\",\"id\":\"AllowListServiceLinkedChannels\"},{\"id\":\"AllowToRunInvokeCisSpecificDocuments\",\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AllowToRunCisCommandsToSpecificResources\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}}},{\"id\":\"AllowToPutCloudwatchMetricData\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"cloudwatch:namespace\":\"AWS/Inspector2\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonInspector2ServiceRolePolicy\",\"ANPAZKAPJZG4BINOILVQW\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonInspector2ServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AmazonInspector2ServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"document\":{\"Statement\":[{\"Action\":[\"directconnect:DescribeConnections\",\"directconnect:DescribeDirectConnectGatewayAssociations\",\"directconnect:DescribeDirectConnectGatewayAttachments\",\"directconnect:DescribeDirectConnectGateways\",\"directconnect:DescribeVirtualGateways\",\"directconnect:DescribeVirtualInterfaces\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeCustomerGateways\",\"ec2:DescribeInstances\",\"ec2:DescribeInternetGateways\",\"ec2:DescribeManagedPrefixLists\",\"ec2:DescribeNatGateways\",\"ec2:DescribeNetworkAcls\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DescribePrefixLists\",\"ec2:DescribeRegions\",\"ec2:DescribeRouteTables\",\"ec2:DescribeSecurityGroups\",\"ec2:DescribeSubnets\",\"ec2:DescribeTransitGatewayAttachments\",\"ec2:DescribeTransitGatewayConnects\",\"ec2:DescribeTransitGatewayPeeringAttachments\",\"ec2:DescribeTransitGatewayRouteTables\",\"ec2:DescribeTransitGatewayVpcAttachments\",\"ec2:DescribeTransitGateways\",\"ec2:DescribeVpcEndpointServiceConfigurations\",\"ec2:DescribeVpcEndpoints\",\"ec2:DescribeVpcPeeringConnections\",\"ec2:DescribeVpcs\",\"ec2:DescribeVpnConnections\",\"ec2:DescribeVpnGateways\",\"ec2:GetManagedPrefixListEntries\",\"ec2:GetTransitGatewayRouteTablePropagations\",\"ec2:SearchTransitGatewayRoutes\",\"elasticloadbalancing:DescribeListeners\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeRules\",\"elasticloadbalancing:DescribeTags\",\"elasticloadbalancing:DescribeTargetGroups\",\"elasticloadbalancing:DescribeTargetGroupAttributes\",\"elasticloadbalancing:DescribeTargetHealth\",\"network-firewall:DescribeFirewall\",\"network-firewall:DescribeFirewallPolicy\",\"network-firewall:DescribeResourcePolicy\",\"network-firewall:DescribeRuleGroup\",\"network-firewall:ListFirewallPolicies\",\"network-firewall:ListFirewalls\",\"network-firewall:ListRuleGroups\",\"tiros:CreateQuery\",\"tiros:GetQueryAnswer\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"],\"Sid\":\"TirosPolicy\"},{\"Action\":[\"ecr:BatchGetImage\",\"ecr:BatchGetRepositoryScanningConfiguration\",\"ecr:DescribeImages\",\"ecr:DescribeRegistry\",\"ecr:DescribeRepositories\",\"ecr:GetAuthorizationToken\",\"ecr:GetDownloadUrlForLayer\",\"ecr:GetRegistryScanningConfiguration\",\"ecr:ListImages\",\"ecr:PutRegistryScanningConfiguration\",\"organizations:DescribeAccount\",\"organizations:DescribeOrganization\",\"organizations:ListAccounts\",\"ssm:DescribeAssociation\",\"ssm:DescribeAssociationExecutions\",\"ssm:DescribeInstanceInformation\",\"ssm:ListAssociations\",\"ssm:ListResourceDataSync\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"PackageVulnerabilityScanning\"},{\"Action\":[\"lambda:ListFunctions\",\"lambda:GetFunction\",\"lambda:GetLayerVersion\",\"lambda:ListTags\",\"cloudwatch:GetMetricData\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"LambdaPackageVulnerabilityScanning\"},{\"Action\":[\"ssm:CreateAssociation\",\"ssm:StartAssociationsOnce\",\"ssm:DeleteAssociation\",\"ssm:UpdateAssociation\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:instance/*\",\"arn:aws:ssm:*:*:document/AmazonInspector2-*\",\"arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory\",\"arn:aws:ssm:*:*:managed-instance/*\",\"arn:aws:ssm:*:*:association/*\"],\"Sid\":\"GatherInventory\"},{\"Action\":[\"ssm:CreateResourceDataSync\",\"ssm:DeleteResourceDataSync\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ssm:*:*:resource-data-sync/InspectorResourceDataSync-do-not-delete\"],\"Sid\":\"DataSyncCleanup\"},{\"Action\":[\"events:PutRule\",\"events:DeleteRule\",\"events:DescribeRule\",\"events:ListTargetsByRule\",\"events:PutTargets\",\"events:RemoveTargets\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:events:*:*:rule/DO-NOT-DELETE-AmazonInspector*ManagedRule\"],\"Sid\":\"ManagedRules\"},{\"Action\":[\"codeguru-security:CreateScan\",\"codeguru-security:GetAccountConfiguration\",\"codeguru-security:GetFindings\",\"codeguru-security:GetScan\",\"codeguru-security:ListFindings\",\"codeguru-security:BatchGetFindings\",\"codeguru-security:DeleteScansByCategory\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"],\"Sid\":\"LambdaCodeVulnerabilityScanning\"},{\"Sid\":\"CodeGuruCodeVulnerabilityScanning\",\"Action\":[\"iam:GetRole\",\"iam:GetRolePolicy\",\"iam:GetPolicy\",\"iam:GetPolicyVersion\",\"iam:ListAttachedRolePolicies\",\"iam:ListPolicies\",\"iam:ListPolicyVersions\",\"iam:ListRolePolicies\",\"lambda:ListVersionsByFunction\"],\"Condition\":{\"ForAnyValue:StringEquals\":{\"aws:CalledVia\":[\"codeguru-security.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":[\"*\"]},{\"Action\":[\"ssm:PutParameter\",\"ssm:GetParameters\",\"ssm:DeleteParameter\"],\"Condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ssm:*:*:parameter/inspector-aws/service/inspector-linux-application-paths\"],\"Sid\":\"Ec2DeepInspection\"},{\"Action\":[\"cloudtrail:CreateServiceLinkedChannel\",\"cloudtrail:DeleteServiceLinkedChannel\"],\"Condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:cloudtrail:*:*:channel/aws-service-channel/inspector2/*\"],\"Sid\":\"AllowManagementOfServiceLinkedChannel\"},{\"Action\":[\"cloudtrail:ListServiceLinkedChannels\"],\"Condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"Effect\":\"Allow\",\"Resource\":[\"*\"],\"Sid\":\"AllowListServiceLinkedChannels\"},{\"Resource\":[\"arn:aws:ssm:*:*:document/AmazonInspector2-InvokeInspectorSsmPluginCIS\"],\"Sid\":\"AllowToRunInvokeCisSpecificDocuments\",\"Action\":[\"ssm:SendCommand\",\"ssm:GetCommandInvocation\"],\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:instance/*\"],\"Sid\":\"AllowToRunCisCommandsToSpecificResources\",\"Action\":[\"ssm:SendCommand\"],\"Condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}}},{\"Sid\":\"AllowToPutCloudwatchMetricData\",\"Action\":[\"cloudwatch:PutMetricData\"],\"Condition\":{\"StringEquals\":{\"cloudwatch:namespace\":\"AWS/Inspector2\"}},\"Effect\":\"Allow\",\"Resource\":[\"*\"]}],\"Version\":\"2012-10-17\"},\"CreateDate\":\"2021-11-16T20:27:48Z\",\"DefaultVersionId\":\"v13\",\"Description\":null,\"PolicyName\":\"AmazonInspector2ServiceRolePolicy\",\"Tags\":null,\"roles\":null,\"IsAttachable\":true,\"UpdateDate\":\"2024-08-14T16:03:32Z\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonInspector2ServiceRolePolicy\",\"AttachmentCount\":1,\"Path\":\"/aws-service-role/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4BINOILVQW\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonInspector2ServiceRolePolicy\",\"ANPAZKAPJZG4BINOILVQW\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"tags\":null,\"raw\":{\"CreateDate\":\"2019-12-09T23:52:37Z\",\"Description\":null,\"UpdateDate\":\"2019-12-09T23:52:37Z\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::*:role/stacksets-exec-*\"],\"Action\":[\"iam:CreateRole\",\"iam:DeleteRole\",\"iam:GetRole\"]},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:iam::*:role/stacksets-exec-*\"],\"Action\":[\"iam:DetachRolePolicy\",\"iam:AttachRolePolicy\"],\"Condition\":{\"StringEquals\":{\"iam:PolicyARN\":\"arn:aws:iam::aws:policy/AdministratorAccess\"}}}],\"Version\":\"2012-10-17\"},\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"Path\":\"/aws-service-role/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4LHV6H6QDU\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy\",\"AttachmentCount\":1,\"PolicyName\":\"CloudFormationStackSetsOrgMemberServiceRolePolicy\",\"Tags\":null,\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy\",\"ANPAZKAPJZG4LHV6H6QDU\"],\"name\":\"CloudFormationStackSetsOrgMemberServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"iam:PolicyARN\":\"arn:aws:iam::aws:policy/AdministratorAccess\"}}}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy\",\"ANPAZKAPJZG4LHV6H6QDU\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy\",\"ANPAZKAPJZG4CFKVDHQJH\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"raw\":{\"AttachmentCount\":1,\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"PolicyName\":\"AWSQuickSightTimestreamPolicy\",\"Tags\":null,\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4CFKVDHQJH\",\"UpdateDate\":\"2020-09-30T21:47:03Z\",\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy\",\"CreateDate\":\"2020-09-30T21:47:03Z\",\"Path\":\"/service-role/\",\"document\":{\"Statement\":[{\"Action\":[\"timestream:Select\",\"timestream:CancelQuery\",\"timestream:ListTables\",\"timestream:ListDatabases\",\"timestream:ListMeasures\",\"timestream:DescribeTable\",\"timestream:DescribeDatabase\",\"timestream:SelectValues\",\"timestream:DescribeEndpoints\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}},\"id\":[\"arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy\",\"ANPAZKAPJZG4CFKVDHQJH\"],\"name\":\"AWSQuickSightTimestreamPolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\"ANPAZKAPJZG4PBOFT2NNA\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":62,\"CreateDate\":\"2020-08-12T00:55:34Z\",\"DefaultVersionId\":\"v1\",\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AmazonEKSVPCResourceController\",\"Arn\":\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\"Path\":\"/\",\"Tags\":null,\"IsAttachable\":true,\"PolicyId\":\"ANPAZKAPJZG4PBOFT2NNA\",\"document\":{\"Statement\":[{\"Action\":\"ec2:CreateNetworkInterfacePermission\",\"Condition\":{\"ForAnyValue:StringEquals\":{\"ec2:ResourceTag/eks:eni:owner\":\"eks-vpc-resource-controller\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:CreateNetworkInterface\",\"ec2:DetachNetworkInterface\",\"ec2:ModifyNetworkInterfaceAttribute\",\"ec2:DeleteNetworkInterface\",\"ec2:AttachNetworkInterface\",\"ec2:UnassignPrivateIpAddresses\",\"ec2:AssignPrivateIpAddresses\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"UpdateDate\":\"2020-08-12T00:55:34Z\",\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\"ANPAZKAPJZG4PBOFT2NNA\"],\"name\":\"AmazonEKSVPCResourceController\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateNetworkInterfacePermission\"],\"resource\":[\"*\"],\"condition\":{\"ForAnyValue:StringEquals\":{\"ec2:ResourceTag/eks:eni:owner\":\"eks-vpc-resource-controller\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"asset\":{\"name\":\"AmazonDevOpsGuruServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"IsAttachable\":true,\"Tags\":null,\"CreateDate\":\"2020-12-01T10:24:42Z\",\"DefaultVersionId\":\"v9\",\"Description\":null,\"Path\":\"/aws-service-role/\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"autoscaling:DescribeAutoScalingGroups\",\"cloudtrail:LookupEvents\",\"cloudwatch:GetMetricData\",\"cloudwatch:ListMetrics\",\"cloudwatch:DescribeAnomalyDetectors\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:ListDashboards\",\"cloudwatch:GetDashboard\",\"cloudformation:GetTemplate\",\"cloudformation:ListStacks\",\"cloudformation:ListStackResources\",\"cloudformation:DescribeStacks\",\"cloudformation:ListImports\",\"codedeploy:BatchGetDeployments\",\"codedeploy:GetDeploymentGroup\",\"codedeploy:ListDeployments\",\"config:DescribeConfigurationRecorderStatus\",\"config:GetResourceConfigHistory\",\"events:ListRuleNamesByTarget\",\"xray:GetServiceGraph\",\"organizations:ListRoots\",\"organizations:ListChildren\",\"organizations:ListDelegatedAdministrators\",\"pi:GetResourceMetrics\",\"tag:GetResources\",\"lambda:GetFunction\",\"lambda:GetFunctionConcurrency\",\"lambda:GetAccountSettings\",\"lambda:ListProvisionedConcurrencyConfigs\",\"lambda:ListAliases\",\"lambda:ListEventSourceMappings\",\"lambda:GetPolicy\",\"ec2:DescribeSubnets\",\"application-autoscaling:DescribeScalableTargets\",\"application-autoscaling:DescribeScalingPolicies\",\"sqs:GetQueueAttributes\",\"kinesis:DescribeStream\",\"kinesis:DescribeLimits\",\"dynamodb:DescribeTable\",\"dynamodb:DescribeLimits\",\"dynamodb:DescribeContinuousBackups\",\"dynamodb:DescribeStream\",\"dynamodb:ListStreams\",\"elasticloadbalancing:DescribeLoadBalancers\",\"elasticloadbalancing:DescribeLoadBalancerAttributes\",\"rds:DescribeDBInstances\",\"rds:DescribeDBClusters\",\"rds:DescribeOptionGroups\",\"rds:DescribeDBClusterParameters\",\"rds:DescribeDBInstanceAutomatedBackups\",\"rds:DescribeAccountAttributes\",\"logs:DescribeLogGroups\",\"logs:DescribeLogStreams\",\"s3:GetBucketNotification\",\"s3:GetBucketPolicy\",\"s3:GetBucketPublicAccessBlock\",\"s3:GetBucketTagging\",\"s3:GetBucketWebsite\",\"s3:GetIntelligentTieringConfiguration\",\"s3:GetLifecycleConfiguration\",\"s3:GetReplicationConfiguration\",\"s3:ListAllMyBuckets\",\"s3:ListStorageLensConfigurations\",\"servicequotas:GetServiceQuota\",\"servicequotas:ListRequestedServiceQuotaChangeHistory\",\"servicequotas:ListServiceQuotas\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"events:PutTargets\",\"events:PutRule\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:events:*:*:rule/DevOps-Guru-managed-*\",\"Sid\":\"AllowPutTargetsOnASpecificRule\"},{\"Resource\":\"*\",\"Sid\":\"AllowCreateOpsItem\",\"Action\":[\"ssm:CreateOpsItem\"],\"Effect\":\"Allow\"},{\"Action\":[\"ssm:AddTagsToResource\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:*:*:opsitem/*\",\"Sid\":\"AllowAddTagsToOpsItem\"},{\"Resource\":\"*\",\"Sid\":\"AllowAccessOpsItem\",\"Action\":[\"ssm:GetOpsItem\",\"ssm:UpdateOpsItem\"],\"Condition\":{\"StringEquals\":{\"aws:ResourceTag/DevOps-GuruInsightSsmOpsItemRelated\":\"true\"}},\"Effect\":\"Allow\"},{\"Action\":\"events:PutRule\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*\",\"Sid\":\"AllowCreateManagedRule\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*\",\"Sid\":\"AllowAccessManagedRule\",\"Action\":[\"events:DescribeRule\",\"events:ListTargetsByRule\"]},{\"Action\":[\"events:DeleteRule\",\"events:EnableRule\",\"events:DisableRule\",\"events:PutTargets\",\"events:RemoveTargets\"],\"Condition\":{\"StringEquals\":{\"events:ManagedBy\":\"devops-guru.amazonaws.com\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*\",\"Sid\":\"AllowOtherOperationsOnManagedRule\"},{\"Condition\":{\"StringEquals\":{\"aws:ResourceTag/DevOps-Guru-Analysis\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:*\",\"Sid\":\"AllowTagBasedFilterLogEvents\",\"Action\":[\"logs:FilterLogEvents\"]},{\"Action\":\"apigateway:GET\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:apigateway:*::/restapis/??????????\",\"arn:aws:apigateway:*::/restapis/*/resources\",\"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration\"],\"Sid\":\"AllowAPIGatewayGetIntegrations\"}]},\"AttachmentCount\":1,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4LOGPH224B\",\"PolicyName\":\"AmazonDevOpsGuruServiceRolePolicy\",\"UpdateDate\":\"2023-01-10T14:36:48Z\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy\",\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy\",\"ANPAZKAPJZG4LOGPH224B\"]},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"AllowPutTargetsOnASpecificRule\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:events:*:*:rule/DevOps-Guru-managed-*\"]},{\"version\":\"2012-10-17\",\"id\":\"AllowCreateOpsItem\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"AllowAddTagsToOpsItem\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:ssm:*:*:opsitem/*\"]},{\"condition\":{\"StringEquals\":{\"aws:ResourceTag/DevOps-GuruInsightSsmOpsItemRelated\":\"true\"}},\"version\":\"2012-10-17\",\"id\":\"AllowAccessOpsItem\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"resource\":[\"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*\"],\"version\":\"2012-10-17\",\"id\":\"AllowCreateManagedRule\",\"effect\":\"Allow\",\"action\":[\"events:PutRule\"]},{\"version\":\"2012-10-17\",\"id\":\"AllowAccessManagedRule\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*\"]},{\"version\":\"2012-10-17\",\"id\":\"AllowOtherOperationsOnManagedRule\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*\"],\"condition\":{\"StringEquals\":{\"events:ManagedBy\":\"devops-guru.amazonaws.com\"}}},{\"id\":\"AllowTagBasedFilterLogEvents\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:log-group:*\"],\"condition\":{\"StringEquals\":{\"aws:ResourceTag/DevOps-Guru-Analysis\":\"true\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"AllowAPIGatewayGetIntegrations\",\"effect\":\"Allow\",\"action\":[\"apigateway:GET\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy\",\"ANPAZKAPJZG4LOGPH224B\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy\",\"ANPAZKAPJZG4AEMJZANMJ\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"roles\":null,\"AttachmentCount\":1,\"document\":{\"Statement\":[{\"Action\":[\"logs:CreateLogDelivery\",\"logs:GetLogDelivery\",\"logs:UpdateLogDelivery\",\"logs:DeleteLogDelivery\",\"logs:ListLogDeliveries\",\"logs:DescribeResourcePolicies\",\"logs:DescribeLogGroups\",\"s3:GetBucketPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Description\":null,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4AEMJZANMJ\",\"UpdateDate\":\"2020-08-12T17:47:24Z\",\"CreateDate\":\"2020-08-12T17:47:24Z\",\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"Tags\":null,\"PolicyName\":\"Route53ResolverServiceRolePolicy\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy\",\"Path\":\"/aws-service-role/\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy\",\"ANPAZKAPJZG4AEMJZANMJ\"],\"name\":\"Route53ResolverServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"KMSSynchronizeMultiRegionKey\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy\",\"ANPAZKAPJZG4P3NRAIDRH\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy\",\"Path\":\"/aws-service-role/\",\"PolicyName\":\"AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy\",\"AttachmentCount\":1,\"Description\":null,\"roles\":null,\"CreateDate\":\"2021-06-16T15:37:37Z\",\"DefaultVersionId\":\"v2\",\"PolicyId\":\"ANPAZKAPJZG4P3NRAIDRH\",\"UpdateDate\":\"2024-11-13T22:53:54Z\",\"document\":{\"Statement\":[{\"Action\":[\"kms:SynchronizeMultiRegionKey\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"KMSSynchronizeMultiRegionKey\"}],\"Version\":\"2012-10-17\"},\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"Tags\":null},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy\",\"ANPAZKAPJZG4P3NRAIDRH\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"SageMakerTransformJobAccess\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*\"]},{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"SageMakerModelReadAccess\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"S3ObjectReadAccess\",\"effect\":\"Allow\",\"action\":[\"s3:GetObject\"]},{\"version\":\"2012-10-17\",\"id\":\"S3ObjectUpdateAccess\",\"effect\":\"Allow\",\"action\":[\"s3:PutObject\"],\"resource\":[\"arn:aws:s3:::sagemaker*\"],\"condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}}},{\"resource\":[\"arn:aws:s3:::sagemaker*\"],\"version\":\"2012-10-17\",\"id\":\"S3BucketReadAccess\",\"effect\":\"Allow\",\"action\":[\"s3:ListBucket\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy\",\"ANPAZKAPJZG4MCLBVDT2I\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PolicyId\":\"ANPAZKAPJZG4MCLBVDT2I\",\"UpdateDate\":\"2023-10-30T17:57:43Z\",\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*\",\"Sid\":\"SageMakerTransformJobAccess\",\"Action\":[\"sagemaker:DescribeTransformJob\",\"sagemaker:StopTransformJob\",\"sagemaker:CreateTransformJob\"]},{\"Resource\":\"*\",\"Sid\":\"SageMakerModelReadAccess\",\"Action\":[\"sagemaker:ListModels\",\"sagemaker:DescribeModel\"],\"Effect\":\"Allow\"},{\"Action\":\"s3:GetObject\",\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::quicksight-ml.*\",\"arn:aws:s3:::sagemaker*\"],\"Sid\":\"S3ObjectReadAccess\"},{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:ResourceAccount\":\"${aws:PrincipalAccount}\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::sagemaker*\",\"Sid\":\"S3ObjectUpdateAccess\"},{\"Action\":\"s3:ListBucket\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::sagemaker*\",\"Sid\":\"S3BucketReadAccess\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"CreateDate\":\"2020-01-17T17:18:13Z\",\"IsAttachable\":true,\"Path\":\"/service-role/\",\"DefaultVersionId\":\"v3\",\"PolicyName\":\"AWSQuickSightSageMakerPolicy\",\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy\",\"PermissionsBoundaryUsageCount\":0,\"Tags\":null,\"Description\":null},\"id\":[\"arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy\",\"ANPAZKAPJZG4MCLBVDT2I\"],\"name\":\"AWSQuickSightSageMakerPolicy\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"condition\":{\"StringEquals\":{\"ec2:CreateAction\":[\"CreateVolume\",\"CreateSnapshot\"]}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeName\":\"*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}}},{\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/CSIVolumeName\":\"*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"condition\":{\"StringLike\":{\"ec2:ResourceTag/kubernetes.io/created-for/pvc/name\":\"*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/CSIVolumeSnapshotName\":\"*\"}},\"version\":\"2012-10-17\",\"effect\":\"Allow\"},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"ec2:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}},\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy\",\"ANPAZKAPJZG4IV6FHD2UE\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v2\",\"AttachmentCount\":1,\"IsAttachable\":true,\"Path\":\"/service-role/\",\"PermissionsBoundaryUsageCount\":0,\"Description\":null,\"PolicyId\":\"ANPAZKAPJZG4IV6FHD2UE\",\"PolicyName\":\"AmazonEBSCSIDriverPolicy\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ec2:CreateSnapshot\",\"ec2:AttachVolume\",\"ec2:DetachVolume\",\"ec2:ModifyVolume\",\"ec2:DescribeAvailabilityZones\",\"ec2:DescribeInstances\",\"ec2:DescribeSnapshots\",\"ec2:DescribeTags\",\"ec2:DescribeVolumes\",\"ec2:DescribeVolumesModifications\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"],\"Action\":[\"ec2:CreateTags\"],\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":[\"CreateVolume\",\"CreateSnapshot\"]}}},{\"Action\":[\"ec2:DeleteTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*:*:volume/*\",\"arn:aws:ec2:*:*:snapshot/*\"]},{\"Resource\":\"*\",\"Action\":[\"ec2:CreateVolume\"],\"Condition\":{\"StringLike\":{\"aws:RequestTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\"},{\"Action\":[\"ec2:CreateVolume\"],\"Condition\":{\"StringLike\":{\"aws:RequestTag/CSIVolumeName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:DeleteVolume\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"ec2:DeleteVolume\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/CSIVolumeName\":\"*\"}}},{\"Action\":[\"ec2:DeleteVolume\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/kubernetes.io/created-for/pvc/name\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:DeleteSnapshot\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/CSIVolumeSnapshotName\":\"*\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"ec2:DeleteSnapshot\"],\"Condition\":{\"StringLike\":{\"ec2:ResourceTag/ebs.csi.aws.com/cluster\":\"true\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"}]},\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy\",\"CreateDate\":\"2022-04-04T17:24:29Z\",\"Tags\":null,\"UpdateDate\":\"2022-11-18T14:42:46Z\"},\"id\":[\"arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy\",\"ANPAZKAPJZG4IV6FHD2UE\"],\"name\":\"AmazonEBSCSIDriverPolicy\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"PolicyName\":\"CostOptimizationHubServiceRolePolicy\",\"Tags\":null,\"Description\":null,\"PolicyId\":\"ANPAZKAPJZG4GRVZQTOT7\",\"UpdateDate\":\"2024-07-05T18:02:53Z\",\"document\":{\"Statement\":[{\"Action\":[\"organizations:DescribeOrganization\",\"organizations:ListAccounts\",\"organizations:ListAWSServiceAccessForOrganization\",\"organizations:ListParents\",\"organizations:DescribeOrganizationalUnit\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"],\"Sid\":\"AwsOrgsAccess\"},{\"Action\":[\"organizations:ListDelegatedAdministrators\"],\"Condition\":{\"StringLikeIfExists\":{\"organizations:ServicePrincipal\":[\"cost-optimization-hub.bcm.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AwsOrgsScopedAccess\"},{\"Action\":[\"ce:ListCostAllocationTags\",\"ce:GetCostAndUsage\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"],\"Sid\":\"CostExplorerAccess\"}],\"Version\":\"2012-10-17\"},\"IsAttachable\":true,\"CreateDate\":\"2023-11-26T08:03:59Z\",\"PermissionsBoundaryUsageCount\":0,\"AttachmentCount\":1,\"DefaultVersionId\":\"v2\",\"Path\":\"/aws-service-role/\",\"roles\":null,\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/CostOptimizationHubServiceRolePolicy\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/CostOptimizationHubServiceRolePolicy\",\"ANPAZKAPJZG4GRVZQTOT7\"],\"name\":\"CostOptimizationHubServiceRolePolicy\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AwsOrgsAccess\",\"effect\":\"Allow\"},{\"id\":\"AwsOrgsScopedAccess\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLikeIfExists\":{\"organizations:ServicePrincipal\":[\"cost-optimization-hub.bcm.amazonaws.com\"]}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"CostExplorerAccess\",\"effect\":\"Allow\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/CostOptimizationHubServiceRolePolicy\",\"ANPAZKAPJZG4GRVZQTOT7\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/CostOptimizationHubServiceRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess\",\"ANPAZKAPJZG4AX4TJYLSI\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"asset\":{\"name\":\"CloudWatchApplicationInsightsReadOnlyAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess\",\"CreateDate\":\"2020-11-24T18:48:00Z\",\"DefaultVersionId\":\"v1\",\"IsAttachable\":true,\"PolicyId\":\"ANPAZKAPJZG4AX4TJYLSI\",\"document\":{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"applicationinsights:Describe*\",\"applicationinsights:List*\"]}]},\"AttachmentCount\":1,\"Description\":null,\"Tags\":null,\"UpdateDate\":\"2020-11-24T18:48:00Z\",\"PermissionsBoundaryUsageCount\":0,\"Path\":\"/\",\"PolicyName\":\"CloudWatchApplicationInsightsReadOnlyAccess\",\"roles\":null},\"id\":[\"arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess\",\"ANPAZKAPJZG4AX4TJYLSI\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"effect\":\"Allow\"}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess\",\"ANPAZKAPJZG4C7XDT2FFB\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"tags\":null,\"raw\":{\"Arn\":\"arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4C7XDT2FFB\",\"UpdateDate\":\"2020-03-06T19:26:01Z\",\"roles\":null,\"CreateDate\":\"2019-11-25T17:45:40Z\",\"PolicyName\":\"CloudWatchSyntheticsReadOnlyAccess\",\"document\":{\"Statement\":[{\"Action\":[\"synthetics:Describe*\",\"synthetics:Get*\",\"synthetics:List*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"AttachmentCount\":1,\"DefaultVersionId\":\"v2\",\"Description\":null,\"IsAttachable\":true,\"Tags\":null},\"id\":[\"arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess\",\"ANPAZKAPJZG4C7XDT2FFB\"],\"name\":\"CloudWatchSyntheticsReadOnlyAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"ForAnyValue:StringEquals\":{\"aws:CalledVia\":[\"imagebuilder.amazonaws.com\"],\"kms:EncryptionContextKeys\":\"aws:imagebuilder:arn\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:s3:::ec2imagebuilder*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder\",\"ANPAZKAPJZG4EJC2UPLYL\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder\",\"ANPAZKAPJZG4EJC2UPLYL\"],\"name\":\"EC2InstanceProfileForImageBuilder\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v3\",\"PermissionsBoundaryUsageCount\":0,\"CreateDate\":\"2019-12-01T19:08:23Z\",\"PolicyName\":\"EC2InstanceProfileForImageBuilder\",\"Tags\":null,\"UpdateDate\":\"2020-08-27T16:40:50Z\",\"document\":{\"Statement\":[{\"Action\":[\"imagebuilder:GetComponent\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"kms:Decrypt\"],\"Condition\":{\"ForAnyValue:StringEquals\":{\"aws:CalledVia\":[\"imagebuilder.amazonaws.com\"],\"kms:EncryptionContextKeys\":\"aws:imagebuilder:arn\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"s3:GetObject\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::ec2imagebuilder*\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*\",\"Action\":[\"logs:CreateLogStream\",\"logs:CreateLogGroup\",\"logs:PutLogEvents\"]}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder\",\"Description\":null,\"AttachmentCount\":1,\"IsAttachable\":true,\"Path\":\"/\",\"PolicyId\":\"ANPAZKAPJZG4EJC2UPLYL\",\"roles\":null}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"raw\":{\"DefaultVersionId\":\"v16\",\"IsAttachable\":true,\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4ONJBD4ZY2\",\"PolicyName\":\"AWSBackupServiceLinkedRolePolicyForBackup\",\"document\":{\"Statement\":[{\"Resource\":\"arn:aws:elasticfilesystem:*:*:file-system/*\",\"Sid\":\"EFSResourcePermissions\",\"Action\":[\"elasticfilesystem:Backup\",\"elasticfilesystem:DescribeTags\"],\"Condition\":{\"StringLike\":{\"aws:ResourceTag/aws:elasticfilesystem:default-backup\":\"enabled\"}},\"Effect\":\"Allow\"},{\"Action\":[\"tag:GetResources\",\"elasticfilesystem:DescribeFileSystems\",\"dynamodb:ListTables\",\"storagegateway:ListVolumes\",\"ec2:DescribeVolumes\",\"ec2:DescribeInstances\",\"rds:DescribeDBInstances\",\"rds:DescribeDBClusters\",\"fsx:DescribeFileSystems\",\"fsx:DescribeVolumes\",\"s3:ListAllMyBuckets\",\"s3:GetBucketTagging\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"DescribePermissions\"},{\"Condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"CopySnapshot\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*::snapshot/*\",\"Sid\":\"SnapshotCopyTagPermissions\",\"Action\":\"ec2:CreateTags\"},{\"Sid\":\"EC2CreateBackupTagPermissions\",\"Action\":\"ec2:CreateTags\",\"Condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"AWSBackupManagedResource\"]}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*::image/*\",\"arn:aws:ec2:*::snapshot/*\"]},{\"Action\":\"ec2:CreateTags\",\"Condition\":{\"Null\":{\"ec2:ResourceTag/AWSBackupManagedResource\":\"false\"}},\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:ec2:*::image/*\",\"arn:aws:ec2:*::snapshot/*\"],\"Sid\":\"EC2CreateTagsPermissions\"},{\"Action\":[\"ec2:DescribeSnapshots\",\"ec2:DescribeSnapshotTierStatus\",\"ec2:DescribeImages\",\"rds:DescribeDBSnapshots\",\"rds:DescribeDBClusterSnapshots\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2RDSDescribePermissions\"},{\"Action\":\"ec2:CopySnapshot\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:*::snapshot/*\",\"Sid\":\"EBSCopyPermissions\"},{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2CopyPermissions\",\"Action\":\"ec2:CopyImage\"},{\"Resource\":\"*\",\"Sid\":\"EC2ModifyPermissions\",\"Action\":[\"ec2:DeregisterImage\",\"ec2:DeleteSnapshot\",\"ec2:ModifySnapshotTier\"],\"Condition\":{\"Null\":{\"ec2:ResourceTag/AWSBackupManagedResource\":\"false\"}},\"Effect\":\"Allow\"},{\"Action\":[\"rds:AddTagsToResource\",\"rds:CopyDBSnapshot\",\"rds:DeleteDBSnapshot\",\"rds:DeleteDBInstanceAutomatedBackup\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:rds:*:*:snapshot:awsbackup:*\",\"Sid\":\"RDSInstanceAndSnashotPermissions\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:rds:*:*:cluster-snapshot:awsbackup:*\",\"Sid\":\"RDSClusterPermissions\",\"Action\":[\"rds:AddTagsToResource\",\"rds:CopyDBClusterSnapshot\",\"rds:DeleteDBClusterSnapshot\"]},{\"Resource\":\"*\",\"Sid\":\"KMSDescribePermissions\",\"Action\":\"kms:DescribeKey\",\"Effect\":\"Allow\"},{\"Action\":[\"kms:ListGrants\",\"kms:ReEncryptFrom\",\"kms:GenerateDataKeyWithoutPlaintext\"],\"Condition\":{\"StringLike\":{\"kms:ViaService\":[\"ec2.*.amazonaws.com\",\"rds.*.amazonaws.com\",\"fsx.*.amazonaws.com\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"KMSGrantPermissions\"},{\"Resource\":\"*\",\"Sid\":\"KMSCreateGrantPermissions\",\"Action\":\"kms:CreateGrant\",\"Condition\":{\"Bool\":{\"kms:GrantIsForAWSResource\":\"true\"},\"StringLike\":{\"kms:ViaService\":[\"ec2.*.amazonaws.com\",\"rds.*.amazonaws.com\",\"fsx.*.amazonaws.com\"]}},\"Effect\":\"Allow\"},{\"Action\":[\"fsx:CopyBackup\",\"fsx:TagResource\",\"fsx:DescribeBackups\",\"fsx:DeleteBackup\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:fsx:*:*:backup/*\",\"Sid\":\"FsxPermissions\"},{\"Sid\":\"DynamoDBDeletePermissions\",\"Action\":\"dynamodb:DeleteBackup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:dynamodb:*:*:table/*/backup/*\"},{\"Action\":[\"backup-gateway:ListVirtualMachines\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"BackupGateway\"},{\"Action\":[\"backup-gateway:ListTagsForResource\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:backup-gateway:*:*:vm/*\",\"Sid\":\"ListTagsForBackupGateway\"},{\"Resource\":\"arn:aws:dynamodb:*:*:table/*\",\"Sid\":\"DynamoDBPermissions\",\"Action\":[\"dynamodb:ListTagsOfResource\",\"dynamodb:DescribeTable\"],\"Effect\":\"Allow\"},{\"Effect\":\"Allow\",\"Resource\":\"arn:aws:storagegateway:*:*:gateway/*/volume/*\",\"Sid\":\"StorageGatewayPermissions\",\"Action\":[\"storagegateway:DescribeCachediSCSIVolumes\",\"storagegateway:DescribeStorediSCSIVolumes\"]},{\"Action\":[\"events:DeleteRule\",\"events:PutTargets\",\"events:DescribeRule\",\"events:EnableRule\",\"events:PutRule\",\"events:RemoveTargets\",\"events:ListTargetsByRule\",\"events:DisableRule\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:events:*:*:rule/AwsBackupManagedRule*\"],\"Sid\":\"EventBridgePermissions\"},{\"Action\":\"events:ListRules\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EventBridgeRulesPermissions\"},{\"Action\":[\"ssm-sap:GetOperation\",\"ssm-sap:UpdateHANABackupSettings\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"SSMSAPPermissions\"},{\"Action\":[\"timestream:ListDatabases\",\"timestream:ListTables\",\"timestream:ListTagsForResource\",\"timestream:DescribeDatabase\",\"timestream:DescribeTable\",\"timestream:GetAwsBackupStatus\",\"timestream:GetAwsRestoreStatus\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:timestream:*:*:database/*\"],\"Sid\":\"TimestreamResourcePermissions\"},{\"Action\":[\"timestream:DescribeEndpoints\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"TimestreamPermissions\"},{\"Action\":[\"redshift:DescribeClusterSnapshots\",\"redshift:DescribeTags\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:redshift:*:*:snapshot:*/*\",\"arn:aws:redshift:*:*:cluster:*\"],\"Sid\":\"RedshiftDescribePermissions\"},{\"Resource\":[\"arn:aws:redshift:*:*:snapshot:*/*\"],\"Sid\":\"RedshiftClusterSnapshotPermissions\",\"Action\":[\"redshift:DeleteClusterSnapshot\"],\"Effect\":\"Allow\"},{\"Action\":[\"redshift:DescribeClusters\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:redshift:*:*:cluster:*\"],\"Sid\":\"RedshiftClusterPermissions\"},{\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:cloudformation:*:*:stack/*\"],\"Sid\":\"CloudformationStackPermissions\",\"Action\":[\"cloudformation:ListStacks\"]},{\"Condition\":{\"StringEquals\":{\"aws:PrincipalAccount\":\"${aws:ResourceAccount}\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:backup:*:*:recovery-point:*\",\"Sid\":\"RecoveryPointTaggingPermissions\",\"Action\":[\"backup:TagResource\"]}],\"Version\":\"2012-10-17\"},\"Tags\":null,\"UpdateDate\":\"2024-05-17T17:12:59Z\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup\",\"AttachmentCount\":1,\"Description\":null,\"roles\":null,\"CreateDate\":\"2020-06-02T23:08:40Z\",\"Path\":\"/aws-service-role/\"},\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup\",\"ANPAZKAPJZG4ONJBD4ZY2\"],\"name\":\"AWSBackupServiceLinkedRolePolicyForBackup\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"id\":\"EFSResourcePermissions\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:elasticfilesystem:*:*:file-system/*\"],\"condition\":{\"StringLike\":{\"aws:ResourceTag/aws:elasticfilesystem:default-backup\":\"enabled\"}},\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"DescribePermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"SnapshotCopyTagPermissions\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateTags\"],\"resource\":[\"arn:aws:ec2:*::snapshot/*\"],\"condition\":{\"StringEquals\":{\"ec2:CreateAction\":\"CopySnapshot\"}}},{\"version\":\"2012-10-17\",\"id\":\"EC2CreateBackupTagPermissions\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateTags\"],\"condition\":{\"ForAllValues:StringEquals\":{\"aws:TagKeys\":[\"AWSBackupManagedResource\"]}}},{\"condition\":{\"Null\":{\"ec2:ResourceTag/AWSBackupManagedResource\":\"false\"}},\"version\":\"2012-10-17\",\"id\":\"EC2CreateTagsPermissions\",\"effect\":\"Allow\",\"action\":[\"ec2:CreateTags\"]},{\"version\":\"2012-10-17\",\"id\":\"EC2RDSDescribePermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"EBSCopyPermissions\",\"effect\":\"Allow\",\"action\":[\"ec2:CopySnapshot\"],\"resource\":[\"arn:aws:ec2:*::snapshot/*\"]},{\"id\":\"EC2CopyPermissions\",\"effect\":\"Allow\",\"action\":[\"ec2:CopyImage\"],\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"EC2ModifyPermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"Null\":{\"ec2:ResourceTag/AWSBackupManagedResource\":\"false\"}}},{\"resource\":[\"arn:aws:rds:*:*:snapshot:awsbackup:*\"],\"version\":\"2012-10-17\",\"id\":\"RDSInstanceAndSnashotPermissions\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"RDSClusterPermissions\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:rds:*:*:cluster-snapshot:awsbackup:*\"]},{\"id\":\"KMSDescribePermissions\",\"effect\":\"Allow\",\"action\":[\"kms:DescribeKey\"],\"resource\":[\"*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"KMSGrantPermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"StringLike\":{\"kms:ViaService\":[\"ec2.*.amazonaws.com\",\"rds.*.amazonaws.com\",\"fsx.*.amazonaws.com\"]}}},{\"condition\":{\"Bool\":{\"kms:GrantIsForAWSResource\":\"true\"},\"StringLike\":{\"kms:ViaService\":[\"ec2.*.amazonaws.com\",\"rds.*.amazonaws.com\",\"fsx.*.amazonaws.com\"]}},\"version\":\"2012-10-17\",\"id\":\"KMSCreateGrantPermissions\",\"effect\":\"Allow\",\"action\":[\"kms:CreateGrant\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"FsxPermissions\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:fsx:*:*:backup/*\"]},{\"version\":\"2012-10-17\",\"id\":\"DynamoDBDeletePermissions\",\"effect\":\"Allow\",\"action\":[\"dynamodb:DeleteBackup\"],\"resource\":[\"arn:aws:dynamodb:*:*:table/*/backup/*\"]},{\"version\":\"2012-10-17\",\"id\":\"BackupGateway\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"id\":\"ListTagsForBackupGateway\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:backup-gateway:*:*:vm/*\"],\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"DynamoDBPermissions\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:dynamodb:*:*:table/*\"]},{\"effect\":\"Allow\",\"resource\":[\"arn:aws:storagegateway:*:*:gateway/*/volume/*\"],\"version\":\"2012-10-17\",\"id\":\"StorageGatewayPermissions\"},{\"version\":\"2012-10-17\",\"id\":\"EventBridgePermissions\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"EventBridgeRulesPermissions\",\"effect\":\"Allow\",\"action\":[\"events:ListRules\"],\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"SSMSAPPermissions\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"id\":\"TimestreamResourcePermissions\",\"effect\":\"Allow\"},{\"resource\":[\"*\"],\"version\":\"2012-10-17\",\"id\":\"TimestreamPermissions\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"RedshiftDescribePermissions\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"RedshiftClusterSnapshotPermissions\",\"effect\":\"Allow\"},{\"id\":\"RedshiftClusterPermissions\",\"effect\":\"Allow\",\"version\":\"2012-10-17\"},{\"version\":\"2012-10-17\",\"id\":\"CloudformationStackPermissions\",\"effect\":\"Allow\"},{\"version\":\"2012-10-17\",\"id\":\"RecoveryPointTaggingPermissions\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:backup:*:*:recovery-point:*\"],\"condition\":{\"StringEquals\":{\"aws:PrincipalAccount\":\"${aws:ResourceAccount}\"}}}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup\",\"ANPAZKAPJZG4ONJBD4ZY2\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"asset\":{\"raw\":{\"CreateDate\":\"2020-12-01T17:27:04Z\",\"Description\":null,\"Arn\":\"arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly\",\"AttachmentCount\":1,\"PolicyId\":\"ANPAZKAPJZG4AD7UYLF25\",\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"roles\":null,\"IsAttachable\":true,\"document\":{\"Statement\":[{\"Action\":[\"ecr-public:GetAuthorizationToken\",\"sts:GetServiceBearerToken\",\"ecr-public:BatchCheckLayerAvailability\",\"ecr-public:GetRepositoryPolicy\",\"ecr-public:DescribeRepositories\",\"ecr-public:DescribeRegistries\",\"ecr-public:DescribeImages\",\"ecr-public:DescribeImageTags\",\"ecr-public:GetRepositoryCatalogData\",\"ecr-public:GetRegistryCatalogData\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Tags\":null,\"UpdateDate\":\"2020-12-01T17:27:04Z\",\"DefaultVersionId\":\"v1\",\"PolicyName\":\"AmazonElasticContainerRegistryPublicReadOnly\"},\"id\":[\"arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly\",\"ANPAZKAPJZG4AD7UYLF25\"],\"name\":\"AmazonElasticContainerRegistryPublicReadOnly\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"effect\":\"Allow\",\"resource\":[\"*\"],\"version\":\"2012-10-17\"}],\"related.entity\":[\"arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly\",\"ANPAZKAPJZG4AD7UYLF25\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly\":{\"category\":\"identity\",\"type\":\"policy\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"],\"condition\":{\"ForAnyValue:StringEquals\":{\"aws:CalledVia\":[\"imagebuilder.amazonaws.com\"],\"kms:EncryptionContextKeys\":\"aws:imagebuilder:arn\"}}},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:s3:::ec2imagebuilder*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*\"]}],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds\",\"ANPAZKAPJZG4C32QNC6KD\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds\",\"ANPAZKAPJZG4C32QNC6KD\"],\"name\":\"EC2InstanceProfileForImageBuilderECRContainerBuilds\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"Tags\":null,\"document\":{\"Statement\":[{\"Effect\":\"Allow\",\"Resource\":\"*\",\"Action\":[\"imagebuilder:GetComponent\",\"imagebuilder:GetContainerRecipe\",\"ecr:GetAuthorizationToken\",\"ecr:BatchGetImage\",\"ecr:InitiateLayerUpload\",\"ecr:UploadLayerPart\",\"ecr:CompleteLayerUpload\",\"ecr:BatchCheckLayerAvailability\",\"ecr:GetDownloadUrlForLayer\",\"ecr:PutImage\"]},{\"Action\":[\"kms:Decrypt\"],\"Condition\":{\"ForAnyValue:StringEquals\":{\"aws:CalledVia\":[\"imagebuilder.amazonaws.com\"],\"kms:EncryptionContextKeys\":\"aws:imagebuilder:arn\"}},\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"s3:GetObject\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::ec2imagebuilder*\"},{\"Action\":[\"logs:CreateLogStream\",\"logs:CreateLogGroup\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"AttachmentCount\":1,\"Path\":\"/\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAZKAPJZG4C32QNC6KD\",\"PolicyName\":\"EC2InstanceProfileForImageBuilderECRContainerBuilds\",\"CreateDate\":\"2020-12-11T19:48:15Z\",\"Description\":null,\"Arn\":\"arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds\",\"IsAttachable\":true,\"UpdateDate\":\"2020-12-11T19:48:15Z\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"id\":\"AccessAnalyzerServiceRolePolicy\",\"effect\":\"Allow\",\"resource\":[\"*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy\",\"ANPAZKAPJZG4CAIXDDRI2\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy\":{\"type\":\"policy\",\"category\":\"identity\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy\",\"ANPAZKAPJZG4CAIXDDRI2\"],\"name\":\"AccessAnalyzerServiceRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"Tags\":null,\"CreateDate\":\"2019-12-02T17:13:10Z\",\"Description\":null,\"IsAttachable\":true,\"Path\":\"/aws-service-role/\",\"PolicyId\":\"ANPAZKAPJZG4CAIXDDRI2\",\"PermissionsBoundaryUsageCount\":0,\"PolicyName\":\"AccessAnalyzerServiceRolePolicy\",\"roles\":null,\"DefaultVersionId\":\"v14\",\"document\":{\"Statement\":[{\"Action\":[\"dynamodb:GetResourcePolicy\",\"dynamodb:ListStreams\",\"dynamodb:ListTables\",\"ec2:DescribeAddresses\",\"ec2:DescribeByoipCidrs\",\"ec2:DescribeSnapshotAttribute\",\"ec2:DescribeSnapshots\",\"ec2:DescribeVpcEndpoints\",\"ec2:DescribeVpcs\",\"ec2:GetSnapshotBlockPublicAccessState\",\"ecr:DescribeRepositories\",\"ecr:GetRepositoryPolicy\",\"elasticfilesystem:DescribeFileSystemPolicy\",\"elasticfilesystem:DescribeFileSystems\",\"iam:GetRole\",\"iam:ListEntitiesForPolicy\",\"iam:ListRoles\",\"iam:ListUsers\",\"iam:ListRoleTags\",\"iam:ListUserTags\",\"iam:GetUser\",\"iam:GetGroup\",\"iam:GenerateServiceLastAccessedDetails\",\"iam:GetServiceLastAccessedDetails\",\"iam:ListAccessKeys\",\"iam:GetLoginProfile\",\"iam:GetAccessKeyLastUsed\",\"iam:ListRolePolicies\",\"iam:GetRolePolicy\",\"iam:ListAttachedRolePolicies\",\"iam:ListUserPolicies\",\"iam:GetUserPolicy\",\"iam:ListAttachedUserPolicies\",\"iam:GetPolicy\",\"iam:GetPolicyVersion\",\"iam:ListGroupsForUser\",\"kms:DescribeKey\",\"kms:GetKeyPolicy\",\"kms:ListGrants\",\"kms:ListKeyPolicies\",\"kms:ListKeys\",\"lambda:GetFunctionUrlConfig\",\"lambda:GetLayerVersionPolicy\",\"lambda:GetPolicy\",\"lambda:ListAliases\",\"lambda:ListFunctions\",\"lambda:ListLayers\",\"lambda:ListLayerVersions\",\"lambda:ListVersionsByFunction\",\"organizations:DescribeAccount\",\"organizations:DescribeOrganization\",\"organizations:DescribeOrganizationalUnit\",\"organizations:ListAccounts\",\"organizations:ListAccountsForParent\",\"organizations:ListAWSServiceAccessForOrganization\",\"organizations:ListChildren\",\"organizations:ListDelegatedAdministrators\",\"organizations:ListOrganizationalUnitsForParent\",\"organizations:ListParents\",\"organizations:ListRoots\",\"rds:DescribeDBClusterSnapshotAttributes\",\"rds:DescribeDBClusterSnapshots\",\"rds:DescribeDBSnapshotAttributes\",\"rds:DescribeDBSnapshots\",\"s3:DescribeMultiRegionAccessPointOperation\",\"s3:GetAccessPoint\",\"s3:GetAccessPointPolicy\",\"s3:GetAccessPointPolicyStatus\",\"s3:GetAccountPublicAccessBlock\",\"s3:GetBucketAcl\",\"s3:GetBucketLocation\",\"s3:GetBucketPolicyStatus\",\"s3:GetBucketPolicy\",\"s3:GetBucketPublicAccessBlock\",\"s3:GetMultiRegionAccessPoint\",\"s3:GetMultiRegionAccessPointPolicy\",\"s3:GetMultiRegionAccessPointPolicyStatus\",\"s3:ListAccessPoints\",\"s3:ListAllMyBuckets\",\"s3:ListMultiRegionAccessPoints\",\"s3express:GetBucketPolicy\",\"s3express:ListAllMyDirectoryBuckets\",\"sns:GetTopicAttributes\",\"sns:ListTopics\",\"secretsmanager:DescribeSecret\",\"secretsmanager:GetResourcePolicy\",\"secretsmanager:ListSecrets\",\"sqs:GetQueueAttributes\",\"sqs:ListQueues\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AccessAnalyzerServiceRolePolicy\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy\",\"AttachmentCount\":1,\"UpdateDate\":\"2024-10-29T16:35:07Z\"}},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]},{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"arn:aws:logs:*:*:log-group:/aws/chatbot/*\"]}],\"related.entity\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy\",\"ANPAZKAPJZG4ID4WRYKST\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"id\":[\"arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy\",\"ANPAZKAPJZG4ID4WRYKST\"],\"name\":\"AWSChatbotServiceLinkedRolePolicy\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"DefaultVersionId\":\"v1\",\"Description\":null,\"Tags\":null,\"Path\":\"/aws-service-role/\",\"PolicyName\":\"AWSChatbotServiceLinkedRolePolicy\",\"Arn\":\"arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy\",\"CreateDate\":\"2019-11-18T16:39:50Z\",\"IsAttachable\":true,\"document\":{\"Statement\":[{\"Action\":[\"sns:ListSubscriptionsByTopic\",\"sns:ListTopics\",\"sns:Unsubscribe\",\"sns:Subscribe\",\"sns:ListSubscriptions\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"logs:PutLogEvents\",\"logs:CreateLogStream\",\"logs:DescribeLogStreams\",\"logs:CreateLogGroup\",\"logs:DescribeLogGroups\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:*:*:log-group:/aws/chatbot/*\"}],\"Version\":\"2012-10-17\"},\"roles\":null,\"AttachmentCount\":1,\"PolicyId\":\"ANPAZKAPJZG4ID4WRYKST\",\"UpdateDate\":\"2019-11-18T16:39:50Z\",\"PermissionsBoundaryUsageCount\":0}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:05.340Z\",\"related.entity\":[\"arn:aws:iam::aws:policy/AWSSupportAccess\",\"ANPAJSNKQX2OW67GF4S7E\"],\"entity.metadata\":{\"arn:aws:iam::aws:policy/AWSSupportAccess\":{\"category\":\"identity\",\"type\":\"policy\"}},\"asset\":{\"name\":\"AWSSupportAccess\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"policy\",\"sub_type\":\"iam-policy\",\"tags\":null,\"raw\":{\"AttachmentCount\":1,\"CreateDate\":\"2015-02-06T18:41:11Z\",\"document\":{\"Statement\":[{\"Action\":[\"support:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"Arn\":\"arn:aws:iam::aws:policy/AWSSupportAccess\",\"PolicyName\":\"AWSSupportAccess\",\"UpdateDate\":\"2015-02-06T18:41:11Z\",\"Path\":\"/\",\"IsAttachable\":true,\"Tags\":[],\"DefaultVersionId\":\"v1\",\"PermissionsBoundaryUsageCount\":0,\"PolicyId\":\"ANPAJSNKQX2OW67GF4S7E\",\"roles\":[{\"RoleId\":\"AROA2IBR2EZTAKLIVXD5C\",\"RoleName\":\"aws_support_iam_role\"}],\"Description\":\"Allows users to access the AWS Support Center.\"},\"id\":[\"arn:aws:iam::aws:policy/AWSSupportAccess\",\"ANPAJSNKQX2OW67GF4S7E\"]},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[{\"version\":\"2012-10-17\",\"effect\":\"Allow\",\"resource\":[\"*\"]}]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/amir.bennun@elastic.co\",\"AIDA2IBR2EZTDIALELYYG\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/amir.bennun@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"name\":\"amir.bennun@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"PolicyName\":\"AmazonDynamoDBFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\",\"PolicyName\":\"IAM_ENABLE_MFA\"},{\"PolicyName\":\"Developers_eks\",\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"PolicyName\":\"es-dev-readonly\"}],\"arn\":\"arn:aws:iam::704479110758:user/amir.bennun@elastic.co\",\"password_last_changed\":\"2024-11-14T13:08:04Z\",\"last_access\":\"2024-11-14T13:07:22Z\",\"mfa_active\":true,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTDIALELYYG\",\"access_keys\":[{\"last_access\":\"2024-11-18T08:16:00Z\",\"rotation_date\":\"2022-08-02T14:50:14Z\",\"active\":true,\"has_used\":true},{\"has_used\":true,\"last_access\":\"2024-11-19T12:02:00Z\",\"rotation_date\":\"2023-11-15T13:52:46Z\",\"active\":true}],\"mfa_devices\":[{\"is_virtual\":true,\"EnableDate\":\"2023-03-06T07:39:08Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/M1\",\"UserName\":\"amir.bennun@elastic.co\"}],\"inline_policies\":[],\"name\":\"amir.bennun@elastic.co\"},\"id\":[\"arn:aws:iam::704479110758:user/amir.bennun@elastic.co\",\"AIDA2IBR2EZTDIALELYYG\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/amit.kanfer@elastic.co\",\"AIDA2IBR2EZTK5TF5ENJY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/amit.kanfer@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"tags\":null,\"raw\":{\"password_last_changed\":\"2023-01-04T09:15:16Z\",\"mfa_active\":false,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTK5TF5ENJY\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2022-05-23T11:44:00Z\",\"rotation_date\":\"2022-05-22T12:16:55Z\"},{\"active\":true,\"has_used\":true,\"last_access\":\"2022-06-15T15:09:00Z\",\"rotation_date\":\"2022-05-26T08:10:40Z\"}],\"name\":\"amit.kanfer@elastic.co\",\"arn\":\"arn:aws:iam::704479110758:user/amit.kanfer@elastic.co\",\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"last_access\":\"2023-02-27T07:44:57Z\"},\"id\":[\"arn:aws:iam::704479110758:user/amit.kanfer@elastic.co\",\"AIDA2IBR2EZTK5TF5ENJY\"],\"name\":\"amit.kanfer@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/ari-cis-credentials-test\",\"AIDA2IBR2EZTJO4ML65IF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/ari-cis-credentials-test\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"raw\":{\"name\":\"ari-cis-credentials-test\",\"arn\":\"arn:aws:iam::704479110758:user/ari-cis-credentials-test\",\"password_enabled\":false,\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTJO4ML65IF\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-19T08:53:00Z\",\"rotation_date\":\"2023-02-13T06:00:34Z\"},{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"last_access\":\"N/A\"},\"id\":[\"arn:aws:iam::704479110758:user/ari-cis-credentials-test\",\"AIDA2IBR2EZTJO4ML65IF\"],\"name\":\"ari-cis-credentials-test\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"related.entity\":[\"arn:aws:iam::704479110758:user/ari@elastic.co\",\"AIDA2IBR2EZTGAKUQGHN5\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/ari@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"mfa_active\":false,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTGAKUQGHN5\",\"access_keys\":[{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"name\":\"ari@elastic.co\",\"last_access\":\"2024-09-08T11:54:59Z\",\"arn\":\"arn:aws:iam::704479110758:user/ari@elastic.co\",\"password_last_changed\":\"2024-09-08T11:55:07Z\"},\"id\":[\"arn:aws:iam::704479110758:user/ari@elastic.co\",\"AIDA2IBR2EZTGAKUQGHN5\"],\"name\":\"ari@elastic.co\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/asset-inventory-user\",\"AIDA2IBR2EZTIHH5D37MA\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/asset-inventory-user\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"raw\":{\"password_last_changed\":\"N/A\",\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTIHH5D37MA\",\"access_keys\":[{\"last_access\":\"2024-11-18T13:14:00Z\",\"rotation_date\":\"2024-10-28T10:53:16Z\",\"active\":true,\"has_used\":true},{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-18T10:46:00Z\",\"rotation_date\":\"2024-11-06T10:35:58Z\"}],\"name\":\"asset-inventory-user\",\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/asset-inventory-user\",\"mfa_active\":false,\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}]},\"id\":[\"arn:aws:iam::704479110758:user/asset-inventory-user\",\"AIDA2IBR2EZTIHH5D37MA\"],\"name\":\"asset-inventory-user\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/BedrockUserElastic\",\"AIDA2IBR2EZTMTXUNQ3Q3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/BedrockUserElastic\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"name\":\"BedrockUserElastic\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"last_access\":\"2024-06-25T09:30:00Z\",\"rotation_date\":\"2024-05-27T13:50:57Z\",\"active\":true,\"has_used\":true},{\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false,\"last_access\":\"N/A\"}],\"inline_policies\":[],\"attached_policies\":null,\"user_id\":\"AIDA2IBR2EZTMTXUNQ3Q3\",\"mfa_active\":false,\"password_enabled\":false,\"name\":\"BedrockUserElastic\",\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/BedrockUserElastic\",\"password_last_changed\":\"N/A\"},\"id\":[\"arn:aws:iam::704479110758:user/BedrockUserElastic\",\"AIDA2IBR2EZTMTXUNQ3Q3\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:user/bill-g-asset-i\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"name\":\"bill-g-asset-i\",\"password_last_changed\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/bill-g-asset-i\",\"mfa_active\":false,\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTNDZCFNCSC\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-10-24T12:24:00Z\",\"rotation_date\":\"2024-10-23T23:06:53Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"last_access\":\"N/A\"},\"id\":[\"arn:aws:iam::704479110758:user/bill-g-asset-i\",\"AIDA2IBR2EZTNDZCFNCSC\"],\"name\":\"bill-g-asset-i\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/bill-g-asset-i\",\"AIDA2IBR2EZTNDZCFNCSC\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:user/cis-aws-qa-cycle\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"name\":\"cis-aws-qa-cycle\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2023-03-13T11:14:00Z\",\"rotation_date\":\"2023-02-28T15:10:09Z\"},{\"active\":true,\"has_used\":true,\"last_access\":\"2023-04-19T06:09:00Z\",\"rotation_date\":\"2023-02-13T09:25:47Z\"}],\"inline_policies\":[],\"name\":\"cis-aws-qa-cycle\",\"last_access\":\"no_information\",\"arn\":\"arn:aws:iam::704479110758:user/cis-aws-qa-cycle\",\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"password_last_changed\":\"2023-02-13T09:24:31Z\",\"mfa_active\":false,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTFZ5QQL4CL\"},\"id\":[\"arn:aws:iam::704479110758:user/cis-aws-qa-cycle\",\"AIDA2IBR2EZTFZ5QQL4CL\"]},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/cis-aws-qa-cycle\",\"AIDA2IBR2EZTFZ5QQL4CL\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/cloudquery-neo-4j-demo\",\"AIDA2IBR2EZTFHVC7GQ2V\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:user/cloudquery-neo-4j-demo\":{\"type\":\"user\",\"category\":\"identity\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2023-12-26T18:42:00Z\",\"rotation_date\":\"2023-12-26T18:26:06Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"name\":\"cloudquery-neo-4j-demo\",\"mfa_active\":false,\"password_enabled\":false,\"inline_policies\":[],\"attached_policies\":null,\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/cloudquery-neo-4j-demo\",\"password_last_changed\":\"N/A\",\"user_id\":\"AIDA2IBR2EZTFHVC7GQ2V\"},\"id\":[\"arn:aws:iam::704479110758:user/cloudquery-neo-4j-demo\",\"AIDA2IBR2EZTFHVC7GQ2V\"],\"name\":\"cloudquery-neo-4j-demo\",\"category\":\"identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/david\",\"AIDA2IBR2EZTLFV7JRTTV\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/david\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"tags\":null,\"raw\":{\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTLFV7JRTTV\",\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonRoute53FullAccess\",\"PolicyName\":\"AmazonRoute53FullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonSSMFullAccess\",\"PolicyName\":\"AmazonSSMFullAccess\"},{\"PolicyName\":\"AmazonEC2FullAccess\",\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonEC2FullAccess\"},{\"PolicyName\":\"AWSCertificateManagerFullAccess\",\"PolicyArn\":\"arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMFullAccess\",\"PolicyName\":\"IAMFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecretsManagerReadWrite\",\"PolicyName\":\"SecretsManagerReadWrite\"},{\"PolicyName\":\"CloudWatchFullAccess\",\"PolicyArn\":\"arn:aws:iam::aws:policy/CloudWatchFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/KMS-FullAccess\",\"PolicyName\":\"KMS-FullAccess\"},{\"PolicyName\":\"FullElasticsearchAccessPolicy\",\"PolicyArn\":\"arn:aws:iam::704479110758:policy/FullElasticsearchAccessPolicy\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/SNS-full-access\",\"PolicyName\":\"SNS-full-access\"}],\"name\":\"david\",\"last_access\":\"2021-07-19T15:14:38Z\",\"arn\":\"arn:aws:iam::704479110758:user/david\",\"password_last_changed\":\"2021-05-31T08:31:41Z\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2022-11-15T16:35:00Z\",\"rotation_date\":\"2021-03-11T12:56:51Z\"},{\"active\":true,\"has_used\":true,\"last_access\":\"2023-05-02T14:54:00Z\",\"rotation_date\":\"2022-03-06T07:27:18Z\"}],\"mfa_devices\":[{\"is_virtual\":true,\"EnableDate\":\"2022-11-14T13:12:41Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/david\",\"UserName\":\"david\"}],\"inline_policies\":[],\"mfa_active\":true},\"id\":[\"arn:aws:iam::704479110758:user/david\",\"AIDA2IBR2EZTLFV7JRTTV\"],\"name\":\"david\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"user_id\":\"AIDA2IBR2EZTILPU65MJK\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2022-11-07T15:35:00Z\",\"rotation_date\":\"2022-07-31T08:27:01Z\"},{\"last_access\":\"2022-09-20T12:34:00Z\",\"rotation_date\":\"2022-08-01T10:09:53Z\",\"active\":true,\"has_used\":true}],\"name\":\"dev_test\",\"last_access\":\"2022-07-31T09:44:56Z\",\"arn\":\"arn:aws:iam::704479110758:user/dev_test\",\"password_last_changed\":\"2022-07-31T09:05:08Z\",\"mfa_active\":false,\"inline_policies\":[],\"attached_policies\":null,\"password_enabled\":true},\"id\":[\"arn:aws:iam::704479110758:user/dev_test\",\"AIDA2IBR2EZTILPU65MJK\"],\"name\":\"dev_test\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/dev_test\",\"AIDA2IBR2EZTILPU65MJK\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/dev_test\":{\"category\":\"identity\",\"type\":\"user\"}},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"related.entity\":[\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\",\"AIDA2IBR2EZTLPSZLYF4Y\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-18T08:36:00Z\",\"rotation_date\":\"2022-07-24T08:29:48Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonRoute53FullAccess\",\"PolicyName\":\"AmazonRoute53FullAccess\"},{\"PolicyName\":\"IAMFullAccess\",\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyName\":\"AmazonDynamoDBFullAccess\",\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/SNS-full-access\",\"PolicyName\":\"SNS-full-access\"}],\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTLPSZLYF4Y\",\"name\":\"dmitry.gurevich@elastic.co\",\"last_access\":\"2024-11-18T07:49:55Z\",\"arn\":\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\",\"password_last_changed\":\"2024-10-27T08:11:47Z\",\"mfa_active\":false},\"id\":[\"arn:aws:iam::704479110758:user/dmitry.gurevich@elastic.co\",\"AIDA2IBR2EZTLPSZLYF4Y\"],\"name\":\"dmitry.gurevich@elastic.co\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"mfa_active\":false,\"inline_policies\":[],\"last_access\":\"N/A\",\"password_last_changed\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/eks_lvp\",\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTGBXHBLPPF\",\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2022-07-18T14:21:27Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":null,\"name\":\"eks_lvp\"},\"id\":[\"arn:aws:iam::704479110758:user/eks_lvp\",\"AIDA2IBR2EZTGBXHBLPPF\"],\"name\":\"eks_lvp\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/eks_lvp\",\"AIDA2IBR2EZTGBXHBLPPF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/eks_lvp\":{\"category\":\"identity\",\"type\":\"user\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-01b711f0-8a01-11ef-a08c-068da0069bcf\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[],\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"password_enabled\":false,\"access_keys\":[{\"last_access\":\"2024-10-17T04:58:00Z\",\"rotation_date\":\"2024-10-14T07:52:00Z\",\"active\":true,\"has_used\":true},{\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false,\"last_access\":\"N/A\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"elasticagent-user-cspm-01b711f0-8a01-11ef-a08c-068da0069bcf\",\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-01b711f0-8a01-11ef-a08c-068da0069bcf\",\"user_id\":\"AIDA2IBR2EZTNJOFBAXWI\"},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-01b711f0-8a01-11ef-a08c-068da0069bcf\",\"AIDA2IBR2EZTNJOFBAXWI\"],\"name\":\"elasticagent-user-cspm-01b711f0-8a01-11ef-a08c-068da0069bcf\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-01b711f0-8a01-11ef-a08c-068da0069bcf\",\"AIDA2IBR2EZTNJOFBAXWI\"],\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-19e808b0-3a01-11ef-9766-06be203d4167\",\"AIDA2IBR2EZTO6VRMLK4Z\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-19e808b0-3a01-11ef-9766-06be203d4167\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"raw\":{\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-19e808b0-3a01-11ef-9766-06be203d4167\",\"mfa_active\":false,\"access_keys\":[{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2024-07-04T12:30:27Z\",\"active\":true},{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"elasticagent-user-cspm-19e808b0-3a01-11ef-9766-06be203d4167\",\"password_last_changed\":\"N/A\",\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTO6VRMLK4Z\"},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-19e808b0-3a01-11ef-9766-06be203d4167\",\"AIDA2IBR2EZTO6VRMLK4Z\"],\"name\":\"elasticagent-user-cspm-19e808b0-3a01-11ef-9766-06be203d4167\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:15.366+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-2059a8a0-655f-11ef-968e-0e7feb9c4c67\",\"AIDA2IBR2EZTCFNSZMMXT\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-2059a8a0-655f-11ef-968e-0e7feb9c4c67\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"tags\":null,\"raw\":{\"inline_policies\":[],\"name\":\"elasticagent-user-cspm-2059a8a0-655f-11ef-968e-0e7feb9c4c67\",\"last_access\":\"N/A\",\"password_last_changed\":\"N/A\",\"user_id\":\"AIDA2IBR2EZTCFNSZMMXT\",\"access_keys\":[{\"has_used\":true,\"last_access\":\"2024-09-17T19:58:00Z\",\"rotation_date\":\"2024-08-28T17:01:52Z\",\"active\":true},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-2059a8a0-655f-11ef-968e-0e7feb9c4c67\",\"mfa_active\":false,\"password_enabled\":false,\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}]},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-2059a8a0-655f-11ef-968e-0e7feb9c4c67\",\"AIDA2IBR2EZTCFNSZMMXT\"],\"name\":\"elasticagent-user-cspm-2059a8a0-655f-11ef-968e-0e7feb9c4c67\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-22a35010-3252-11ef-9fc9-0a5d013c6e35\",\"AIDA2IBR2EZTF7Q4JBZOK\"],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-22a35010-3252-11ef-9fc9-0a5d013c6e35\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"last_access\":\"N/A\",\"rotation_date\":\"2024-06-24T17:50:22Z\",\"active\":true,\"has_used\":false},{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false}],\"password_last_changed\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-22a35010-3252-11ef-9fc9-0a5d013c6e35\",\"mfa_active\":false,\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTF7Q4JBZOK\",\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"elasticagent-user-cspm-22a35010-3252-11ef-9fc9-0a5d013c6e35\",\"last_access\":\"N/A\"},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-22a35010-3252-11ef-9fc9-0a5d013c6e35\",\"AIDA2IBR2EZTF7Q4JBZOK\"],\"name\":\"elasticagent-user-cspm-22a35010-3252-11ef-9fc9-0a5d013c6e35\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-447144e0-70ff-11ef-add9-0a2999b5b545\",\"AIDA2IBR2EZTMWSDFDENY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-447144e0-70ff-11ef-add9-0a2999b5b545\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"last_access\":\"N/A\",\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"elasticagent-user-cspm-447144e0-70ff-11ef-add9-0a2999b5b545\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-447144e0-70ff-11ef-add9-0a2999b5b545\",\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTMWSDFDENY\",\"access_keys\":[{\"rotation_date\":\"2024-09-12T12:05:54Z\",\"active\":true,\"has_used\":true,\"last_access\":\"2024-09-16T12:09:00Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[]},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-447144e0-70ff-11ef-add9-0a2999b5b545\",\"AIDA2IBR2EZTMWSDFDENY\"],\"name\":\"elasticagent-user-cspm-447144e0-70ff-11ef-add9-0a2999b5b545\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-5eb7a870-9c61-11ef-89cb-0a4293f060db\",\"AIDA2IBR2EZTJB2KXXPR7\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-5eb7a870-9c61-11ef-89cb-0a4293f060db\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"tags\":null,\"raw\":{\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"elasticagent-user-cspm-5eb7a870-9c61-11ef-89cb-0a4293f060db\",\"last_access\":\"N/A\",\"mfa_active\":false,\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTJB2KXXPR7\",\"access_keys\":[{\"rotation_date\":\"2024-11-06T17:06:29Z\",\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-18T15:37:00Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-5eb7a870-9c61-11ef-89cb-0a4293f060db\",\"password_last_changed\":\"N/A\"},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-5eb7a870-9c61-11ef-89cb-0a4293f060db\",\"AIDA2IBR2EZTJB2KXXPR7\"],\"name\":\"elasticagent-user-cspm-5eb7a870-9c61-11ef-89cb-0a4293f060db\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-6dcdf1d0-9ce2-11ef-801c-0ad632ff0b09\",\"AIDA2IBR2EZTGZD2HZDLR\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-6dcdf1d0-9ce2-11ef-801c-0ad632ff0b09\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"password_enabled\":false,\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-6dcdf1d0-9ce2-11ef-801c-0ad632ff0b09\",\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTGZD2HZDLR\",\"access_keys\":[{\"last_access\":\"N/A\",\"rotation_date\":\"2024-11-07T08:30:20Z\",\"active\":true,\"has_used\":false},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"name\":\"elasticagent-user-cspm-6dcdf1d0-9ce2-11ef-801c-0ad632ff0b09\"},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-6dcdf1d0-9ce2-11ef-801c-0ad632ff0b09\",\"AIDA2IBR2EZTGZD2HZDLR\"],\"name\":\"elasticagent-user-cspm-6dcdf1d0-9ce2-11ef-801c-0ad632ff0b09\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-6f8c7b20-96d6-11ef-be4f-066bb4385249\":{\"type\":\"user\",\"category\":\"identity\"}},\"asset\":{\"name\":\"elasticagent-user-cspm-6f8c7b20-96d6-11ef-be4f-066bb4385249\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-6f8c7b20-96d6-11ef-be4f-066bb4385249\",\"password_enabled\":false,\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-13T20:54:00Z\",\"rotation_date\":\"2024-10-30T15:49:22Z\"},{\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false,\"last_access\":\"N/A\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"elasticagent-user-cspm-6f8c7b20-96d6-11ef-be4f-066bb4385249\",\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTLNGEDM5EC\",\"inline_policies\":[]},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-6f8c7b20-96d6-11ef-be4f-066bb4385249\",\"AIDA2IBR2EZTLNGEDM5EC\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-6f8c7b20-96d6-11ef-be4f-066bb4385249\",\"AIDA2IBR2EZTLNGEDM5EC\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-7dbfb9f0-3a01-11ef-ae47-067055831b29\",\"AIDA2IBR2EZTBYXJK4SVC\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-7dbfb9f0-3a01-11ef-ae47-067055831b29\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"name\":\"elasticagent-user-cspm-7dbfb9f0-3a01-11ef-ae47-067055831b29\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTBYXJK4SVC\",\"inline_policies\":[],\"name\":\"elasticagent-user-cspm-7dbfb9f0-3a01-11ef-ae47-067055831b29\",\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-7dbfb9f0-3a01-11ef-ae47-067055831b29\",\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2024-07-04T12:33:15Z\"},{\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false,\"last_access\":\"N/A\"}],\"attached_policies\":[{\"PolicyName\":\"SecurityAudit\",\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\"}],\"password_last_changed\":\"N/A\",\"password_enabled\":false},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-7dbfb9f0-3a01-11ef-ae47-067055831b29\",\"AIDA2IBR2EZTBYXJK4SVC\"]},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-92e4a400-3f86-11ef-a3d8-0ac8555f2623\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"name\":\"elasticagent-user-cspm-92e4a400-3f86-11ef-a3d8-0ac8555f2623\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTAMUNWTLOP\",\"access_keys\":[{\"rotation_date\":\"2024-07-11T13:08:30Z\",\"active\":true,\"has_used\":true,\"last_access\":\"2024-07-25T07:05:00Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"elasticagent-user-cspm-92e4a400-3f86-11ef-a3d8-0ac8555f2623\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-92e4a400-3f86-11ef-a3d8-0ac8555f2623\",\"inline_policies\":[],\"last_access\":\"N/A\",\"password_last_changed\":\"N/A\",\"mfa_active\":false},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-92e4a400-3f86-11ef-a3d8-0ac8555f2623\",\"AIDA2IBR2EZTAMUNWTLOP\"]},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-92e4a400-3f86-11ef-a3d8-0ac8555f2623\",\"AIDA2IBR2EZTAMUNWTLOP\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-a3ff2100-1927-11ef-99e9-0aaef7bb2a55\",\"AIDA2IBR2EZTCPJ2HNK7O\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-a3ff2100-1927-11ef-99e9-0aaef7bb2a55\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-a3ff2100-1927-11ef-99e9-0aaef7bb2a55\",\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"password_enabled\":false,\"name\":\"elasticagent-user-cspm-a3ff2100-1927-11ef-99e9-0aaef7bb2a55\",\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"user_id\":\"AIDA2IBR2EZTCPJ2HNK7O\",\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2024-05-23T17:13:12Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}]},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-a3ff2100-1927-11ef-99e9-0aaef7bb2a55\",\"AIDA2IBR2EZTCPJ2HNK7O\"],\"name\":\"elasticagent-user-cspm-a3ff2100-1927-11ef-99e9-0aaef7bb2a55\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-d77039f0-0c09-11ef-86e0-0a608a683855\",\"AIDA2IBR2EZTFOKYOWXUN\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-d77039f0-0c09-11ef-86e0-0a608a683855\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"tags\":null,\"raw\":{\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2024-05-07T18:03:27Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"elasticagent-user-cspm-d77039f0-0c09-11ef-86e0-0a608a683855\",\"last_access\":\"N/A\",\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTFOKYOWXUN\",\"inline_policies\":[],\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-d77039f0-0c09-11ef-86e0-0a608a683855\",\"password_last_changed\":\"N/A\",\"mfa_active\":false},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-d77039f0-0c09-11ef-86e0-0a608a683855\",\"AIDA2IBR2EZTFOKYOWXUN\"],\"name\":\"elasticagent-user-cspm-d77039f0-0c09-11ef-86e0-0a608a683855\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\"},\"resource_policies\":[],\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-d83f96d0-9ce3-11ef-a11b-064afd21aefb\",\"AIDA2IBR2EZTCQJOSDMN3\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-d83f96d0-9ce3-11ef-a11b-064afd21aefb\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2024-11-07T08:40:28Z\"},{\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false,\"last_access\":\"N/A\"}],\"inline_policies\":[],\"name\":\"elasticagent-user-cspm-d83f96d0-9ce3-11ef-a11b-064afd21aefb\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-d83f96d0-9ce3-11ef-a11b-064afd21aefb\",\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTCQJOSDMN3\",\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"last_access\":\"N/A\",\"password_enabled\":false},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-d83f96d0-9ce3-11ef-a11b-064afd21aefb\",\"AIDA2IBR2EZTCQJOSDMN3\"],\"name\":\"elasticagent-user-cspm-d83f96d0-9ce3-11ef-a11b-064afd21aefb\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-e01345c0-91f1-11ef-97f4-0acad88f11e7\",\"AIDA2IBR2EZTEJETROICY\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-e01345c0-91f1-11ef-97f4-0acad88f11e7\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"name\":\"elasticagent-user-cspm-e01345c0-91f1-11ef-97f4-0acad88f11e7\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"has_used\":true,\"last_access\":\"2024-11-18T20:53:00Z\",\"rotation_date\":\"2024-10-24T10:23:10Z\",\"active\":true},{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false}],\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTEJETROICY\",\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"elasticagent-user-cspm-e01345c0-91f1-11ef-97f4-0acad88f11e7\",\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-e01345c0-91f1-11ef-97f4-0acad88f11e7\",\"password_enabled\":false},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-e01345c0-91f1-11ef-97f4-0acad88f11e7\",\"AIDA2IBR2EZTEJETROICY\"]},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"asset\":{\"tags\":null,\"raw\":{\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"name\":\"elasticagent-user-cspm-e33e1a00-75d0-11ef-bf15-0ae5ffa29691\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTCFJJZQ5WM\",\"password_enabled\":false,\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2024-09-18T15:16:30Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-e33e1a00-75d0-11ef-bf15-0ae5ffa29691\",\"password_last_changed\":\"N/A\"},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-e33e1a00-75d0-11ef-bf15-0ae5ffa29691\",\"AIDA2IBR2EZTCFJJZQ5WM\"],\"name\":\"elasticagent-user-cspm-e33e1a00-75d0-11ef-bf15-0ae5ffa29691\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-e33e1a00-75d0-11ef-bf15-0ae5ffa29691\",\"AIDA2IBR2EZTCFJJZQ5WM\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-e33e1a00-75d0-11ef-bf15-0ae5ffa29691\":{\"category\":\"identity\",\"type\":\"user\"}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}],\"last_access\":\"N/A\",\"password_enabled\":false,\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTAHXMTHNG7\",\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2024-06-24T17:49:01Z\"},{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false}],\"inline_policies\":[],\"name\":\"elasticagent-user-cspm-f1eaee60-3251-11ef-9229-0ae55d2af94f\",\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-f1eaee60-3251-11ef-9229-0ae55d2af94f\",\"password_last_changed\":\"N/A\"},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-f1eaee60-3251-11ef-9229-0ae55d2af94f\",\"AIDA2IBR2EZTAHXMTHNG7\"],\"name\":\"elasticagent-user-cspm-f1eaee60-3251-11ef-9229-0ae55d2af94f\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-f1eaee60-3251-11ef-9229-0ae55d2af94f\",\"AIDA2IBR2EZTAHXMTHNG7\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-f1eaee60-3251-11ef-9229-0ae55d2af94f\":{\"category\":\"identity\",\"type\":\"user\"}},\"ecs\":{\"version\":\"8.0.0\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-f8495780-9c44-11ef-a9a5-0ea4c9222aa3\",\"AIDA2IBR2EZTFDHDVWO7U\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-f8495780-9c44-11ef-a9a5-0ea4c9222aa3\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"raw\":{\"arn\":\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-f8495780-9c44-11ef-a9a5-0ea4c9222aa3\",\"user_id\":\"AIDA2IBR2EZTFDHDVWO7U\",\"inline_policies\":[],\"name\":\"elasticagent-user-cspm-f8495780-9c44-11ef-a9a5-0ea4c9222aa3\",\"last_access\":\"N/A\",\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"password_enabled\":false,\"access_keys\":[{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2024-11-06T13:43:11Z\"},{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"}]},\"id\":[\"arn:aws:iam::704479110758:user/elasticagent-user-cspm-f8495780-9c44-11ef-a9a5-0ea4c9222aa3\",\"AIDA2IBR2EZTFDHDVWO7U\"],\"name\":\"elasticagent-user-cspm-f8495780-9c44-11ef-a9a5-0ea4c9222aa3\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"asset\":{\"tags\":null,\"raw\":{\"last_access\":\"2024-10-31T08:51:50Z\",\"password_last_changed\":\"2024-10-31T08:53:57Z\",\"password_enabled\":true,\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-10T16:37:00Z\",\"rotation_date\":\"2022-03-21T15:22:11Z\"},{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false}],\"inline_policies\":[],\"name\":\"evgeniy.belyi@elastic.co\",\"user_id\":\"AIDA2IBR2EZTDCW5W23N6\",\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonRoute53FullAccess\",\"PolicyName\":\"AmazonRoute53FullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMFullAccess\",\"PolicyName\":\"IAMFullAccess\"},{\"PolicyName\":\"IAMUserChangePassword\",\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\"},{\"PolicyName\":\"AmazonDynamoDBFullAccess\",\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/SNS-full-access\",\"PolicyName\":\"SNS-full-access\"}],\"arn\":\"arn:aws:iam::704479110758:user/evgeniy.belyi@elastic.co\",\"mfa_active\":false},\"id\":[\"arn:aws:iam::704479110758:user/evgeniy.belyi@elastic.co\",\"AIDA2IBR2EZTDCW5W23N6\"],\"name\":\"evgeniy.belyi@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/evgeniy.belyi@elastic.co\",\"AIDA2IBR2EZTDCW5W23N6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/evgeniy.belyi@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/evilTin\",\"AIDA2IBR2EZTF6C3PHB4C\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/evilTin\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"name\":\"evilTin\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"user_id\":\"AIDA2IBR2EZTF6C3PHB4C\",\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/evilTin\",\"password_enabled\":false,\"name\":\"evilTin\",\"password_last_changed\":\"N/A\",\"mfa_active\":false,\"access_keys\":[{\"last_access\":\"2024-11-06T19:27:00Z\",\"rotation_date\":\"2024-10-24T00:18:16Z\",\"active\":true,\"has_used\":true},{\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false,\"has_used\":false}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AdministratorAccess\",\"PolicyName\":\"AdministratorAccess\"}]},\"id\":[\"arn:aws:iam::704479110758:user/evilTin\",\"AIDA2IBR2EZTF6C3PHB4C\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/Eyal\",\"AIDA2IBR2EZTFTASNFOBX\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/Eyal\":{\"category\":\"identity\",\"type\":\"user\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"},\"asset\":{\"name\":\"Eyal\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"last_access\":\"2022-02-07T08:41:00Z\",\"rotation_date\":\"2022-02-07T08:34:11Z\",\"active\":true,\"has_used\":true},{\"last_access\":\"2024-10-10T13:13:00Z\",\"rotation_date\":\"2024-10-10T03:57:38Z\",\"active\":true,\"has_used\":true}],\"mfa_devices\":[{\"is_virtual\":true,\"EnableDate\":\"2020-08-13T11:12:40Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/Eyal\",\"UserName\":\"Eyal\"}],\"inline_policies\":[],\"arn\":\"arn:aws:iam::704479110758:user/Eyal\",\"password_enabled\":true,\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonRoute53FullAccess\",\"PolicyName\":\"AmazonRoute53FullAccess\"},{\"PolicyName\":\"IAMFullAccess\",\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"PolicyName\":\"AmazonDynamoDBFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/SNS-full-access\",\"PolicyName\":\"SNS-full-access\"}],\"name\":\"Eyal\",\"last_access\":\"2024-10-21T15:45:10Z\",\"password_last_changed\":\"2024-10-21T15:48:15Z\",\"mfa_active\":true,\"user_id\":\"AIDA2IBR2EZTFTASNFOBX\"},\"id\":[\"arn:aws:iam::704479110758:user/Eyal\",\"AIDA2IBR2EZTFTASNFOBX\"]}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/eyal.kraft@elastic.co\",\"AIDA2IBR2EZTC7TWGVK7Q\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/eyal.kraft@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"tags\":null,\"raw\":{\"access_keys\":[{\"rotation_date\":\"2022-08-02T14:50:14Z\",\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-19T10:07:00Z\"},{\"active\":true,\"has_used\":true,\"last_access\":\"2024-03-16T11:54:00Z\",\"rotation_date\":\"2024-03-06T20:59:16Z\"}],\"inline_policies\":[],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"PolicyName\":\"AmazonDynamoDBFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\",\"PolicyName\":\"IAM_ENABLE_MFA\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"PolicyName\":\"es-dev-readonly\"}],\"password_last_changed\":\"2024-03-06T16:47:56Z\",\"user_id\":\"AIDA2IBR2EZTC7TWGVK7Q\",\"mfa_devices\":[{\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/eyal.kraft@elastic.co\",\"UserName\":\"eyal.kraft@elastic.co\",\"is_virtual\":true,\"EnableDate\":\"2022-11-15T09:02:33Z\"}],\"name\":\"eyal.kraft@elastic.co\",\"last_access\":\"2024-03-06T16:45:49Z\",\"arn\":\"arn:aws:iam::704479110758:user/eyal.kraft@elastic.co\",\"mfa_active\":true,\"password_enabled\":true},\"id\":[\"arn:aws:iam::704479110758:user/eyal.kraft@elastic.co\",\"AIDA2IBR2EZTC7TWGVK7Q\"],\"name\":\"eyal.kraft@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/gh_ci_restricted\",\"AIDA2IBR2EZTOM5CTSCJQ\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/gh_ci_restricted\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[],\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/gh_ci_restricted\",\"password_last_changed\":\"N/A\",\"password_enabled\":false,\"user_id\":\"AIDA2IBR2EZTOM5CTSCJQ\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2024-11-19T10:54:00Z\",\"rotation_date\":\"2022-07-10T08:41:13Z\"},{\"active\":true,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"2024-11-10T07:41:32Z\"}],\"name\":\"gh_ci_restricted\",\"mfa_active\":false,\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/SecurityAudit\",\"PolicyName\":\"SecurityAudit\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/gi_s3\",\"PolicyName\":\"gi_s3\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/cloudtrail-logs-policy\",\"PolicyName\":\"cloudtrail-logs-policy\"}]},\"id\":[\"arn:aws:iam::704479110758:user/gh_ci_restricted\",\"AIDA2IBR2EZTOM5CTSCJQ\"],\"name\":\"gh_ci_restricted\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\"},\"cloud\":{\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\"},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.369+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/github-ci\",\"AIDA2IBR2EZTI2R56SGLI\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/github-ci\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"user_id\":\"AIDA2IBR2EZTI2R56SGLI\",\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2022-08-24T06:38:00Z\",\"rotation_date\":\"2022-05-22T10:59:33Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"name\":\"github-ci\",\"mfa_active\":false,\"password_enabled\":false,\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonECS_FullAccess\",\"PolicyName\":\"AmazonECS_FullAccess\"},{\"PolicyName\":\"AmazonS3FullAccess\",\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonS3FullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/ECR-eu-west-1-management\",\"PolicyName\":\"ECR-eu-west-1-management\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/EKS_ReadAccess\",\"PolicyName\":\"EKS_ReadAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/secrets_manager_read\",\"PolicyName\":\"secrets_manager_read\"}],\"last_access\":\"N/A\",\"arn\":\"arn:aws:iam::704479110758:user/github-ci\",\"password_last_changed\":\"N/A\"},\"id\":[\"arn:aws:iam::704479110758:user/github-ci\",\"AIDA2IBR2EZTI2R56SGLI\"],\"name\":\"github-ci\",\"category\":\"identity\"},\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.370+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"cloud\":{\"service\":{\"name\":\"AWS IAM\"},\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{}},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/iam-new-user-cspm-8-7-test\",\"AIDA2IBR2EZTASITL3CHF\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/iam-new-user-cspm-8-7-test\":{\"type\":\"user\",\"category\":\"identity\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:user/iam-new-user-cspm-8-7-test\",\"AIDA2IBR2EZTASITL3CHF\"],\"name\":\"iam-new-user-cspm-8-7-test\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"access_keys\":[{\"active\":true,\"has_used\":true,\"last_access\":\"2023-05-22T19:17:00Z\",\"rotation_date\":\"2023-05-02T14:20:01Z\"},{\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\",\"active\":false}],\"arn\":\"arn:aws:iam::704479110758:user/iam-new-user-cspm-8-7-test\",\"password_last_changed\":\"N/A\",\"password_enabled\":false,\"inline_policies\":[],\"attached_policies\":null,\"name\":\"iam-new-user-cspm-8-7-test\",\"last_access\":\"N/A\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTASITL3CHF\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.370+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"related.entity\":[\"arn:aws:iam::704479110758:user/ido.cohen@elastic.co\",\"AIDA2IBR2EZTNCPCUD4F4\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/ido.cohen@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"raw\":{\"last_access\":\"2023-08-22T08:18:51Z\",\"arn\":\"arn:aws:iam::704479110758:user/ido.cohen@elastic.co\",\"password_last_changed\":\"2023-06-05T13:32:49Z\",\"mfa_active\":false,\"user_id\":\"AIDA2IBR2EZTNCPCUD4F4\",\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"},{\"PolicyArn\":\"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess\",\"PolicyName\":\"AmazonDynamoDBFullAccess\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/IAM_ENABLE_MFA\",\"PolicyName\":\"IAM_ENABLE_MFA\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/Developers_eks\",\"PolicyName\":\"Developers_eks\"},{\"PolicyArn\":\"arn:aws:iam::704479110758:policy/es-dev-readonly\",\"PolicyName\":\"es-dev-readonly\"}],\"inline_policies\":[],\"name\":\"ido.cohen@elastic.co\",\"password_enabled\":true,\"access_keys\":[{\"rotation_date\":\"2022-08-14T15:46:43Z\",\"active\":true,\"has_used\":true,\"last_access\":\"2022-11-08T06:43:00Z\"},{\"active\":true,\"has_used\":true,\"last_access\":\"2023-09-27T13:05:00Z\",\"rotation_date\":\"2022-12-12T12:17:19Z\"}]},\"id\":[\"arn:aws:iam::704479110758:user/ido.cohen@elastic.co\",\"AIDA2IBR2EZTNCPCUD4F4\"],\"name\":\"ido.cohen@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\"},\"resource_policies\":[]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.370+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"ecs\":{\"version\":\"8.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/ido2@elastic.co\",\"AIDA2IBR2EZTFNGQFCBC6\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/ido2@elastic.co\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[],\"last_access\":\"2024-11-11T08:43:14Z\",\"arn\":\"arn:aws:iam::704479110758:user/ido2@elastic.co\",\"mfa_active\":false,\"access_keys\":[{\"rotation_date\":\"2024-06-24T13:16:14Z\",\"active\":true,\"has_used\":true,\"last_access\":\"2024-06-27T04:33:00Z\"},{\"active\":true,\"has_used\":true,\"last_access\":\"2024-10-30T13:49:00Z\",\"rotation_date\":\"2024-07-25T08:04:25Z\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\",\"PolicyName\":\"IAMUserChangePassword\"}],\"name\":\"ido2@elastic.co\",\"password_last_changed\":\"2024-11-10T12:50:02Z\",\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTFNGQFCBC6\"},\"id\":[\"arn:aws:iam::704479110758:user/ido2@elastic.co\",\"AIDA2IBR2EZTFNGQFCBC6\"],\"name\":\"ido2@elastic.co\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.370+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:user/Ido@build.security\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"id\":[\"arn:aws:iam::704479110758:user/Ido@build.security\",\"AIDA2IBR2EZTKOONJP7O2\"],\"name\":\"Ido@build.security\",\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTKOONJP7O2\",\"access_keys\":[{\"rotation_date\":\"2021-06-02T14:11:46Z\",\"active\":true,\"has_used\":true,\"last_access\":\"2022-02-13T11:55:00Z\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"inline_policies\":[],\"name\":\"Ido@build.security\",\"arn\":\"arn:aws:iam::704479110758:user/Ido@build.security\",\"mfa_active\":true,\"mfa_devices\":[{\"is_virtual\":true,\"EnableDate\":\"2021-07-20T15:17:41Z\",\"SerialNumber\":\"arn:aws:iam::704479110758:mfa/Ido@build.security\",\"UserName\":\"Ido@build.security\"}],\"attached_policies\":[{\"PolicyName\":\"IAMUserChangePassword\",\"PolicyArn\":\"arn:aws:iam::aws:policy/IAMUserChangePassword\"}],\"last_access\":\"2021-08-22T08:17:23Z\",\"password_last_changed\":\"2021-08-19T09:26:27Z\"}},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/Ido@build.security\",\"AIDA2IBR2EZTKOONJP7O2\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.370+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/isaia\",\"AIDA2IBR2EZTO52TLWTNR\"],\"entity.metadata\":{\"arn:aws:iam::704479110758:user/isaia\":{\"category\":\"identity\",\"type\":\"user\"}},\"asset\":{\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"inline_policies\":[],\"name\":\"isaia\",\"arn\":\"arn:aws:iam::704479110758:user/isaia\",\"password_last_changed\":\"2024-10-28T22:20:38Z\",\"mfa_active\":false,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTO52TLWTNR\",\"access_keys\":[{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":null,\"last_access\":\"2024-10-28T22:19:27Z\"},\"id\":[\"arn:aws:iam::704479110758:user/isaia\",\"AIDA2IBR2EZTO52TLWTNR\"],\"name\":\"isaia\",\"category\":\"identity\",\"sub_category\":\"digital-identity\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"id\":\"704479110758\",\"name\":\"elastic-security-cloud-security-dev\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\",\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\"}}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"} +{"log.level":"warn","@timestamp":"2024-11-19T16:09:25.370+0100","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":517},"message":"Cannot index event '{\"@timestamp\":\"2024-11-19T15:09:15.339Z\",\"entity.metadata\":{\"arn:aws:iam::704479110758:user/jamesspiteri\":{\"type\":\"user\",\"category\":\"identity\"}},\"asset\":{\"category\":\"identity\",\"sub_category\":\"digital-identity\",\"type\":\"user\",\"sub_type\":\"iam-user\",\"tags\":null,\"raw\":{\"last_access\":\"no_information\",\"arn\":\"arn:aws:iam::704479110758:user/jamesspiteri\",\"access_keys\":[{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"},{\"active\":false,\"has_used\":false,\"last_access\":\"N/A\",\"rotation_date\":\"N/A\"}],\"attached_policies\":[{\"PolicyArn\":\"arn:aws:iam::aws:policy/AdministratorAccess\",\"PolicyName\":\"AdministratorAccess\"}],\"name\":\"jamesspiteri\",\"password_last_changed\":\"2024-10-31T20:37:52Z\",\"mfa_active\":false,\"password_enabled\":true,\"user_id\":\"AIDA2IBR2EZTGBCBZNINM\",\"inline_policies\":[]},\"id\":[\"arn:aws:iam::704479110758:user/jamesspiteri\",\"AIDA2IBR2EZTGBCBZNINM\"],\"name\":\"jamesspiteri\"},\"cloud\":{\"provider\":\"aws\",\"region\":\"global\",\"account\":{\"name\":\"elastic-security-cloud-security-dev\",\"id\":\"704479110758\"},\"organization\":{},\"service\":{\"name\":\"AWS IAM\"}},\"ecs\":{\"version\":\"8.0.0\"},\"agent\":{\"id\":\"3f1bb32f-a6c2-45fb-8d07-f1f769593260\",\"name\":\"mac.home\",\"type\":\"cloudbeat\",\"version\":\"9.0.0\",\"ephemeral_id\":\"02a59bd5-364c-4cd6-8507-b289a6dc9469\"},\"resource_policies\":[],\"related.entity\":[\"arn:aws:iam::704479110758:user/jamesspiteri\",\"AIDA2IBR2EZTGBCBZNINM\"]}\n' (status=400): {\"type\":\"script_exception\",\"reason\":\"runtime error\",\"script_stack\":[\"id = ctx.entity.id;\\n \",\" ^---- HERE\"],\"script\":\" ...\",\"lang\":\"painless\",\"position\":{\"offset\":62,\"start\":47,\"end\":79},\"caused_by\":{\"type\":\"null_pointer_exception\",\"reason\":\"cannot access method/field [id] from a null def reference\"}}, dropping event!","service.name":"cloudbeat","log.type":"event","ecs.version":"1.6.0"}